k8s-dns-manager Webhook for Cert Manager
-
cert-manager version 0.11.0 or higher (tested with 0.12.0):
-
k8s-dns-manager installed and configured
- Clone this repository:
$ git clone https://github.com/linka-cloud/cert-manager-webhook-k8s-dns-manager.git && \ cd cert-manager-webhook-k8s-dns-manager
- Run:
$ helm install cert-manager-webhook-k8s-dns ./deploy/cert-manager-webhook-k8s-dns
kubectl apply -f https://raw.githubusercontent.com/linka-cloud/cert-manager-webhook-k8s-dns-manager/main/deploy/manifests.yamlHere is an example using the Let's Encrypt staging environment.
To go to the production environment, replace https://acme-staging-v02.api.letsencrypt.org/directory with
https://acme-v02.api.letsencrypt.org/directory
-
Create a certificate issuer:
apiVersion: cert-manager.io/v1alpha2 kind: Issuer # or ClusterIssuer to have it available in every namespaces metadata: name: letsencrypt spec: acme: server: https://acme-staging-v02.api.letsencrypt.org/directory email: '<YOUR_EMAIL_ADDRESS>' privateKeySecretRef: name: letsencrypt-account-key solvers: - dns01: webhook: groupName: acme.dns.linka.cloud solverName: k8s-dns config: namespace: cert-manager
-
Issue a certificate:
apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: example-com spec: dnsNames: - example.com - *.example.com issuerRef: name: letsencrypt secretName: example-com-tls
All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.
The tests require Docker to be installed on the local machine, and Kind, which is downloaded when the tests are launched.
You can run the test suite with:
$ make verifyThe tests may fail at the first run, but should pass the next time.