Skip to content

DEVmachine-fr/cert-manager-alidns-webhook

BranchesTags

Repository files navigation

Alibaba Cloud DNS ACME webhook

This project is based on code initialy commited in https://github.com/go-acme/lego

This is an webhook implementation for Cert-Manager to use with Alibaba Cloud DNS (aka AliDNS). See the cert-manager's documentation for more details on webhook : https://cert-manager.io/docs/concepts/webhook/

Usage

Installation

helm repo add cert-manager-alidns-webhook https://devmachine-fr.github.io/cert-manager-alidns-webhook helm repo update helm install alidns-webhook cert-manager-alidns-webhook/alidns-webhook

Create the secret holding alibaba credential, access-token need input AccessKeyId, secret-key need input AccessKeySecret:

kubectl create secret generic alidns-secrets --from-literal="access-token=yourtoken" --from-literal="secret-key=yoursecretkey"

Create an issuer

The name of solver to use is alidns-solver. You can create an issuer as below :

apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: letsencrypt namespace: default spec: acme: email: contact@example.com privateKeySecretRef: name: letsencrypt server: https://acme-staging-v02.api.letsencrypt.org/directory solvers: - dns01: webhook: config: accessTokenSecretRef: key: access-token name: alidns-secrets regionId: cn-beijing secretKeySecretRef: key: secret-key name: alidns-secrets groupName: example.com solverName: alidns-solver selector: dnsNames: - example.com - '*.example.com'

Or you can create an ClusterIssuer as below :

apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt spec: acme: email: contact@example.com server: https://acme-staging-v02.api.letsencrypt.org/directory privateKeySecretRef: name: letsencrypt solvers: - dns01: webhook: config: accessTokenSecretRef: key: access-token name: alidns-secrets regionId: cn-beijing secretKeySecretRef: key: secret-key name: alidns-secrets groupName: example.com # groupName must match the one configured on webhook deployment (see Helm chart's values) ! solverName: alidns-solver

See cert-manager documentation for more information : https://cert-manager.io/docs/configuration/acme/dns01/

Create the certification

Then create the certificate which will use this issuer : https://cert-manager.io/docs/usage/certificate/

Create an certification using Issuer as below :

apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: example-tls spec: secretName: example-com-tls commonName: example.com dnsNames: - example.com - "*.example.com" issuerRef: name: letsencrypt kind: Issuer

Or create an certification using ClusterIssuer as below :

apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: example-tls spec: secretName: example-com-tls commonName: example.com dnsNames: - example.com - "*.example.com" issuerRef: name: letsencrypt kind: ClusterIssuer

Tests

Modify testdata/alidns-solver to add a valid token for alidns.

# replace example.com with a zone which belongs to given credentials TEST_ASSET_ETCD=kubebuilder/bin/etcd TEST_ASSET_KUBE_APISERVER=kubebuilder/bin/kube-apiserver TEST_ASSET_KUBECTL=kubebuilder/bin/kubectl TEST_ZONE_NAME=example.com. make test .

Build

Build and publish the docker image:

docker build . -t <your registry>/alidns-webhook:latest docker push <your registry>/alidns-webhook

Use the helm chart in charts directory.

helm template charts --set image.repository=<your registry> --set image.tag=latest

About

Cert-manager webhook to generate Let's Encrypt certificates over Alibaba Cloud DNS.

Topics

letsencrypt certificate alidns aliyun cert-manager cert-manager-webhook

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

144 stars

Watchers

1 watching

Forks

43 forks
Report repository

Releases 13

alidns-webhook-0.8.3 Latest
Mar 14, 2025
+ 12 releases

Packages

 
 
 

Contributors 9

Languages