GithubHelp home page GithubHelp logo

msiebuhr / cert-manager-webhook-pdns Goto Github PK

View Code? Open in Web Editor NEW

This project forked from zachomedia/cert-manager-webhook-pdns

0.0 0.0 0.0 153 KB

A PowerDNS webhook for cert-manager

License: MIT License

Shell 11.13% Go 67.23% Makefile 7.63% Dockerfile 1.92% Mustache 12.09%

cert-manager-webhook-pdns's Introduction

PowerDNS cert-manager ACME webhook

Installing

To install with helm, run:

$ helm repo add cert-manager-webhook-pdns https://zachomedia.github.io/cert-manager-webhook-pdns
$ helm install cert-manager-webhook-pdns cert-manager-webhook-pdns/cert-manager-webhook-pdns

Without helm, run:

$ make rendered-manifest.yaml
$ kubectl apply -f _out/rendered-manifest.yaml

Issuer/ClusterIssuer

An example issuer:

apiVersion: v1
kind: Secret
metadata:
  name: pdns-api-key
type: Opaque
data:
  key: APIKEY_BASE64
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    email: [email protected]
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-staging-account-key
    solvers:
      - dns01:
          webhook:
            groupName: acme.zacharyseguin.ca
            solverName: pdns
            config:
              # Base URL of the PowerDNS server.
              host: https://ns1.example.ca

              # Reference to the Kubernetes secret containing the API key.
              apiKeySecretRef:
                name: pdns-api-key
                key: key

              ###
              ### OPTIONAL
              ###

              # Server ID for the PowerDNS API.
              # When unset, defaults to "localhost".
              #
              # This should generally be left unset, and used
              # only if you have a proxy in front of the PowerDNS API
              # that requires a different value.
              serverID: localhost

              # Request headers when connecting to the PowerDNS API.
              # The following headers are set by default, but can be overriden:
              #   X-API-Key
              #   Content-Type
              headers:
                key: value

              # CA bundle for TLS connections
              # When unset, the default system certificate store is used.
              caBundle: BASE64_ENCODED_CA_BUNDLE

              # TTL for DNS records
              # (in seconds)
              ttl: 120

              # Timeout for requests to the PDNS api server
              # (in seconds)
              timeout: 30

              # If the server is only allowed to edit certain zones; the
              # default is an empty list, allowing everything.
              # *IMPORTANT*: Remember the trailing dot to make the zone-name
              # fully qualified.
              allowed-zones:
                - example.com.
                - example.org.
                - example.net.

And then you can issue a cert:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: test-example-ca
  namespace: default
spec:
  secretName: example-com-tls
  dnsNames:
  - example.ca
  - www.example.ca
  issuerRef:
    name: letsencrypt-staging
    kind: Issuer
    group: cert-manager.io

Development

Running the test suite

You can run the test suite with:

  1. make setup
  2. make test

This requires openssl, docker and docker-compose to be installed.

cert-manager-webhook-pdns's People

Contributors

federicoheichou avatar iceman91176 avatar jocelynthode avatar msiebuhr avatar redsk avatar zachomedia avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.