Newer
Older
see: https://cert-manager.io/docs/configuration/acme/dns01/webhook/
see: https://cert-manager.io/docs/installation/kubernetes/
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
install helm chart
`helm install cert-manager-webhook-ionos ./deploy/cert-manager-webhook-ionos -ncert-manager`
add secret
```
apiVersion: v1
stringData:
IONOS_PUBLIC_PREFIX: <your-public-key>
IONOS_SECRET: <your-private-key>
kind: Secret
metadata:
name: ionos-secret
namespace: cert-manager
type: Opaque
```
add staging issuer
```
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-ionos-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: <your-email>
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-ionos-staging-key
# Enable the dns01 challenge provider
solvers:
- dns01:
webhook:
groupName: acme.fabmade.de
solverName: cert-manager-webhook-ionos
config:
apiUrl: https://api.hosting.ionos.com/dns/v1
publicKeySecretRef:
key: IONOS_PUBLIC_PREFIX
name: ionos-secrets
secretKeySecretRef:
key: IONOS_SECRET
name: ionos-secrets
```
add prod issuer
```
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-ionos-prodspec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: <your-email-address>
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-ionos-prod
# Enable the dns01 challenge provider
solvers:
- dns01:
webhook:
groupName: acme.fabmade.de
solverName: cert-manager-webhook-ionos
config:
apiUrl: https://api.hosting.ionos.com/dns/v1
publicKeySecretRef:
key: IONOS_PUBLIC_PREFIX
name: ionos-secrets
secretKeySecretRef:
key: IONOS_SECRET
name: ionos-secrets
```
add ingress or certificate
```
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/issuer: letsencrypt-ionos-staging
name: example-wildcard-ingress
spec:
rules:
- host: '*.example.com'
http:
paths:
- backend:
service:
name: mybackend
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- '*.example.com'
secretName: example-ionos-tls-prod
```
### Running the test suite
All DNS providers **must** run the DNS01 provider conformance testing suite,
else they will have undetermined behaviour when used with cert-manager.
**It is essential that you configure and run the test suite when creating a
DNS01 webhook.**
An example Go test file has been provided in [main_test.go](https://github.com/jetstack/cert-manager-webhook-example/blob/master/main_test.go).
You can run the test suite with:
```bash
$ TEST_ZONE_NAME=example.com. make test
```
The example file has a number of areas you must fill in and replace with your
own options in order for tests to pass.