Coder Social home page Coder Social logo

ulthuan / cert-manager-webhook-ovh Goto Github PK

View Code? Open in Web Editor NEW

This project forked from baarde/cert-manager-webhook-ovh

0.0 0.0 0.0 72 KB

OVH Webhook for Cert Manager

License: Apache License 2.0

Dockerfile 3.26% Makefile 3.59% Go 77.39% Shell 4.03% HTML 11.73%

cert-manager-webhook-ovh's Introduction

OVH Webhook for Cert Manager

This is a webhook solver for OVH.

Prerequisites

Installation

Choose a unique group name to identify your company or organization (for example acme.mycompany.example).

helm install ./deploy/cert-manager-webhook-ovh \
 --set groupName='<YOUR_UNIQUE_GROUP_NAME>'

If you customized the installation of cert-manager, you may need to also set the certManager.namespace and certManager.serviceAccountName values.

Issuer

  1. Create a new OVH API key with the following rights:

    • GET /domain/zone/*
    • PUT /domain/zone/*
    • POST /domain/zone/*
    • DELETE /domain/zone/*

  2. Create a secret to store your application secret:

    kubectl create secret generic ovh-credentials \
  --from-literal=applicationSecret='<OVH_APPLICATION_SECRET>'

  3. Grant permission to get the secret to the cert-manager-webhook-ovh service account:

    apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: cert-manager-webhook-ovh:secret-reader
rules:
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["ovh-credentials"]
  verbs: ["get", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: cert-manager-webhook-ovh:secret-reader
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: cert-manager-webhook-ovh:secret-reader
subjects:
- apiGroup: ""
  kind: ServiceAccount
  name: cert-manager-webhook-ovh

  4. Create a certificate issuer:

    apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: '<YOUR_EMAIL_ADDRESS>'
    privateKeySecretRef:
      name: letsencrypt-account-key
    solvers:
    - dns01:
        webhook:
          groupName: '<YOUR_UNIQUE_GROUP_NAME>'
          solverName: ovh
          config:
            endpoint: ovh-eu
            applicationKey: '<OVH_APPLICATION_KEY>'
            applicationSecretRef:
              key: applicationSecret
              name: ovh-credentials
            consumerKey: '<OVH_CONSUMER_KEY>'

Certificate

Issue a certificate:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: example-com
spec:
  dnsNames:
  - example.com
  - *.example.com
  issuerRef:
    name: letsencrypt
  secretName: example-com-tls

Development

All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.

It is essential that you configure and run the test suite when creating a DNS01 webhook.

An example Go test file has been provided in main_test.go.

Before you can run the test suite, you need to download the test binaries:

./scripts/fetch-test-binaries.sh

Then duplicate the .sample files in testdata/ovh/ and update the configuration with the appropriate OVH credentials.

Now you can run the test suite with:

TEST_ZONE_NAME=example.com. go test .

cert-manager-webhook-ovh's People

Contributors

baarde avatar diaphteiros avatar munnerz avatar ulthuan avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.