stackit-cert-manager-webhook

module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 28, 2023 License: Apache-2.0

README

STACKIT Webhook Integration for Cert Manager

GoTemplate Go Helm Kubernetes Cert Manager Releases CI Semgrep Go Report Card

Facilitate a webhook integration for leveraging the STACKIT DNS alongside its API to act as a DNS01 ACME Issuer with cert-manager.

Installation

helm install stackit-cert-manager-webhook \
  --namespace cert-manager \
  https://github.com/stackitcloud/stackit-cert-manager-webhook/releases/download/v0.1.0/stackit-cert-manager-webhook-v0.1.0.tgz

Usage

  1. Initiation of STACKIT Authentication Token Secret:

    kubectl create secret generic stackit-cert-manager-webhook \
  --namespace=cert-manager \
  --from-literal=auth-token=<STACKIT AUTH TOKEN>

  2. Configuration of ClusterIssuer/Issuer:
    For scenarios wherein zones and record sets are encapsulated within a singular project, utilize a ClusterIssuer:

    apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: example@example.com # Replace this with your email address
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - dns01:
      webhook:
        solverName: stackit
        groupName: stackit.de
        config:
          projectId: <STACKIT PROJECT ID>

    For diverse project architectures where zones are spread across varying projects, necessitating distinct authentication tokens per project, the Issuer configuration becomes pertinent. This approach inherently tethers namespaces to individual projects.

    kubectl create secret generic stackit-cert-manager-webhook \
  --namespace=default \
  --from-literal=auth-token=<STACKIT AUTH TOKEN>

    apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-prod
  namespace: default
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: example@example.com # Replace this with your email address
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - dns01:
      webhook:
        solverName: stackit
        groupName: stackit.de
        config:
          projectId: <STACKIT PROJECT ID>
          authTokenSecretNamespace: default

    Note: Ensure the creation of an authentication token secret within the namespace linked to the issuer. The secret must be vested with permissions to access zones in the stipulated project configuration.

Test Procedures

  • Unit Testing:

    make test

  • Unit Testing with Coverage Analysis:

    make coverage

  • Linting:

    make lint

  • End-to-End Testing Workflow:
    Follow the comprehensive guide available here.

Directories

Path Synopsis
cmd
webhook command
internal
repository
repository/mock
Package mock_repository is a generated GoMock package.
 Package mock_repository is a generated GoMock package.
resolver
resolver/mock
Package mock_resolver is a generated GoMock package.
 Package mock_resolver is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.