JustScreaMy/cert-manager-webhook-porkbun
1
0
Fork 0
forked from KropCloud/cert-manager-webhook-example
Code Pull requests Activity
A cert-manager sample repository for creating an ACME DNS01 solver webhook
42 commits 1 branch 0 tags 11 MiB
Go 78%
Makefile 10.4%
Smarty 9.3%
Dockerfile 2.3%
Find a file
Marko Vukovic 6a1a4b9526 Enable test execution on arm64 
Kubebuilder tools version 1.21.2 previously used does not work on arm64
(specifically Raspberry PI). Interestingly, the latest (as of the time
of this commit) version 1.24.2 does not work either. An error message
like this causes the test to fail:

apiserver.go:43: failed to start control plane: unable to start control plane itself: failed to start the controlplane. retried 5 times: timeout waiting for process kube-apiserver to start

However, with 1.24.1 the test "mostly" passes, although it may
occasionally fail. It might be that Raspberry PI is too slow and
something times out.

Signed-off-by: Marko Vukovic <anonsoftware@gmail.com>
2022-07-28 10:03:12 -07:00
deploy/example-webhook Update dependencies and prepare for testing 2021-02-22 15:10:52 +00:00
example cert-manager v1.8.2 2022-07-28 10:03:12 -07:00
testdata/my-custom-solver Initial commit 2019-04-15 15:23:59 +01:00
.gitignore update version and fix 2022-02-08 10:24:16 +02:00
Dockerfile cert-manager v1.8.2 2022-07-28 10:03:12 -07:00
go.mod cert-manager v1.8.2 2022-07-28 10:03:12 -07:00
go.sum cert-manager v1.8.2 2022-07-28 10:03:12 -07:00
LICENSE Initial commit 2019-04-15 15:23:59 +01:00
main.go cert-manager v1.8.2 2022-07-28 10:03:12 -07:00
main_test.go cert-manager v1.8.2 2022-07-28 10:03:12 -07:00
Makefile Enable test execution on arm64 2022-07-28 10:03:12 -07:00
OWNERS Add OWNERS file 2021-02-23 17:26:29 +00:00
README.md update to small logo 2022-05-31 16:37:22 +01:00

README.md

cert-manager project logo

ACME webhook example

The ACME issuer type supports an optional 'webhook' solver, which can be used to implement custom DNS01 challenge solving logic.

This is useful if you need to use cert-manager with a DNS provider that is not officially supported in cert-manager core.

Why not in core?

As the project & adoption has grown, there has been an influx of DNS provider pull requests to our core codebase. As this number has grown, the test matrix has become un-maintainable and so, it's not possible for us to certify that providers work to a sufficient level.

By creating this 'interface' between cert-manager and DNS providers, we allow users to quickly iterate and test out new integrations, and then packaging those up themselves as 'extensions' to cert-manager.

We can also then provide a standardised 'testing framework', or set of conformance tests, which allow us to validate the a DNS provider works as expected.

Creating your own webhook

Webhook's themselves are deployed as Kubernetes API services, in order to allow administrators to restrict access to webhooks with Kubernetes RBAC.

This is important, as otherwise it'd be possible for anyone with access to your webhook to complete ACME challenge validations and obtain certificates.

To make the set up of these webhook's easier, we provide a template repository that can be used to get started quickly.

Creating your own repository

Running the test suite

All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.

It is essential that you configure and run the test suite when creating a DNS01 webhook.

An example Go test file has been provided in main_test.go.

You can run the test suite with:

$ TEST_ZONE_NAME=example.com. make test

The example file has a number of areas you must fill in and replace with your own options in order for tests to pass.