This service can be installed side by side with cert manager and can be used to handle dns-01 challeneges provided by cert manager. All documentation on how to configure dns-01 chalanges can be found at cert-manager.io
The version compatibility I have tested for can be seen below:
| cert-manager version | simply-dns-webhook version |
|---|---|
1.9.x |
1.0.x |
1.10.x |
1.1.x |
1.11.x |
1.2.x |
1.12.x |
1.3.x |
1.13.x |
1.4.x |
1.14.x |
1.5.x |
1.15.x |
1.6.x |
The folowing architectures are supported by 1.14.x and newer: linux/amd64, linux/arm64, linux/arm, linux/arm/v6, linux/386
Add repo:
helm repo add simply-dns-webhook https://runnerm.github.io/simply-dns-webhook/Then:
helm install my-simply-dns-webhook simply-dns-webhook/simply-dns-webhook --version <version> dependencies:
- name: simply-dns-webhook
version: <version>
repository: https://runnerm.github.io/simply-dns-webhook/
alias: simply-dns-webhookCredentials secret: You have to create the secret containing your simply.com api credential on your own, and it's name has to match with the secret ref name provided in the config of the cert-manager issuer/cluster issuer.
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-nginx
spec:
acme:
email: <your_acme_email>
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-nginx-private-key
solvers:
- dns01:
webhook:
groupName: com.github.runnerm.cert-manager-simply-webhook
solverName: simply-dns-solver
config:
secretName: simply-credentials # notice the name
selector:
dnsZones:
- '<your_domain>'Credentials in config: You may choose to use the webhook configuration directly as shown below. (use it at your own risk)
- secretName: simply-credentials # notice the name
+ accountName: "<account-name>"
+ apiKey: "<api-key>" apiVersion: v1
kind: Secret
data:
account-name: <your_account_name>
api-key: <your_api_key>
metadata:
name: simply-credentials # notice the name
namespace: <namespace-where-cert-manager-is-installed>
type: OpaqueYou may override values with your own values if you choose to install cert-manager in custom namespace as follows (this is necessary for proper functioning):
simply-dns-webhook:
certManager:
namespace: <cert-manager-namespace>
serviceAccountName: <cert-manager-namespace>I leave the choice of the resource constraints to you since you know what you run the service on. ;)
simply-dns-webhook:
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128MiYou may choose to elevate level logging to debug by setting the following values:
simply-dns-webhook:
logLevel: DEBUGDebug level gives you a bit more context when debugging your setup. Default log level is INFO.
Update the config or the simply-credentials secret with your API credentials and run:
$ TEST_ZONE_NAME=example.com. make testThe following table lists the configurable parameters of the simply-dns-webhook chart, and their default values.
| Parameter | Description | Default |
|---|---|---|
groupName |
Group name for the webhook | com.github.runnerm.cert-manager-simply-webhook |
debugLevel |
Logging level | INFO |
certManager.namespace |
cert-manager namespace | cert-manager |
certManager.serviceAccountName |
cert-manager service account name | cert-manager |
image.repository |
Docker image repository | deyaeddin/cert-manager-webhook-hetzner |
image.tag |
Docker image tag | v1.4.0 |
image.pullPolicy |
Docker image pull policy | IfNotPresent |
nameOverride |
Name override for the chart | "" |
fullnameOverride |
Full name override for the chart | "" |
service.type |
Service type | ClusterIP |
service.port |
Service port | 443 |
resources |
Pod resources | Check values.yaml file |
nodeSelector |
Node selector | nil |
tolerations |
Node toleration | nil |
affinity |
Node affinity | nil |