cert-manager-webhook-sotoon

command module

v0.1.0 Latest Latest Go to latest Published: Feb 18, 2021 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aliorouji/cert-manager-webhook-sotoon

Links

Open Source Insights

README ¶

SOTOON Webhook for Cert Manager

This is a webhook solver for Sotoon Cloud.

Prerequisites

cert-manager version 0.11.0 or higher (tested with 0.12.0):
- Installing on Kubernetes

Installation

Choose a unique group name to identify your company or organization (for example acme.mycompany.example).

helm install ./deploy/cert-manager-webhook-sotoon \
 --set groupName='<YOUR_UNIQUE_GROUP_NAME>'

If you customized the installation of cert-manager, you may need to also set the certManager.namespace and certManager.serviceAccountName values.

Issuer

Get your API token from Sotoon Panel. The user whose api token is used must have dns-editor role:

Create a secret to store your api token secret:

kubectl create secret generic sotoon-credentials \
  --from-literal=apiToken='<SOTOON_API_TOKEN>'

Grant permission to get the secret to the cert-manager-webhook-sotoon service account:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: cert-manager-webhook-sotoon:secret-reader
rules:
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["sotoon-credentials"]
  verbs: ["get", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: cert-manager-webhook-sotoon:secret-reader
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: cert-manager-webhook-sotoon:secret-reader
subjects:
- apiGroup: ""
  kind: ServiceAccount
  name: cert-manager-webhook-sotoon

Create a certificate issuer:

apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: '<YOUR_EMAIL_ADDRESS>'
    privateKeySecretRef:
      name: letsencrypt-account-key
    solvers:
    - dns01:
        webhook:
          groupName: '<YOUR_UNIQUE_GROUP_NAME>'
          solverName: sotoon
          config:
            endpoint: https://api.sotoon.ir
            namespace: <SOTOON_NAMESPACE_OF_YOURS>
            apiTokenSecretRef:
              name: sotoon-credentials
              key: apiToken

Certificate

Issue a certificate:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: example-com
spec:
  dnsNames:
  - example.com
  - *.example.com
  issuerRef:
    name: letsencrypt
  secretName: example-com-tls

Development

All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.

It is essential that you configure and run the test suite when creating a DNS01 webhook.

An example Go test file has been provided in main_test.go.

Before you can run the test suite, you need to download the test binaries:

./scripts/fetch-test-binaries.sh

Then duplicate the .sample files in testdata/sotoon/ and update the configuration with the appropriate SOTOON credentials.

Now you can run the test suite with:

TEST_ZONE_NAME=example.com. go test -v .

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
api
v1beta1

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL