Cert-manager ACME DNS webhook provider for Selectel.
To install with helm, run:
$ git clone https://github.com/selectel/cert-manager-webhook-selectel.git
$ cd cert-manager-webhook-selectel/deploy/cert-manager-webhook-selectel
$ helm install --name cert-manager-webhook-selectel . --set groupName acme.selectel.ruWithout helm, run:
$ make rendered-manifest.yaml
$ kubectl apply -f _out/rendered-manifest.yamlAn example issuer:
apiVersion: v1
kind: Secret
metadata:
name: selectel-api-key
type: Opaque
stringData:
key: APITOKEN_FROM_MY_SELECTEL_RU
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-staging
namespace: default
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: [email protected]
privateKeySecretRef:
name: letsencrypt-staging-account-key
solvers:
- dns01:
webhook:
groupName: acme.selectel.ru
solverName: selectel
config:
apiKeySecretRef:
name: selectel-api-key
key: token
# Optional config, shown with default values
# all times in seconds
ttl: 120
timeout: 30
propagationTimeout: 120
pollingInterval: 2And then you can issue a cert:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: sel-letsencrypt-crt
namespace: default
spec:
secretName: example-com-tls
commonName: example.com
issuerRef:
name: letsencrypt-staging
kind: Issuer
dnsNames:
- example.com
- www.example.comYou can run the test suite with:
- Go to
https://my.selectel.ru/profile/apikeys, get one or create new api token - Fill in the appropriate values in
testdata/selectel/apikey.ymlandtestdata/selectel/config.json
$ ./scripts/fetch-test-binaries.sh
$ TEST_ZONE_NAME=example.com. go test .