Skip to content

gaia-charge/cert-manager-webhook-scaleway

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cert-manager Webhook for Scaleway DNS

cert-manager Webhook for Scaleway DNS is a ACME webhook for cert-manager allowing users to use Scaleway DNS for DNS01 challenge.

Getting started

Prerequisites

Installing

Once everything is set up, you can now install the Scaleway Webhook:

  • Clone this repository:
git clone https://github.com/scaleway/cert-manager-webhook-scaleway.git
  • Run:
helm install scaleway-webhook deploy/scaleway-webhook
  • Alternatively, you can install the webhook with default credentials with:
helm install scaleway-webhook deploy/scaleway-webhook --set secret.accessKey=<YOUR-ACCESS-KEY> --set secret.secretKey=<YOUR-SECRET_KEY>

The Scaleway Webhook is now installed! 🎉

How to use it

Note: It uses the cert-manager webhook system. Everything after the issuer is configured is just cert-manager. You can find out more in their documentation.

Now that the webhook is installed, here is how to use it. Let's say you need a certificate for example.com (should be registered in Scaleway DNS).

First step is to create a secret containing the Scaleway Access and Secret keys. Create the scaleway-secret.yaml file with the following content: (Only needed if you don't have default credentials as seen above).

apiVersion: v1
stringData:
  SCW_ACCESS_KEY: <YOUR-SCALEWAY-ACCESS-KEY>
  SCW_SECRET_KEY: <YOUR-SCALEWAY-SECRET-KEY>
kind: Secret
metadata:
  name: scaleway-secret
type: Opaque

And run:

kubectl create -f scaleway-secret.yaml

Next step is to create a cert-manager Issuer. Create a issuer.yaml file with the following content:

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: my-scaleway-issuer
spec:
  acme:
    email: my-user@example.com
    # this is the acme staging URL
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    # for production use this URL instead
    # server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: my-scaleway-private-key-secret
    solvers:
    - dns01:
        webhook:
          groupName: acme.scaleway.com
          solverName: scaleway
          config:
            # Only needed if you don't have default credentials as seen above.
            accessKeySecretRef:
              key: SCW_ACCESS_KEY
              name: scaleway-secret
            secretKeySecretRef:
              key: SCW_SECRET_KEY
              name: scaleway-secret

And run:

kubectl create -f issuer.yaml

Finally, you can now create the Certificate object for example.com. Create a certificate.yaml file with the following content:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: example-com
spec:
  dnsNames:
  - example.com
  issuerRef:
    name: my-scaleway-issuer
  secretName: example-com-tls

And run:

kubectl create -f certificate.yaml

After some seconds, you should see the certificate as ready:

$ kubectl get certificate example-com
NAME          READY   SECRET            AGE
example-com   True    example-com-tls   1m12s

Your certificate is now available in the example-com-tls secret!

Integration testing

Before running the test, you need:

  • A valid domain on Scaleway DNS (here example.com)
  • The variables SCW_ACCESS_KEY and SCW_SECRET_KEY valid and in the environment

In order to run the integration tests, run:

TEST_ZONE_NAME=example.com make test

About

A Scaleway DNS ACME webhook for cert-manager

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 78.4%
  • Mustache 9.4%
  • Makefile 8.3%
  • Dockerfile 3.9%