diff --git a/Makefile b/Makefile index 9059f55..23a0b1e 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ ARCH ?= $(shell go env GOARCH) PROVIDER := "variomedia" IMAGE_NAME := "${REGISTRY}cert-manager-webhook-${PROVIDER}" -IMAGE_TAG := "2.0.0" +IMAGE_TAG := "v2.0.1" OUT := $(shell pwd)/_out @@ -40,6 +40,6 @@ push: build rendered-manifest.yaml: helm template \ --name cert-manager-webhook-${PROVIDER} \ - --set image.repository=$(IMAGE_NAME) \ - --set image.tag=$(IMAGE_TAG) \ - deploy/cert-manager-webhook-${PROVIDER} > "$(OUT)/rendered-manifest.yaml" + --set image.repository=$(IMAGE_NAME) \ + --set image.tag=$(IMAGE_TAG) \ + deploy/cert-manager-webhook-${PROVIDER} > "$(OUT)/rendered-manifest.yaml" diff --git a/README.md b/README.md index 1c6b463..2a51709 100644 --- a/README.md +++ b/README.md @@ -47,13 +47,15 @@ This is important, as otherwise it'd be possible for anyone with access to your webhook to complete ACME challenge validations and obtain certificates. The Variomedia AG webhook implementation is based on the example webhook provided -by the cert-manager project (https://github.com/cert-manager/webhook-example). +by the cert-manager project (https://github.com/cert-manager/webhook-example). Also, +inspiration was taken from an implementation for the old Variomedia "provider API", +which can be found at https://github.com/jheyduk/cert-manager-webhook-variomedia. ### Using your own repository -The GitHub version of the Variomedia webhook implementation is focussed on providing +The GitHub version of the Variomedia webhook implementation is currently focussed on providing an implementation in a decentral container registry, i.e. "Harbor". The Docker image -is currently *not* published on docker.io. +is currently *not* published on docker.io. This may change at a later time. #### Running the test suite @@ -79,7 +81,7 @@ you can build and upload your local copy of the software using the following com $ export REGISTRY='your.registry.company.com/yourproject' $ docker login $REGISTRY -# push the resulting image to your repository +# build and push the resulting image to your repository # will invoke via dependencies test -> build -> push $ TEST_ZONE_NAME=example.com. make push ``` @@ -88,9 +90,13 @@ $ TEST_ZONE_NAME=example.com. make push We have provided a Helm chart to ease the installation of the Variomedia webhook. +When specifying the groupName parameter, make sure to use a name in your cluster's domain. +If you set that differently from "cluster.local", you'll need to use the proper domain suffix +both as a Helm value and when creating the (Cluster)Issuer (see below). + ## Configuration -In addition to installing the webhook, you will also need to configure the according webhook and +In addition to installing the webhook, you will also need to configure it and create at least one cert-manager Issuer. Configuration of the webhook consists in providing the according secrets for each DNS domain you @@ -123,7 +129,7 @@ $ kubectl apply -f - << EOF solvers: - dns01: webhook: - groupName: acme.cert-manager-webhook-variomedia.local + groupName: cert-manager-webhook-variomedia.cluster.local solverName: variomedia-APIv2019 config: example.com: variomedia-credentials-01 @@ -132,6 +138,9 @@ $ kubectl apply -f - << EOF EOF ``` +Although three domains were covered in above example, typically you'll have only a single domain to configure - you then can +omit creating "secret/variomedia-credentials-02" and will have to specify only a single entry in "...:webhook:config". + Variomedia AG published a page describing how to obtain the according API key (the page is in German only), basically stating that you can contact their support to have a key issued: https://www.variomedia.de/faq/Wie-bekomme-ich-einen-API-Token/article/326 diff --git a/go.mod b/go.mod index 4db30fb..e63b9e5 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,9 @@ require ( github.com/miekg/dns v1.1.34 github.com/stretchr/testify v1.7.0 k8s.io/apiextensions-apiserver v0.23.1 + k8s.io/apimachinery v0.23.1 k8s.io/client-go v0.23.1 + k8s.io/klog/v2 v2.30.0 ) require ( @@ -88,10 +90,8 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect k8s.io/api v0.23.1 // indirect - k8s.io/apimachinery v0.23.1 // indirect k8s.io/apiserver v0.23.1 // indirect k8s.io/component-base v0.23.1 // indirect - k8s.io/klog/v2 v2.30.0 // indirect k8s.io/kube-aggregator v0.23.1 // indirect k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b // indirect diff --git a/go.sum b/go.sum index 51d9de6..cdd24fb 100644 --- a/go.sum +++ b/go.sum @@ -38,7 +38,6 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/azure-sdk-for-go v56.2.0+incompatible h1:2GrG1JkTSMqLquy1pqVsjeRJhNtZLjss2+rx8ogZXx4= github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= diff --git a/helm/cert-manager-webhook-variomedia/Chart.yaml b/helm/cert-manager-webhook-variomedia/Chart.yaml index 06ad8bd..e7054d3 100644 --- a/helm/cert-manager-webhook-variomedia/Chart.yaml +++ b/helm/cert-manager-webhook-variomedia/Chart.yaml @@ -15,11 +15,11 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.9.1 +version: 0.9.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.1.0" +appVersion: "2.0.1" diff --git a/helm/cert-manager-webhook-variomedia/values.yaml b/helm/cert-manager-webhook-variomedia/values.yaml index c6bc286..5991f29 100644 --- a/helm/cert-manager-webhook-variomedia/values.yaml +++ b/helm/cert-manager-webhook-variomedia/values.yaml @@ -1,6 +1,5 @@ # Default values for cert-manager-webhook-variomedia. # This is a YAML-formatted file. -# Declare variables to be passed into your templates. replicaCount: 1 @@ -8,17 +7,18 @@ certManager: namespace: cert-manager serviceAccountName: cert-manager -groupName: acme.cert-manager-webhook-variomedia.local +# remember to change "cluster.local" to your cluster's domain, in case it's set differently +groupName: cert-manager-webhook-variomedia.cluster.local image: repository: '' image: cert-manager-webhook-variomedia - tag: "v1.1.0" + tag: "v2.0.1" pullPolicy: IfNotPresent imagePullSecrets: [] -logLevel: 6 +logLevel: 2 nameOverride: "" fullnameOverride: "" @@ -67,7 +67,7 @@ resources: {} autoscaling: enabled: false minReplicas: 1 - maxReplicas: 100 + maxReplicas: 1 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 diff --git a/main.go b/main.go index 1d3e200..973c323 100644 --- a/main.go +++ b/main.go @@ -41,6 +41,7 @@ const ( ) func main() { + klog.InitFlags(nil) // initializing the klog flags klog.V(4).Infof( "main() called") if GroupName == "" {