forked from mirrors/cert-manager-webhook-variomedia
Finalizations and clean-up
This commit is contained in:
Jens-U. Mozdzen
2
Makefile
2
Makefile
@@ -3,7 +3,7 @@ ARCH ?= $(shell go env GOARCH)
|
||||
|
||||
PROVIDER := "variomedia"
|
||||
IMAGE_NAME := "${REGISTRY}cert-manager-webhook-${PROVIDER}"
|
||||
IMAGE_TAG := "2.0.0"
|
||||
IMAGE_TAG := "v2.0.1"
|
||||
|
||||
OUT := $(shell pwd)/_out
|
||||
|
||||
|
||||
21
README.md
21
README.md
@@ -47,13 +47,15 @@ This is important, as otherwise it'd be possible for anyone with access to your
|
||||
webhook to complete ACME challenge validations and obtain certificates.
|
||||
|
||||
The Variomedia AG webhook implementation is based on the example webhook provided
|
||||
by the cert-manager project (https://github.com/cert-manager/webhook-example).
|
||||
by the cert-manager project (https://github.com/cert-manager/webhook-example). Also,
|
||||
inspiration was taken from an implementation for the old Variomedia "provider API",
|
||||
which can be found at https://github.com/jheyduk/cert-manager-webhook-variomedia.
|
||||
|
||||
### Using your own repository
|
||||
|
||||
The GitHub version of the Variomedia webhook implementation is focussed on providing
|
||||
The GitHub version of the Variomedia webhook implementation is currently focussed on providing
|
||||
an implementation in a decentral container registry, i.e. "Harbor". The Docker image
|
||||
is currently *not* published on docker.io.
|
||||
is currently *not* published on docker.io. This may change at a later time.
|
||||
|
||||
#### Running the test suite
|
||||
|
||||
@@ -79,7 +81,7 @@ you can build and upload your local copy of the software using the following com
|
||||
$ export REGISTRY='your.registry.company.com/yourproject'
|
||||
$ docker login $REGISTRY
|
||||
|
||||
# push the resulting image to your repository
|
||||
# build and push the resulting image to your repository
|
||||
# will invoke via dependencies test -> build -> push
|
||||
$ TEST_ZONE_NAME=example.com. make push
|
||||
```
|
||||
@@ -88,9 +90,13 @@ $ TEST_ZONE_NAME=example.com. make push
|
||||
|
||||
We have provided a Helm chart to ease the installation of the Variomedia webhook.
|
||||
|
||||
When specifying the groupName parameter, make sure to use a name in your cluster's domain.
|
||||
If you set that differently from "cluster.local", you'll need to use the proper domain suffix
|
||||
both as a Helm value and when creating the (Cluster)Issuer (see below).
|
||||
|
||||
## Configuration
|
||||
|
||||
In addition to installing the webhook, you will also need to configure the according webhook and
|
||||
In addition to installing the webhook, you will also need to configure it and create at least one
|
||||
cert-manager Issuer.
|
||||
|
||||
Configuration of the webhook consists in providing the according secrets for each DNS domain you
|
||||
@@ -123,7 +129,7 @@ $ kubectl apply -f - << EOF
|
||||
solvers:
|
||||
- dns01:
|
||||
webhook:
|
||||
groupName: acme.cert-manager-webhook-variomedia.local
|
||||
groupName: cert-manager-webhook-variomedia.cluster.local
|
||||
solverName: variomedia-APIv2019
|
||||
config:
|
||||
example.com: variomedia-credentials-01
|
||||
@@ -132,6 +138,9 @@ $ kubectl apply -f - << EOF
|
||||
EOF
|
||||
```
|
||||
|
||||
Although three domains were covered in above example, typically you'll have only a single domain to configure - you then can
|
||||
omit creating "secret/variomedia-credentials-02" and will have to specify only a single entry in "...:webhook:config".
|
||||
|
||||
Variomedia AG published a page describing how to obtain the according API key (the page is in German
|
||||
only), basically stating that you can contact their support to have a key issued:
|
||||
https://www.variomedia.de/faq/Wie-bekomme-ich-einen-API-Token/article/326
|
||||
|
||||
4
go.mod
4
go.mod
@@ -7,7 +7,9 @@ require (
|
||||
github.com/miekg/dns v1.1.34
|
||||
github.com/stretchr/testify v1.7.0
|
||||
k8s.io/apiextensions-apiserver v0.23.1
|
||||
k8s.io/apimachinery v0.23.1
|
||||
k8s.io/client-go v0.23.1
|
||||
k8s.io/klog/v2 v2.30.0
|
||||
)
|
||||
|
||||
require (
|
||||
@@ -88,10 +90,8 @@ require (
|
||||
gopkg.in/yaml.v2 v2.4.0 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
|
||||
k8s.io/api v0.23.1 // indirect
|
||||
k8s.io/apimachinery v0.23.1 // indirect
|
||||
k8s.io/apiserver v0.23.1 // indirect
|
||||
k8s.io/component-base v0.23.1 // indirect
|
||||
k8s.io/klog/v2 v2.30.0 // indirect
|
||||
k8s.io/kube-aggregator v0.23.1 // indirect
|
||||
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
|
||||
k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b // indirect
|
||||
|
||||
1
go.sum
1
go.sum
@@ -38,7 +38,6 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
|
||||
cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
|
||||
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
|
||||
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
||||
github.com/Azure/azure-sdk-for-go v56.2.0+incompatible h1:2GrG1JkTSMqLquy1pqVsjeRJhNtZLjss2+rx8ogZXx4=
|
||||
github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
|
||||
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
|
||||
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
|
||||
|
||||
@@ -15,11 +15,11 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.9.1
|
||||
version: 0.9.2
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "1.1.0"
|
||||
appVersion: "2.0.1"
|
||||
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
# Default values for cert-manager-webhook-variomedia.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
@@ -8,17 +7,18 @@ certManager:
|
||||
namespace: cert-manager
|
||||
serviceAccountName: cert-manager
|
||||
|
||||
groupName: acme.cert-manager-webhook-variomedia.local
|
||||
# remember to change "cluster.local" to your cluster's domain, in case it's set differently
|
||||
groupName: cert-manager-webhook-variomedia.cluster.local
|
||||
|
||||
image:
|
||||
repository: ''
|
||||
image: cert-manager-webhook-variomedia
|
||||
tag: "v1.1.0"
|
||||
tag: "v2.0.1"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
imagePullSecrets: []
|
||||
|
||||
logLevel: 6
|
||||
logLevel: 2
|
||||
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
@@ -67,7 +67,7 @@ resources: {}
|
||||
autoscaling:
|
||||
enabled: false
|
||||
minReplicas: 1
|
||||
maxReplicas: 100
|
||||
maxReplicas: 1
|
||||
targetCPUUtilizationPercentage: 80
|
||||
# targetMemoryUtilizationPercentage: 80
|
||||
|
||||
|
||||
Reference in New Issue
Block a user