ACME Webhook for next layer DNS

ACME Webhook for next layer DNS

This project provides a cert-manager ACME Webhook for next layer DNS and is based on the Example Webhook.

Requirements

  • helm >= v3.0.0
  • kubernetes >= v1.14.0
  • cert-manager >= 0.12.0

Configuration

The following table lists the configurable parameters of the cert-manager chart and their default values.

Parameter Description Default
groupName Group name of the API service. dns.nextlayer.at
certManager.namespace Namespace where cert-manager is deployed to. kube-system
certManager.serviceAccountName Service account of cert-manager installation. cert-manager
image.repository Image repository registry.nextlayer.at/nextlayer/cert-manager-webhook-nextlayer
image.tag Image tag latest
image.pullPolicy Image pull policy Always
service.type API service type ClusterIP
service.port API service port 443
resources CPU/memory resource requests/limits {}
nodeSelector Node labels for pod assignment {}
affinity Node affinity for pod assignment {}
tolerations Node tolerations for pod assignment []

Installation

cert-manager

Follow the instructions using the cert-manager documentation to install it within your cluster.

Webhook

By cloning the repo

git clone https://github.com/nextlayergmbh/cert-manager-webhook-nextlayer.git
cd cert-manager-webhook-nextlayer
helm install --namespace cert-manager cert-manager-webhook-nextlayer ./deploy/cert-manager-webhook-nextlayer

By adding the helm repo

helm repo add nextlayercm https://nextlayergmbh.github.io/cert-manager-webhook-nextlayer/
helm repo update
helm install --namespace cert-manager nextlayercm/cert-manager-webhook-nextlayer

Note: The kubernetes resources used to install the Webhook should be deployed within the same namespace as the cert-manager.

To uninstall the webhook run

helm uninstall --namespace cert-manager cert-manager-webhook-nextlayer

Issuer

Create a ClusterIssuer or Issuer resource as following:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    # The ACME server URL
    server: https://acme-staging-v02.api.letsencrypt.org/directory

    # Email address used for ACME registration
    email: [email protected] # REPLACE THIS WITH YOUR EMAIL

    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging

    solvers:
      - dns01:
          webhook:
            groupName: dns.nextlayer.at
            solverName: nextlayer
            config:
              APIKey:

Credentials

For accessing the next layer DNS API, you need an API Token which you can request via the next layer support. Currently we don't provide a way to use secrets for you API KEY.

Thanks

Thanks to mecodia GmbH and Stephan Müller whose project served as an example for cert-manager-webhook-nextlayer.

Owner
next layer
We move your business to the next layer.
next layer
https://github.com/nextlayergmbh/cert-manager-webhook-nextlayer https://www.nextlayer.at
Similar Resources

Multicast DNS library for Go

Introduction This package allows Go processes to publish multicast DNS style records onto their local network segment. For more information about mDNS

Oct 23, 2022

Resolver (DNS) cache daemon.

Resolver (DNS) cache daemon.

RESCACHED(1) Manual Page NAME rescached - DNS resolver cache daemon. Table of Contents SYNOPSIS OPTIONS DESCRIPTION FEATURES BEHIND THE DNS HOW CACHE

Nov 17, 2022

CUP - Cloudflare (DNS) Updater Program

CUP The Cloudflare (DNS) Updater CUP is a tool to turn CloudFlare DNS into a Dynamic DNS service. Documentation Documentation can be found in the docs

Jun 6, 2022

🐶 Command-line DNS Client for Humans. Written in Golang

🐶 Command-line DNS Client for Humans. Written in Golang

doggo 🐶 Command-line DNS client for humans doggo is a modern command-line DNS client (like dig) written in Golang. It outputs information in a neat c

Dec 29, 2022

CoreDNS is a DNS server that chains plugins

CoreDNS is a DNS server that chains plugins

CoreDNS is a DNS server/forwarder, written in Go, that chains plugins. Each plugin performs a (DNS) function. CoreDNS is a Cloud Native Computing Foun

Jan 3, 2023

Fast and lightweight DNS proxy as ad-blocker for local network with many features

Blocky Blocky is a DNS proxy and ad-blocker for the local network written in Go with following features: Features Blocking - Blocking of DNS queries w

Jan 1, 2023

Are you forwarding DNS traffic to another server for some reason, but want to make sure only queries for certain names are passed? Say no more.

DNSFWD Redirect DNS traffic to an upstream. Get Latest: wget https://github.com/C-Sto/dnsfwd/releases/latest/download/dnsfwd_linux (replace linux with

Dec 16, 2022

Fast DNS implementation for Go

Fast DNS implementation for Go Features 0 Dependency Similar Interface with net/http Fast DoH Server Co-create with fasthttp Fast DNS Client with rich

Dec 27, 2022

Gotator is a tool to generate DNS wordlists through permutations.

Gotator is a tool to generate DNS wordlists through permutations.

Gotator is a tool to generate DNS wordlists through permutations.

Dec 28, 2022
Related tags
Networking DNS cert-manager-webhook-nextlayer
DNS server using miekg/dns offering dynamic subdomains, time-over-dns, and standard zone file support.

dns-go DNS server using miekg/dns offering dynamic subdomains, time-over-dns, and standard zone file support. dynamic subdomains web.myapp.192.168.1.1

Dec 14, 2021
cert-manager webhook & CoreDNS plugin for solving DNS01 challenge on self-hosted authoritative DNS server.
 cert-manager webhook & CoreDNS plugin for solving DNS01 challenge on self-hosted authoritative DNS server.

cert-manager webhook & CoreDNS plugin This repo exists for a niche case scenario in which we are running cert-manager on one or multiple Kubernetes cl

Feb 4, 2022
A DNS client in Go that supports Google DNS over HTTPS

dingo A DNS client (stub resolver) implemented in Go for the Google DNS-over-HTTPS. It effectively encrypts all your DNS traffic. It also supports Ope

Nov 9, 2022
dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.
 dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

Overview A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt. dnscrypt-p

Jan 3, 2023
A smol DNS server (<100 loc) that's configured with a static JSON file. Useful for split-dns.

A smol DNS server (<100 loc) that's configured with a static JSON file. Useful for split-dns.

Jul 27, 2022
A webhook for performaning DNS01 validation against CoreDNS backended by etcd.

[WIP] cert-manager-webhook-coredns-etcd A webhook for performaning DNS01 validation against CoreDNS backended by etcd. Running the test suite All DNS

Jan 15, 2022
DNS library in Go

Alternative (more granular) approach to a DNS library Less is more. Complete and usable DNS library. All Resource Records are supported, including the

Dec 26, 2022
DNS over HTTPS [mirror]

dnss dnss is a daemon for using DNS over HTTPS. It can act as a proxy, receiving DNS requests and resolving them using DNS-over-HTTPs (DoH). This can

Dec 26, 2022
DNS server with per-client targeted responses

GeoDNS servers This is the DNS server powering the NTP Pool system and other similar services. Questions or suggestions? For bug reports or feature re

Dec 15, 2022
GRONG is a DNS (Domain Name System) authoritative name server.It is more a research project than a production-ready program.

GRONG (Gross and ROugh Nameserver written in Go) is a DNS (Domain Name System) authoritative name server. It is intended as a research project and is

Oct 17, 2020