Reverted nameservers in values.yaml to reflect default. This is assumed to be the situation for cert-manager, this no use applying the local dns first for webhook. Must investigate further.

cmd/buildversion.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"log"
 	"os"
 	"strconv"
 	"strings"
@@ -9,8 +10,8 @@ import (
 )
 
 const (
-	//chartfile   = "./deploy/sthome-webhook/Chart.yaml"
-	//valuesfile  = "./deploy/sthome-webhook/values.yaml"
+	chartfile   = "./deploy/sthome-webhook/Chart.yaml"
+	valuesfile  = "./deploy/sthome-webhook/values.yaml"
 	tagprefix   = "  tag: "
 	vertxtfile  = "./version.txt"
 	apiVersion  = "v1"
@@ -19,8 +20,8 @@ const (
 )
 
 var (
-	buildTime string
-	//appVersion       string
+	buildTime        string
+	appVersion       string
 	longversion      string
 	multilineversion string
 )
@@ -44,17 +45,16 @@ func main() {
 	bNum, _ := strconv.Atoi(vLines[2])
 	bNum++
 	longversion = version + "." + fmt.Sprint(bNum)
-	//appVersion = "v" + longversion
+	appVersion = "v" + longversion
 	// Generate a single string to write back to the file
 	multilineversion = longversion + "\n" + buildTime + "\n" + fmt.Sprint(bNum)
-	//chartStr := "apiVersion: " + apiVersion + "\nappVersion: " + appVersion + "\ndescription: " + description + "\nname: " + name + "\nversion: " + longversion + "\n"
+	chartStr := "apiVersion: " + apiVersion + "\nappVersion: " + appVersion + "\ndescription: " + description + "\nname: " + name + "\nversion: " + longversion + "\n"
 	// Write the data back to the file.
 	_ = os.WriteFile(vertxtfile, []byte(multilineversion), 0777)
-	//_ = os.WriteFile(chartfile, []byte(chartStr), 0777)
-	//replacetxtfilelines(valuesfile, tagprefix, tagprefix+longversion)
+	_ = os.WriteFile(chartfile, []byte(chartStr), 0777)
+	replacetxtfilelines(valuesfile, tagprefix, tagprefix+longversion)
 }
 
-/*
 func replacetxtfilelines(filename string, textLinePrefix string, replacetext string) {
 	input, err := os.ReadFile(filename)
 	if err != nil {
@@ -74,4 +74,3 @@ func replacetxtfilelines(filename string, textLinePrefix string, replacetext str
 		log.Fatalln(err)
 	}
 }
-*/

deploy/sthome-webhook/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: v0.0.5-alpha.33
+appVersion: v0.0.5-alpha.54
 description: Cert-Manager webhook for sthome
 name: sthome-webhook
-version: 0.0.5-alpha.33
+version: 0.0.5-alpha.54

deploy/sthome-webhook/values.yaml

@@ -31,7 +31,7 @@ clusterIssuer:
 image:
   repository: stuurmcp/cert-manager-webhook-sthome
   #repository: wstat.sthome.net:5000/cert-manager-webhook-sthome
-  tag: 0.0.5-alpha.33
+  tag: 0.0.5-alpha.54
   #pullPolicy should be IfNotPresent. Set to Always for testing purposes
   pullPolicy: IfNotPresent
 
@@ -41,23 +41,20 @@ imageCredentials:
 nameOverride: ""
 fullnameOverride: ""
 
-extraArgs:
- # dns1: 192.168.2.4
- # dns2: 10.0.0.15
-
 dnsPolicy: None
 
 dnsConfig:
   nameservers:
-    - 10.0.0.15
     - 172.17.0.10
-    - 192.168.2.4
+    - 10.0.0.15
+    - 192.168.2.1
+
   searches:
     - ix-sthome-webhook2.svc.cluster.local
     - svc.cluster.local
     - cluster.local
-    - sthome.net
     - sthome.lan
+    - sthome.net
   options:
     - name: ndots
       value: "5"

pkg/dns/solver_local.go

@@ -50,50 +50,8 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
 	if err != nil {
 		return err
 	}
-
-	/*
-			provider, cfg, err := loc.init(ch.Config, ch.ResourceNamespace)
-			if err != nil {
-				return fmt.Errorf("failed initializing sthome provider: %v", err)
-			}
-			if !cfg.IsAllowedZone(ch.ResolvedZone) {
-				return fmt.Errorf("zone %s may not be edited per config (allowed zones are %v)", ch.ResolvedZone, cfg.AllowedZones)
-			}
-			ctx := context.Background()
-			records, err := loc.getExistingRecords(ctx, provider, ch.ResolvedZone, ch.ResolvedFQDN)
-			if err != nil {
-				return fmt.Errorf("failed loading existing records for %s in domain %s: %v", ch.ResolvedFQDN, ch.ResolvedZone, err)
-			}
-
-			// Add the record, only if it doesn't exist already
-			content := quote(ch.Key)
-			if _, ok := findRecord(records, content); !ok {
-				disabled := false
-				records = append(records, sthome.Record{Disabled: &disabled, Content: &content})
-			}
-
-		// TODO: do something more useful with the decoded configuration
-		klog.Infof("CZ: Presenting record for %s, type: %s, uid: %s, key: %s, ns: %s, fqdn: %s, zone: %s, allowambcred: %t, cfg.secret: %s, cfg.email: %s, cfg.allowz: %s",
-			ch.DNSName,
-			ch.UID,
-			ch.Type,
-			ch.Key,
-			ch.ResourceNamespace,
-			ch.ResolvedFQDN,
-			ch.ResolvedZone,
-			ch.AllowAmbientCredentials,
-			cfg.APIKeySecretRef.Name,
-			cfg.Email,
-			strings.Join(cfg.AllowedZones, ","),
-		)
-	*/
 	// TODO: convert shell script to golang
 	//localip := GetOutboundIP(Dnsserver_net)
-	err = loc.Check(ch.DNSName, ch.Key)
-	if err != nil {
-		klog.Infof("Check prop failed: %s", err)
-		return err
-	}
 	success, err := Execute(
 		Shell,
 		AcmeAuthCmd,
@@ -105,7 +63,11 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
 		"\"\"", //localip,
 		//"-v",
 	)
-	klog.Infof("Execute set TXT returned success: %t\n", success)
+	klog.Infof("Present: Execute set TXT returned success: %t\n", success)
+	err2 := loc.Check(ch.DNSName, ch.Key)
+	if err2 != nil {
+		klog.Infof("Present: Check prop failed: %s", err2)
+	}
 	return err
 }
 
@@ -154,11 +116,14 @@ func (loc *LocalDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, sto
 
 // Check verifies that the DNS records for the ACME challenge have propagated.
 func (s *LocalDNSProviderSolver) Check(DNSName string, Key string) error {
+	ttl := 20
 
 	fqdn, err := util.DNS01LookupFQDN(DNSName, false, DNS01Nameservers...)
 	if err != nil {
 		return err
 	}
+	klog.Info("waiting DNS record TTL to allow the DNS01 record to propagate for domain")
+	time.Sleep(time.Second * time.Duration(ttl))
 
 	//klog.Info("checking DNS propagation: ", "dns: ", DNSName, ", fqdn: ", fqdn, ", key: ", Key, ", nameservers: ", DNS01Nameservers)
 	klog.Info("checking DNS prop: fqdn: ", fqdn)
@@ -171,10 +136,9 @@ func (s *LocalDNSProviderSolver) Check(DNSName string, Key string) error {
 		return fmt.Errorf("DNS record for %q not yet propagated", DNSName)
 	}
 
-	ttl := 60
-	klog.Info("waiting DNS record TTL to allow the DNS01 record to propagate for domain", "ttl", ttl, "fqdn", fqdn)
-	time.Sleep(time.Second * time.Duration(ttl))
-	klog.Info("ACME DNS01 validation record propagated", "fqdn", fqdn)
+	//	klog.Info("waiting DNS record TTL to allow the DNS01 record to propagate for domain")
+	//	time.Sleep(time.Second * time.Duration(ttl))
+	klog.Info("ACME DNS01 validation record propagated: ", "fqdn", fqdn)
 
 	return nil
 }

pkg/util/wait.go

@@ -117,7 +117,7 @@ func checkDNSPropagation(fqdn, value string, nameservers []string,
 	if !useAuthoritative {
 		var success bool
 		success, err = checkAuthoritativeNss(fqdn, value, nameservers)
-		//klog.Infof("PreCheckDNS: checkAuthoritativeNss returned success: %t, err: %s", success, err)
+		//klog.Infof("PreCheckDNS: returned success: %t, err: %s", success, err)
 		return success, err
 	}
 
@@ -136,28 +136,30 @@ func checkDNSPropagation(fqdn, value string, nameservers []string,
 // checkAuthoritativeNss queries each of the given nameservers for the expected TXT record.
 func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, error) {
 	for _, ns := range nameservers {
+		klog.Infof("================== NS: %s ==================", ns)
 		r, err := DNSQuery(fqdn, dns.TypeTXT, []string{ns}, true)
-		//klog.Infof("checkAuthoritativeNss: DNSQuery returned \nr: %s, \nerr: %s", r, err)
+		//klog.Infof("DNSQuery returned \nr: %s, \nerr: %s", r, err)
 		if err != nil {
-			klog.Infof("checkAuthoritativeNss: DNSQuery failed, err: %s", err)
+			klog.Infof("DNSQuery failed, err: %s", err)
 			return false, err
 		}
-		klog.Infof("checkAuthoritativeNss: DNSQuery succeeded with r.Rcode: %d", r.Rcode)
+		klog.Infof("DNSQuery succeeded with r.Rcode: %d", r.Rcode)
 		// NXDomain response is not really an error, just waiting for propagation to happen
 		if !(r.Rcode == dns.RcodeSuccess || r.Rcode == dns.RcodeNameError) {
-			//klog.Errorf("checkAuthoritativeNss: NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn)
+			//klog.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn)
 			return false, fmt.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn)
 		}
 
 		klog.Infof("%q: must be %s", fqdn, value)
-		klog.Infof("checkAuthoritativeNss: r.Answer: %s", r.Answer)
+		klog.Infof("r.Answer: %s", r.Answer)
 		var found bool
 		var i = 0
 		for _, rr := range r.Answer {
 			i++
-			txt1, ok1 := rr.(*dns.TXT)
-			klog.Infof("checkAuthoritativeNss: Compare[%d]: ok: %t, query: %s, value: %s", i, ok1, txt1.Txt, value)
+			//txt1, ok1 := rr.(*dns.TXT)
+			//klog.Infof("Compare[%d]: ok: %t, query: %s, value: %s", i, ok1, strings.Join(txt1.Txt, ""), value)
 			if txt, ok := rr.(*dns.TXT); ok {
+				klog.Infof("Compare[%d]: Q: %s, A: %s", i, value, strings.Join(txt.Txt, ""))
 				if strings.Join(txt.Txt, "") == value {
 					found = true
 					break
@@ -474,7 +476,7 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) {
 
 				zone := soa.Hdr.Name
 				fqdnToZone[fqdn] = zone
-				klog.Infof("Returning discovered zone record %q for fqdn %q", zone, fqdn)
+				klog.Infof("Zone record %q for fqdn %q", zone, fqdn)
 				return zone, nil
 			}
 		}

version.txt

@@ -1,3 +1,3 @@
-0.0.5-alpha.43
-20240412-1356
-43
+0.0.5-alpha.54
+20240412-2211
+54