Reverted nameservers in values.yaml to reflect default. This is assumed to be the situation for cert-manager, this no use applying the local dns first for webhook. Must investigate further.

2024-04-12 22:40:43 +02:00 · 2024-04-12 22:40:43 +02:00 · 0828218a59
commit 0828218a59
parent 8b78b490c3
6 changed files with 41 additions and 79 deletions
--- a/cmd/buildversion.go
+++ b/cmd/buildversion.go
@ -2,6 +2,7 @@ package main
 import (
 	"fmt"
 	"log"
 	"os"
 	"strconv"
 	"strings"
@ -9,8 +10,8 @@ import (
 )
 const (
-	//chartfile   = "./deploy/sthome-webhook/Chart.yaml"
+	chartfile   = "./deploy/sthome-webhook/Chart.yaml"
-	//valuesfile  = "./deploy/sthome-webhook/values.yaml"
+	valuesfile  = "./deploy/sthome-webhook/values.yaml"
 	tagprefix   = "  tag: "
 	vertxtfile  = "./version.txt"
 	apiVersion  = "v1"
@ -19,8 +20,8 @@ const (
 )
 var (
-	buildTime string
+	buildTime        string
-	//appVersion       string
+	appVersion       string
 	longversion      string
 	multilineversion string
 )
@ -44,17 +45,16 @@ func main() {
 	bNum, _ := strconv.Atoi(vLines[2])
 	bNum++
 	longversion = version + "." + fmt.Sprint(bNum)
-	//appVersion = "v" + longversion
+	appVersion = "v" + longversion
 	// Generate a single string to write back to the file
 	multilineversion = longversion + "\n" + buildTime + "\n" + fmt.Sprint(bNum)
-	//chartStr := "apiVersion: " + apiVersion + "\nappVersion: " + appVersion + "\ndescription: " + description + "\nname: " + name + "\nversion: " + longversion + "\n"
+	chartStr := "apiVersion: " + apiVersion + "\nappVersion: " + appVersion + "\ndescription: " + description + "\nname: " + name + "\nversion: " + longversion + "\n"
 	// Write the data back to the file.
 	_ = os.WriteFile(vertxtfile, []byte(multilineversion), 0777)
-	//_ = os.WriteFile(chartfile, []byte(chartStr), 0777)
+	_ = os.WriteFile(chartfile, []byte(chartStr), 0777)
-	//replacetxtfilelines(valuesfile, tagprefix, tagprefix+longversion)
+	replacetxtfilelines(valuesfile, tagprefix, tagprefix+longversion)
 }
 /*
 func replacetxtfilelines(filename string, textLinePrefix string, replacetext string) {
 	input, err := os.ReadFile(filename)
 	if err != nil {
@ -74,4 +74,3 @@ func replacetxtfilelines(filename string, textLinePrefix string, replacetext str
 		log.Fatalln(err)
 	}
 }
 */
--- a/deploy/sthome-webhook/Chart.yaml
+++ b/deploy/sthome-webhook/Chart.yaml
@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: v0.0.5-alpha.33
+appVersion: v0.0.5-alpha.54
 description: Cert-Manager webhook for sthome
 name: sthome-webhook
-version: 0.0.5-alpha.33
+version: 0.0.5-alpha.54
--- a/deploy/sthome-webhook/values.yaml
+++ b/deploy/sthome-webhook/values.yaml
@ -31,7 +31,7 @@ clusterIssuer:
 image:
  repository: stuurmcp/cert-manager-webhook-sthome
  #repository: wstat.sthome.net:5000/cert-manager-webhook-sthome
-  tag: 0.0.5-alpha.33
+  tag: 0.0.5-alpha.54
  #pullPolicy should be IfNotPresent. Set to Always for testing purposes
  pullPolicy: IfNotPresent
@ -41,23 +41,20 @@ imageCredentials:
 nameOverride: ""
 fullnameOverride: ""
 extraArgs:
 # dns1: 192.168.2.4
 # dns2: 10.0.0.15
 dnsPolicy: None
 dnsConfig:
  nameservers:
    - 10.0.0.15
    - 172.17.0.10
-    - 192.168.2.4
+    - 10.0.0.15
    - 192.168.2.1
  searches:
    - ix-sthome-webhook2.svc.cluster.local
    - svc.cluster.local
    - cluster.local
    - sthome.net
    - sthome.lan
    - sthome.net
  options:
    - name: ndots
      value: "5"
--- a/pkg/dns/solver_local.go
+++ b/pkg/dns/solver_local.go
@ -50,50 +50,8 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
 	if err != nil {
 		return err
 	}
 	/*
 			provider, cfg, err := loc.init(ch.Config, ch.ResourceNamespace)
 			if err != nil {
 				return fmt.Errorf("failed initializing sthome provider: %v", err)
 			}
 			if !cfg.IsAllowedZone(ch.ResolvedZone) {
 				return fmt.Errorf("zone %s may not be edited per config (allowed zones are %v)", ch.ResolvedZone, cfg.AllowedZones)
 			}
 			ctx := context.Background()
 			records, err := loc.getExistingRecords(ctx, provider, ch.ResolvedZone, ch.ResolvedFQDN)
 			if err != nil {
 				return fmt.Errorf("failed loading existing records for %s in domain %s: %v", ch.ResolvedFQDN, ch.ResolvedZone, err)
 			}
 			// Add the record, only if it doesn't exist already
 			content := quote(ch.Key)
 			if _, ok := findRecord(records, content); !ok {
 				disabled := false
 				records = append(records, sthome.Record{Disabled: &disabled, Content: &content})
 			}
 		// TODO: do something more useful with the decoded configuration
 		klog.Infof("CZ: Presenting record for %s, type: %s, uid: %s, key: %s, ns: %s, fqdn: %s, zone: %s, allowambcred: %t, cfg.secret: %s, cfg.email: %s, cfg.allowz: %s",
 			ch.DNSName,
 			ch.UID,
 			ch.Type,
 			ch.Key,
 			ch.ResourceNamespace,
 			ch.ResolvedFQDN,
 			ch.ResolvedZone,
 			ch.AllowAmbientCredentials,
 			cfg.APIKeySecretRef.Name,
 			cfg.Email,
 			strings.Join(cfg.AllowedZones, ","),
 		)
 	*/
 	// TODO: convert shell script to golang
 	//localip := GetOutboundIP(Dnsserver_net)
 	err = loc.Check(ch.DNSName, ch.Key)
 	if err != nil {
 		klog.Infof("Check prop failed: %s", err)
 		return err
 	}
 	success, err := Execute(
 		Shell,
 		AcmeAuthCmd,
@ -105,7 +63,11 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
 		"\"\"", //localip,
 		//"-v",
 	)
-	klog.Infof("Execute set TXT returned success: %t\n", success)
+	klog.Infof("Present: Execute set TXT returned success: %t\n", success)
 	err2 := loc.Check(ch.DNSName, ch.Key)
 	if err2 != nil {
 		klog.Infof("Present: Check prop failed: %s", err2)
 	}
 	return err
 }
@ -154,11 +116,14 @@ func (loc *LocalDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, sto
 // Check verifies that the DNS records for the ACME challenge have propagated.
 func (s *LocalDNSProviderSolver) Check(DNSName string, Key string) error {
 	ttl := 20
 	fqdn, err := util.DNS01LookupFQDN(DNSName, false, DNS01Nameservers...)
 	if err != nil {
 		return err
 	}
 	klog.Info("waiting DNS record TTL to allow the DNS01 record to propagate for domain")
 	time.Sleep(time.Second * time.Duration(ttl))
 	//klog.Info("checking DNS propagation: ", "dns: ", DNSName, ", fqdn: ", fqdn, ", key: ", Key, ", nameservers: ", DNS01Nameservers)
 	klog.Info("checking DNS prop: fqdn: ", fqdn)
@ -171,10 +136,9 @@ func (s *LocalDNSProviderSolver) Check(DNSName string, Key string) error {
 		return fmt.Errorf("DNS record for %q not yet propagated", DNSName)
 	}
-	ttl := 60
+	//	klog.Info("waiting DNS record TTL to allow the DNS01 record to propagate for domain")
-	klog.Info("waiting DNS record TTL to allow the DNS01 record to propagate for domain", "ttl", ttl, "fqdn", fqdn)
+	//	time.Sleep(time.Second * time.Duration(ttl))
-	time.Sleep(time.Second * time.Duration(ttl))
+	klog.Info("ACME DNS01 validation record propagated: ", "fqdn", fqdn)
 	klog.Info("ACME DNS01 validation record propagated", "fqdn", fqdn)
 	return nil
 }
--- a/pkg/util/wait.go
+++ b/pkg/util/wait.go
@ -117,7 +117,7 @@ func checkDNSPropagation(fqdn, value string, nameservers []string,
 	if !useAuthoritative {
 		var success bool
 		success, err = checkAuthoritativeNss(fqdn, value, nameservers)
-		//klog.Infof("PreCheckDNS: checkAuthoritativeNss returned success: %t, err: %s", success, err)
+		//klog.Infof("PreCheckDNS: returned success: %t, err: %s", success, err)
 		return success, err
 	}
@ -136,28 +136,30 @@ func checkDNSPropagation(fqdn, value string, nameservers []string,
 // checkAuthoritativeNss queries each of the given nameservers for the expected TXT record.
 func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, error) {
 	for _, ns := range nameservers {
 		klog.Infof("================== NS: %s ==================", ns)
 		r, err := DNSQuery(fqdn, dns.TypeTXT, []string{ns}, true)
-		//klog.Infof("checkAuthoritativeNss: DNSQuery returned \nr: %s, \nerr: %s", r, err)
+		//klog.Infof("DNSQuery returned \nr: %s, \nerr: %s", r, err)
 		if err != nil {
-			klog.Infof("checkAuthoritativeNss: DNSQuery failed, err: %s", err)
+			klog.Infof("DNSQuery failed, err: %s", err)
 			return false, err
 		}
-		klog.Infof("checkAuthoritativeNss: DNSQuery succeeded with r.Rcode: %d", r.Rcode)
+		klog.Infof("DNSQuery succeeded with r.Rcode: %d", r.Rcode)
 		// NXDomain response is not really an error, just waiting for propagation to happen
 		if !(r.Rcode == dns.RcodeSuccess || r.Rcode == dns.RcodeNameError) {
-			//klog.Errorf("checkAuthoritativeNss: NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn)
+			//klog.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn)
 			return false, fmt.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn)
 		}
 		klog.Infof("%q: must be %s", fqdn, value)
-		klog.Infof("checkAuthoritativeNss: r.Answer: %s", r.Answer)
+		klog.Infof("r.Answer: %s", r.Answer)
 		var found bool
 		var i = 0
 		for _, rr := range r.Answer {
 			i++
-			txt1, ok1 := rr.(*dns.TXT)
+			//txt1, ok1 := rr.(*dns.TXT)
-			klog.Infof("checkAuthoritativeNss: Compare[%d]: ok: %t, query: %s, value: %s", i, ok1, txt1.Txt, value)
+			//klog.Infof("Compare[%d]: ok: %t, query: %s, value: %s", i, ok1, strings.Join(txt1.Txt, ""), value)
 			if txt, ok := rr.(*dns.TXT); ok {
 				klog.Infof("Compare[%d]: Q: %s, A: %s", i, value, strings.Join(txt.Txt, ""))
 				if strings.Join(txt.Txt, "") == value {
 					found = true
 					break
@ -474,7 +476,7 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) {
 				zone := soa.Hdr.Name
 				fqdnToZone[fqdn] = zone
-				klog.Infof("Returning discovered zone record %q for fqdn %q", zone, fqdn)
+				klog.Infof("Zone record %q for fqdn %q", zone, fqdn)
 				return zone, nil
 			}
 		}
--- a/version.txt
+++ b/version.txt
@ -1,3 +1,3 @@
-0.0.5-alpha.43
+0.0.5-alpha.54
-20240412-1356
+20240412-2211
-43
+54
`@ -1,3 +1,3 @@`
	`0.0.5-alpha.43`	`0.0.5-alpha.54`
	`20240412-1356`	`20240412-2211`
	`43`	`54`