Reverted to kubernetes
This commit is contained in:
parent
a5f92861e7
commit
24853d497a
@ -5,11 +5,13 @@ import (
|
||||
"fmt"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
"k8s.io/klog/v2"
|
||||
)
|
||||
|
||||
func (e *SthomeSolver) handleDNSRequest(w dns.ResponseWriter, req *dns.Msg) {
|
||||
msg := new(dns.Msg)
|
||||
msg.SetReply(req)
|
||||
klog.Infof("Entering: %s ============\n", "handleDNSRequest")
|
||||
switch req.Opcode {
|
||||
case dns.OpcodeQuery:
|
||||
for _, q := range msg.Question {
|
||||
@ -20,9 +22,11 @@ func (e *SthomeSolver) handleDNSRequest(w dns.ResponseWriter, req *dns.Msg) {
|
||||
}
|
||||
}
|
||||
w.WriteMsg(msg)
|
||||
klog.Infof("Exiting: %s ============\n", "handleDNSRequest")
|
||||
}
|
||||
|
||||
func (e *SthomeSolver) addDNSAnswer(q dns.Question, msg *dns.Msg, req *dns.Msg) error {
|
||||
klog.Infof("Entering: %s ============\n", "addDNSAnswer")
|
||||
switch q.Qtype {
|
||||
// Always return loopback for any A query
|
||||
case dns.TypeA:
|
||||
@ -35,6 +39,7 @@ func (e *SthomeSolver) addDNSAnswer(q dns.Question, msg *dns.Msg, req *dns.Msg)
|
||||
|
||||
// TXT records are the only important record for ACME dns-01 challenges
|
||||
case dns.TypeTXT:
|
||||
klog.Infof("case: %s ============\n", "dns.TypeTXT")
|
||||
e.RLock()
|
||||
record, found := e.txtRecords[q.Name]
|
||||
e.RUnlock()
|
||||
@ -47,6 +52,7 @@ func (e *SthomeSolver) addDNSAnswer(q dns.Question, msg *dns.Msg, req *dns.Msg)
|
||||
return err
|
||||
}
|
||||
msg.Answer = append(msg.Answer, rr)
|
||||
klog.Infof("msg.Answer: %s ============\n", msg.Answer)
|
||||
return nil
|
||||
|
||||
// NS and SOA are for authoritative lookups, return obviously invalid data
|
||||
38
_backup/secrets.go
Normal file
38
_backup/secrets.go
Normal file
@ -0,0 +1,38 @@
|
||||
package dns
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/client-go/kubernetes"
|
||||
)
|
||||
|
||||
//go:generate mockgen -destination=./mock/secrets.go -source=./secrets.go SecretFetcher
|
||||
type SecretFetcher interface {
|
||||
StringFromSecret(namespace, secretName, key string) (string, error)
|
||||
}
|
||||
|
||||
type kubeSecretFetcher struct {
|
||||
client kubernetes.Interface
|
||||
ctx context.Context
|
||||
}
|
||||
|
||||
func (k *kubeSecretFetcher) StringFromSecret(namespace, secretName, key string) (string, error) {
|
||||
secret, err := k.client.CoreV1().Secrets(namespace).Get(k.ctx, secretName, metav1.GetOptions{})
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
binary, ok := secret.Data[key]
|
||||
if !ok {
|
||||
return "", fmt.Errorf("key `%q` not found in secretFetcher `%s/%s`",
|
||||
key, namespace, secretName)
|
||||
}
|
||||
|
||||
return string(binary), nil
|
||||
}
|
||||
|
||||
func NewSecretFetcher() SecretFetcher {
|
||||
return &kubeSecretFetcher{}
|
||||
}
|
||||
@ -2,22 +2,25 @@
|
||||
package dns
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"os"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/cert-manager/cert-manager/pkg/acme/webhook"
|
||||
acme "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
|
||||
"github.com/miekg/dns"
|
||||
"k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/rest"
|
||||
"k8s.io/klog/v2"
|
||||
)
|
||||
|
||||
type SthomeSolver struct {
|
||||
name string
|
||||
server *dns.Server
|
||||
txtRecords map[string]string
|
||||
ctx context.Context
|
||||
name string
|
||||
server *dns.Server
|
||||
txtRecords map[string]string
|
||||
secretFetcher SecretFetcher
|
||||
sync.RWMutex
|
||||
}
|
||||
|
||||
@ -84,22 +87,35 @@ func (e *SthomeSolver) CleanUp(ch *acme.ChallengeRequest) error {
|
||||
}
|
||||
|
||||
func (e *SthomeSolver) Initialize(kubeClientConfig *rest.Config, stopCh <-chan struct{}) error {
|
||||
go func(done <-chan struct{}) {
|
||||
<-done
|
||||
if err := e.server.Shutdown(); err != nil {
|
||||
fmt.Fprintf(os.Stderr, "%s\n", err.Error())
|
||||
}
|
||||
}(stopCh)
|
||||
go func() {
|
||||
if err := e.server.ListenAndServe(); err != nil {
|
||||
fmt.Fprintf(os.Stderr, "%s\n", err.Error())
|
||||
os.Exit(1)
|
||||
}
|
||||
}()
|
||||
klog.Infof("Initializing sthome solver")
|
||||
cl, err := kubernetes.NewForConfig(kubeClientConfig)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get kubernetes client: %w", err)
|
||||
}
|
||||
e.secretFetcher = &kubeSecretFetcher{
|
||||
client: cl,
|
||||
ctx: e.ctx,
|
||||
}
|
||||
/*
|
||||
go func(done <-chan struct{}) {
|
||||
<-done
|
||||
if err := e.server.Shutdown(); err != nil {
|
||||
fmt.Fprintf(os.Stderr, "%s\n", err.Error())
|
||||
}
|
||||
}(stopCh)
|
||||
go func() {
|
||||
if err := e.server.ListenAndServe(); err != nil {
|
||||
fmt.Fprintf(os.Stderr, "%s\n", err.Error())
|
||||
os.Exit(1)
|
||||
}
|
||||
}()
|
||||
*/
|
||||
klog.Infof("Sthome solver initialized")
|
||||
return nil
|
||||
}
|
||||
|
||||
func New(port string) webhook.Solver {
|
||||
klog.Infof("Entering New")
|
||||
e := &SthomeSolver{
|
||||
name: ProviderName,
|
||||
txtRecords: make(map[string]string),
|
||||
@ -109,5 +125,6 @@ func New(port string) webhook.Solver {
|
||||
Net: "udp",
|
||||
Handler: dns.HandlerFunc(e.handleDNSRequest),
|
||||
}
|
||||
klog.Infof("Exiting New")
|
||||
return e
|
||||
}
|
||||
@ -1,5 +1,5 @@
|
||||
apiVersion: v1
|
||||
appVersion: v0.0.5-alpha.1
|
||||
appVersion: v0.0.5-alpha.12
|
||||
description: Cert-Manager webhook for sthome
|
||||
name: sthome-webhook
|
||||
version: 0.0.5-alpha.1
|
||||
version: 0.0.5-alpha.12
|
||||
|
||||
@ -31,7 +31,7 @@ clusterIssuer:
|
||||
image:
|
||||
repository: stuurmcp/cert-manager-webhook-sthome
|
||||
#repository: wstat.sthome.net:5000/cert-manager-webhook-sthome
|
||||
tag: 0.0.5-alpha.1
|
||||
tag: 0.0.5-alpha.12
|
||||
#pullPolicy should be IfNotPresent. Set to Always for testing purposes
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
|
||||
9
go.mod
9
go.mod
@ -6,7 +6,6 @@ toolchain go1.22.1
|
||||
|
||||
require (
|
||||
github.com/cert-manager/cert-manager v1.14.4
|
||||
github.com/miekg/dns v1.1.58
|
||||
k8s.io/api v0.29.0
|
||||
k8s.io/apiextensions-apiserver v0.29.0
|
||||
k8s.io/client-go v0.29.0
|
||||
@ -14,10 +13,7 @@ require (
|
||||
|
||||
require k8s.io/klog/v2 v2.110.1
|
||||
|
||||
require (
|
||||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
|
||||
k8s.io/apimachinery v0.29.0 // indirect
|
||||
)
|
||||
require k8s.io/apimachinery v0.29.0 // indirect
|
||||
|
||||
require (
|
||||
github.com/NYTimes/gziphandler v1.1.1 // indirect
|
||||
@ -67,7 +63,7 @@ require (
|
||||
github.com/spf13/cobra v1.8.0 // indirect
|
||||
github.com/spf13/pflag v1.0.5 // indirect
|
||||
github.com/stoewer/go-strcase v1.3.0 // indirect
|
||||
github.com/stretchr/testify v1.9.0
|
||||
github.com/stretchr/testify v1.9.0 // indirect
|
||||
go.etcd.io/etcd/api/v3 v3.5.11 // indirect
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.11 // indirect
|
||||
go.etcd.io/etcd/client/v3 v3.5.11 // indirect
|
||||
@ -84,7 +80,6 @@ require (
|
||||
go.uber.org/zap v1.26.0 // indirect
|
||||
golang.org/x/crypto v0.18.0 // indirect
|
||||
golang.org/x/exp v0.0.0-20231226003508-02704c960a9b // indirect
|
||||
golang.org/x/mod v0.14.0 // indirect
|
||||
golang.org/x/net v0.20.0 // indirect
|
||||
golang.org/x/oauth2 v0.15.0 // indirect
|
||||
golang.org/x/sync v0.6.0 // indirect
|
||||
|
||||
4
go.sum
4
go.sum
@ -116,8 +116,6 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0
|
||||
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
|
||||
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
|
||||
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
|
||||
github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
|
||||
github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
|
||||
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
@ -222,8 +220,6 @@ golang.org/x/exp v0.0.0-20231226003508-02704c960a9b/go.mod h1:iRJReGqOEeBhDZGkGb
|
||||
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
|
||||
golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
|
||||
golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
|
||||
23
main.go
23
main.go
@ -2,18 +2,18 @@ package main
|
||||
|
||||
import (
|
||||
_ "embed"
|
||||
"fmt"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/rest"
|
||||
"k8s.io/klog/v2"
|
||||
|
||||
"github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
|
||||
/*
|
||||
"fmt"
|
||||
"k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/rest"
|
||||
"k8s.io/klog/v2"
|
||||
"github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
|
||||
"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
|
||||
*/
|
||||
"github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd"
|
||||
"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
|
||||
|
||||
dns "github.com/stuurmcp/cert-manager-webhook-sthome/pkg/dns"
|
||||
)
|
||||
|
||||
@ -31,16 +31,18 @@ func main() {
|
||||
panic("GROUP_NAME must be specified")
|
||||
}
|
||||
cmd.RunWebhookServer(GroupName,
|
||||
&dns.SthomeSolver{},
|
||||
&dns.LocalDNSProviderSolver{},
|
||||
//&dns.SthomeSolver{},
|
||||
)
|
||||
}
|
||||
|
||||
/*
|
||||
type LocalDNSProviderSolver struct {
|
||||
client kubernetes.Interface
|
||||
}
|
||||
|
||||
func (p *LocalDNSProviderSolver) Name() string {
|
||||
return dns.ProviderName
|
||||
return dns.ProviderName + "loc"
|
||||
}
|
||||
|
||||
func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {
|
||||
@ -114,3 +116,4 @@ func extractDomainName(zone string) string {
|
||||
}
|
||||
return util.UnFqdn(authZone)
|
||||
}
|
||||
*/
|
||||
|
||||
@ -17,6 +17,8 @@ func Execute(shell string, arg ...string) (bool, error) {
|
||||
klog.Errorf("Script returned error: %s\nout:\n%serr:\n%s============\n", err, outb.String(), errb.String())
|
||||
return false, err
|
||||
}
|
||||
klog.Infof("Script returned success:\nout:\n%s============\n", outb.String())
|
||||
klog.Infof("script stdout:\n%s\n", outb.String())
|
||||
klog.Infof("script stderr:\n%s\n", errb.String())
|
||||
klog.Infof("Script returned success\n")
|
||||
return true, nil
|
||||
}
|
||||
|
||||
@ -9,7 +9,6 @@ import (
|
||||
"k8s.io/klog/v2"
|
||||
|
||||
"github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
|
||||
"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
|
||||
)
|
||||
|
||||
// LocalDNSProviderSolver implements the provider-specific logic needed to
|
||||
@ -37,7 +36,7 @@ func (p *LocalDNSProviderSolver) Name() string {
|
||||
// solver has correctly configured the DNS provider.
|
||||
func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {
|
||||
//domainName := extractDomainName(ch.ResolvedZone)
|
||||
cfg, err := loadConfig(ch.Config)
|
||||
cfg, err := LoadConfig(ch.Config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -78,19 +77,19 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
|
||||
strings.Join(cfg.AllowedZones, ","),
|
||||
)
|
||||
// TODO: convert shell script to golang
|
||||
localip := getOutboundIP(dnsserver_net)
|
||||
//localip := GetOutboundIP(Dnsserver_net)
|
||||
success, _ := Execute(
|
||||
shell,
|
||||
acmeAuthCmd,
|
||||
Shell,
|
||||
AcmeAuthCmd,
|
||||
"set",
|
||||
ch.DNSName,
|
||||
ch.ResolvedFQDN,
|
||||
ch.Key,
|
||||
"-l",
|
||||
localip,
|
||||
"\"\"", //localip,
|
||||
"-v",
|
||||
)
|
||||
klog.Infof("Execute set TXT returned success: %t", success)
|
||||
klog.Infof("Execute set TXT returned success: %t\n", success)
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -103,19 +102,19 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
|
||||
func (loc *LocalDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {
|
||||
//domainName := extractDomainName(ch.ResolvedZone)
|
||||
// TODO: add code that deletes a record from the DNS provider's console
|
||||
localip := getOutboundIP(dnsserver_net)
|
||||
//localip := GetOutboundIP(Dnsserver_net)
|
||||
success, _ := Execute(
|
||||
shell,
|
||||
acmeAuthCmd,
|
||||
Shell,
|
||||
AcmeAuthCmd,
|
||||
"unset",
|
||||
ch.DNSName,
|
||||
ch.ResolvedFQDN,
|
||||
ch.Key,
|
||||
"-l",
|
||||
localip,
|
||||
"\"\"", //localip,
|
||||
"-v",
|
||||
)
|
||||
klog.Infof("Execute unset TXT returned success: %t", success)
|
||||
klog.Infof("Execute unset TXT returned success: %t\n", success)
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -138,6 +137,7 @@ func (loc *LocalDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, sto
|
||||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
func extractDomainName(zone string) string {
|
||||
authZone, err := util.FindZoneByFqdn(zone, util.RecursiveNameservers)
|
||||
if err != nil {
|
||||
@ -146,3 +146,4 @@ func extractDomainName(zone string) string {
|
||||
}
|
||||
return util.UnFqdn(authZone)
|
||||
}
|
||||
*/
|
||||
@ -1,3 +1,3 @@
|
||||
0.0.5-alpha.1
|
||||
20240406-1230
|
||||
1
|
||||
0.0.5-alpha.12
|
||||
20240406-2016
|
||||
12
|
||||
Loading…
Reference in New Issue
Block a user