diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e915029 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +################################################################################ +# This .gitignore file was automatically created by Microsoft(R) Visual Studio. +################################################################################ + +/.vs diff --git a/README.md b/README.md index 5f0f4a4..9255555 100644 --- a/README.md +++ b/README.md @@ -1 +1,93 @@ -# cert-manager-webhook-sthome +# cert-manager Webhook for sthome private DNS +cert-manager Webhook for sthome private DNS is a ACME [webhook](https://cert-manager.io/docs/configuration/acme/dns01/webhook/) for [cert-manager](https://cert-manager.io/) allowing sthome users to use local DNS for DNS01 challenge. + +## Getting started + +### Prerequisites + +- A Kubernetes cluster (v1.19+ recommended) +- [Helm 3](https://helm.sh/) [installed](https://helm.sh/docs/intro/install/) on your computer +- cert-manager [deployed](https://cert-manager.io/docs/installation/) on the cluster + +### Installing + +- Clone this repository: +```bash +git clone https://github.com/stuurmcp/cert-manager-webhook-sthome.git +``` + +- Run: +```bash +helm install sthome-webhook deploy/sthome-webhook +``` + +### How to use it + +**Note**: It uses the [cert-manager webhook system](https://cert-manager.io/docs/configuration/acme/dns01/webhook/). Everything after the issuer is configured is just cert-manager. You can find out more [their documentation](https://cert-manager.io/docs/usage/). + +Now that the webhook is installed, here is how to use it. +Let's say you need a certificate for `radarr.sthome.net` (should be registered in sthome DNS). + +Create a cert-manager `Issuer`. Create a `issuer.yaml` file with the following content: +```yaml +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: sthome-issuer +spec: + acme: + email: my-user@gmail.com + # acme URL + server: https://upd.sthome.lan/acme-v02.api + #privateKeySecretRef: + # name: sthome-private-key-secret + solvers: + - dns01: + webhook: + groupName: acme.sthome.net + solverName: sthome +``` + +Run: +```bash +kubectl create -f issuer.yaml +``` + +Create the `Certificate` object for `radarr.sthome.net`. Create a `certificate.yaml` file with the following content: +```yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: radarr-sthome-net +spec: + dnsNames: + - radarr.sthome.net + issuerRef: + name: sthome-issuer + secretName: radarr-sthome-net-tls +``` + +Run: +```bash +kubectl create -f certificate.yaml +``` + +The certificate should ready after a few seconds: +```bash +$ kubectl get certificate radarr-sthome-net +NAME READY SECRET AGE +example-com True radarr-sthome-net-tls 2m21s +``` + +The certificate is now available in the `radarr-sthome-net-tls` secret + +## Integration testing + +Before running the test, you need: +- A valid domain on sthome DNS (here `radarr.sthome.net`) +- The variables `STH_ACCESS_KEY` and `STH_SECRET_KEY` valid and in the environment + +In order to run the integration tests, run: +```bash +TEST_ZONE_NAME=radarr.sthome.net make test +```