Updated README

2024-03-20 12:12:44 +02:00 · 2024-03-20 12:12:44 +02:00 · 6621cea919
commit 6621cea919
parent 2805e67c3e
2 changed files with 98 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,5 @@
+################################################################################
+# This .gitignore file was automatically created by Microsoft(R) Visual Studio.
+################################################################################
+
+/.vs
--- a/README.md
+++ b/README.md
@ -1 +1,93 @@
-# cert-manager-webhook-sthome
+# cert-manager Webhook for sthome private DNS
+cert-manager Webhook for sthome private DNS is a ACME [webhook](https://cert-manager.io/docs/configuration/acme/dns01/webhook/) for [cert-manager](https://cert-manager.io/) allowing sthome users to use local DNS for DNS01 challenge.
+
+## Getting started
+
+### Prerequisites
+
+- A Kubernetes cluster (v1.19+ recommended)
+- [Helm 3](https://helm.sh/) [installed](https://helm.sh/docs/intro/install/) on your computer
+- cert-manager [deployed](https://cert-manager.io/docs/installation/) on the cluster
+
+### Installing
+
+- Clone this repository: 
+```bash
+git clone https://github.com/stuurmcp/cert-manager-webhook-sthome.git
+```
+
+- Run:
+```bash
+helm install sthome-webhook deploy/sthome-webhook
+```
+
+### How to use it
+
+**Note**: It uses the [cert-manager webhook system](https://cert-manager.io/docs/configuration/acme/dns01/webhook/). Everything after the issuer is configured is just cert-manager. You can find out more [their documentation](https://cert-manager.io/docs/usage/).
+
+Now that the webhook is installed, here is how to use it.
+Let's say you need a certificate for `radarr.sthome.net` (should be registered in sthome DNS).
+
+Create a cert-manager `Issuer`. Create a `issuer.yaml` file with the following content:
+```yaml
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: sthome-issuer
+spec:
+  acme:
+    email: my-user@gmail.com
+    # acme URL
+    server: https://upd.sthome.lan/acme-v02.api
+    #privateKeySecretRef:
+    #  name: sthome-private-key-secret
+    solvers:
+    - dns01:
+        webhook:
+          groupName: acme.sthome.net
+          solverName: sthome
+```
+
+Run:
+```bash
+kubectl create -f issuer.yaml
+```
+
+Create the `Certificate` object for `radarr.sthome.net`. Create a `certificate.yaml` file with the following content:
+```yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: radarr-sthome-net
+spec:
+  dnsNames:
+  - radarr.sthome.net
+  issuerRef:
+    name: sthome-issuer
+  secretName: radarr-sthome-net-tls
+```
+
+Run:
+```bash
+kubectl create -f certificate.yaml
+```
+
+The certificate should ready after a few seconds:
+```bash
+$ kubectl get certificate radarr-sthome-net
+NAME          READY   SECRET                  AGE
+example-com   True    radarr-sthome-net-tls   2m21s
+```
+
+The certificate is now available in the `radarr-sthome-net-tls` secret
+
+## Integration testing
+
+Before running the test, you need:
+- A valid domain on sthome DNS (here `radarr.sthome.net`)
+- The variables `STH_ACCESS_KEY` and `STH_SECRET_KEY` valid and in the environment
+
+In order to run the integration tests, run:
+```bash
+TEST_ZONE_NAME=radarr.sthome.net make test
+```