# cert-manager Webhook for sthome private DNS
cert-manager Webhook for sthome private DNS is a ACME [webhook](https://cert-manager.io/docs/configuration/acme/dns01/webhook/) for [cert-manager](https://cert-manager.io/) allowing sthome users to use local DNS for DNS01 challenge.

## Getting started

### Prerequisites

- A Kubernetes cluster (v1.19+ recommended)
- [Helm 3](https://helm.sh/) [installed](https://helm.sh/docs/intro/install/) on your computer
- cert-manager [deployed](https://cert-manager.io/docs/installation/) on the cluster

### Installing

- Clone this repository: 
```bash
git clone https://github.com/stuurmcp/cert-manager-webhook-sthome.git
```

- Run:
```bash
helm install sthome-webhook deploy/sthome-webhook
```

### How to use it

**Note**: It uses the [cert-manager webhook system](https://cert-manager.io/docs/configuration/acme/dns01/webhook/). Everything after the issuer is configured is just cert-manager. You can find out more [their documentation](https://cert-manager.io/docs/usage/).

Now that the webhook is installed, here is how to use it.
Let's say you need a certificate for `radarr.sthome.net` (should be registered in sthome DNS).

Create a cert-manager `Issuer`. Create a `issuer.yaml` file with the following content:
```yaml
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: sthome-issuer
spec:
  acme:
    email: my-user@gmail.com
    # acme URL
    server: https://upd.sthome.lan/acme-v02.api
    #privateKeySecretRef:
    #  name: sthome-private-key-secret
    solvers:
    - dns01:
        webhook:
          groupName: acme.sthome.net
          solverName: sthome
```

Run:
```bash
kubectl create -f issuer.yaml
```

Create the `Certificate` object for `radarr.sthome.net`. Create a `certificate.yaml` file with the following content:
```yaml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: radarr-sthome-net
spec:
  dnsNames:
  - radarr.sthome.net
  issuerRef:
    name: sthome-issuer
  secretName: radarr-sthome-net-tls
```

Run:
```bash
kubectl create -f certificate.yaml
```

The certificate should ready after a few seconds:
```bash
$ kubectl get certificate radarr-sthome-net
NAME          READY   SECRET                  AGE
example-com   True    radarr-sthome-net-tls   2m21s
```

The certificate is now available in the `radarr-sthome-net-tls` secret

## Integration testing

Before running the test, you need:
- A valid domain on sthome DNS (here `radarr.sthome.net`)
- The variables `STH_ACCESS_KEY` and `STH_SECRET_KEY` valid and in the environment

In order to run the integration tests, run:
```bash
TEST_ZONE_NAME=radarr.sthome.net make test
```