Giter VIP home page Giter VIP logo

cert-manager-webhook-transip's Introduction

TransIP Cert-Manager webhook

This is an implementation of a Cert-Manager webhook for implementing DNS01 acme verification with TransIP as a DNS provider.

Installation

You can use Helm to deploy the webhook:

$ git clone ...
$ helm install cert-manager-webhook-transip --namespace=cert-manager ./deploy/transip-webhook

Alternatively, you can use kubectl to deploy:

$ kubectl -n cert-manager apply -f https://raw.githubusercontent.com/robbietjuh/cert-manager-webhook-transip/master/deploy/recommended.yaml

Both methods will simply deploy the webhook container into your Kubernetes environment. After deployment, you'll have to configure the webhook to interface with your TransIP account.

Configuration

The webhook needs your TransIP account name and your API private key. The private key must be deployed as a secret.

# Given your private key is in the file privateKey
kubectl -n cert-manager create secret generic transip-credentials --from-file=privateKey

After saving your private key as a secret to the cluster, you'll have to configure the Issuer object. You can use the following as a template:

apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: le-staging
spec:
  acme:
    email: [email protected]
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: le-staging-issuer-key
    solvers:
    - dns01:
        webhook:
          groupName: cert-manager.webhook.transip
          solverName: transip
          config:
            accountName: your-transip-username
            ttl: 300
            privateKeySecretRef:
              name: transip-credentials
              key: privateKey

That's it! Now you're set up to request your first certificate :-)

Running the test suite

Please start out by configuring your environment in testdata/transip/config.json. You can then run the test suite with:

$ TEST_ZONE_NAME=example.com go test .

cert-manager-webhook-transip's People

Contributors

danielcb avatar michaelboke avatar robbietjuh avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

mdbraber michaelboke csteeg danielmorlock awesome-it maaroen quanbyproj michaellebrand xtalkme gboor dannyspijker heathland sbilo jeromba6 b4ry0n mbict mauriceberentsen tronner jvdgoltz tomwiggers thorarin balenr roflame999 k-brok

cert-manager-webhook-transip's Issues

ARM64 Version

Hey Robbie,

Do you think it would be possible to publish an ARM64 version? I'm running a k8s cluster on my raspberry pi and I would like to use this webhook to configure my ssl.

With kind regards,

Maaroen (Jeroen Nederlof)

apiserver cannot retrieve open api spec: x509: certificate signed by unknown authority

After installing the webhook transip Helm chart, I get the following error in the apiserver:

2020-07-17T18:38:41.719870952+02:00 E0717 16:38:41.719691       1 controller.go:114] loading OpenAPI spec for "v1alpha1.cert-manager.webhook.transip" failed with: failed to retrieve openAPI spec, http error: ResponseCode: 503, Body: Error trying to reach service: 'x509: certificate signed by unknown authority', Header: map[Content-Type:[text/plain; charset=utf-8] X-Content-Type-Options:[nosniff]]

And this one in the transip webhook deployment:

http: TLS handshake error from 10.11.0.3:37218: remote error: tls: bad certificate

After looking into the Helm chart (https://github.com/robbietjuh/cert-manager-webhook-transip/blob/master/deploy/transip-webhook/templates/pki.yaml) I'm wondering why a self-signed certificate is used. Shouldn't we use the CA certificate from the config map kube-system/extension-apiserver-authentication::requestheader-client-ca-file so that the webhook is using certificates signed by the apiserver?

http TLS bad handshake from ip: bad certificate

Hello good people of cert-manager-webhook-transip

Im trying to use this chart for as a integration with Transip for DNS01 challenge to enable wildcard certificates.

So, what i did:

I have a installation of cert-manager (version cert-manager-v1.2.0-alpha.1) running in my cluster. And i can confirm that it is working. (i have created a issuer for http-01 challenge type and managed to create a valid certificate)

I followed the instructions and have deployed the chart with helm 3.

I have created a secret with the my credentials for transip.

The error im getting

When looking at the logs of the pod I seem to be getting a steady stream of errors:

I0316 14:58:35.976213       1 log.go:172] http: TLS handshake error from 10.164.0.12:34678: remote error: tls: bad certificate
I0316 14:58:36.198807       1 log.go:172] http: TLS handshake error from 10.164.0.14:59010: remote error: tls: bad certificate
I0316 14:58:36.228736       1 log.go:172] http: TLS handshake error from 10.164.0.20:59360: remote error: tls: bad certificate
I0316 14:58:39.136329       1 log.go:172] http: TLS handshake error from 10.164.15.198:37438: remote error: tls: bad certificate
I0316 14:58:39.800156       1 log.go:172] http: TLS handshake error from 10.164.15.237:41270: remote error: tls: bad certificate
I0316 14:58:52.488458       1 log.go:172] http: TLS handshake error from 10.164.15.237:41302: remote error: tls: bad certificate

And i was wondering what that meant, and how i can fix it.....

I imagine that its something silly that i have over looked....

Thanks in advance.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.