Cert-manager webhook plugin for the RcodeZero API
Follow the instructions using the cert-manager documentation to install it within your cluster.
helm repo add certmanager-webhook-rcodezero https://nic-at.github.io/certmanager-webhook-rcodezero
# Replace the groupName value with your desired domain
helm install --namespace cert-manager certmanager-webhook-rcodezero certmanager-webhook-rcodezero/certmanager-webhook-rcodezero --set groupName=acme.yourdomain.tld
An example issuer (generate the RcodeZero ACME API token via my.rcodezero.at (Note: The token needs the acme
-Permission)):
apiVersion: v1
kind: Secret
metadata:
name: rcodezero-api-token
type: Opaque
data:
token: RCODEZERO_ACME_API_TOKEN_BASE64
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-staging
spec:
acme:
email: [email protected]
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-staging-account-key
solvers:
- dns01:
webhook:
groupName: acme.mydomain.tld
solverName: rcodezero
config:
# Reference to the Kubernetes secret containing the API key.
apiKeySecretRef:
name: rcodezero-api-token
key: token
And then you can issue a cert:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: test-example-ca
namespace: default
spec:
secretName: example-com-tls
dnsNames:
- example.tld
- www.example.tld
issuerRef:
name: letsencrypt-staging
kind: Issuer
group: cert-manager.io