A cert-manager webhook solver implementation for Exoscale DNS.
Make sure that cert-manager is installed before installing the webhook. For more information, consult the cert-manager documentation.
Use helm to install the webhook:
helm install cert-manager-webhook-exoscale --namespace cert-manager \
oci://ghcr.io/glasskube/charts/cert-manager-webhook-exoscale \
--version 0.1.0 \
--set groupName=acme.mycompany.comThe value used for groupName must be unique in your cluster.
For all available configuration values, check out the values.yaml.
With cert-manager and the webhook installed, you can reference the solver in an Issuer or ClusterIssuer to use it:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: exoscale-example
spec:
acme:
# Rest of the acme spec
# ...
solvers:
- dns01:
webhook:
# Replace this with the groupName used during installation
groupName: acme.mycompany.com
solverName: exoscale
config:
apiKey:
fromSecret:
name: exoscale-api
key: apiKey
apiSecret:
fromSecret:
name: exoscale-api
key: apiSecret
# UUID of the Exoscale Domain (optional)
# If omitted, the controller will select the correct zone
# automatically
domainId: ...Check out the full example at examples/cluster-issuer.
It is recommended to use secret references for the API key and secrets.
For ClusterIssuers, the secret must be in the namespace where the webhook was installed.
By default, the webhook controller has permission to read all secrets in that namespace, although that can be restricted using helm values.
For Issuers, the secret must be in the same namespace as the Issuer.
By default, the webhook controller usually does not have permission to read that secret, so you have to allow it explicitly.