$ git clone https://github.com/jackliusr/cert-manager-webhook-godaddy.git
$ cd cert-manager-webhook-godaddy
$ # change image: repository: [your name]/cert-manager-webhook-godaddy in values.yaml at charts/godaddy-webhook/values.yaml
$ helm install godaddy-webhook --namespace cert-manager ./charts/godaddy-webhookapiVersion: v1
data:
api-secret: <AAA>
kind: Secret
metadata:
name: godaddy-api-secret
namespace: cert-managerapiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: <your email>
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- selector:
dnsNames:
- '*.example.com'
dns01:
webhook:
config:
authApiKey: <your GoDaddy authAPIKey>
authApiSecretRef:
name: godaddy-api-secret
key: api-secret
production: true
ttl: 600
groupName: acme.mycompany.com
solverName: godaddyCertificate
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: wildcard-example-com
spec:
secretName: wildcard-example-com-tls
renewBefore: 240h
dnsNames:
- '*.example.com'
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuerIngress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
namespace: default
annotations:
certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"
spec:
tls:
- hosts:
- '*.example.com'
secretName: wildcard-example-com-tls
rules:
- host: demo.example.com
http:
paths:
- path: /
backend:
serviceName: backend-service
servicePort: 80All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.
It is essential that you configure and run the test suite when creating a DNS01 webhook.
An example Go test file has been provided in main_test.go.
Prepare
$ scripts/fetch-test-binaries.shYou can run the test suite with:
$ TEST_ZONE_NAME=example.com go test .The example file has a number of areas you must fill in and replace with your own options in order for tests to pass.