A webhook to use Linode DNS Manager as a DNS01 ACME Issuer for cert-manager.
helm install cert-manager-webhook-linode \
--namespace cert-manager \
https://github.com/slicen/cert-manager-webhook-linode/releases/download/v0.1.0/cert-manager-webhook-linode-v0.1.0.tgz
kubectl create secret generic linode-credentials \
--namespace=cert-manager \
--from-literal=token=<LINODE TOKEN>
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: example@example.com
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- dns01:
webhook:
solverName: linode
groupName: acme.slicen.me
By default, the Linode API token used will be obtained from the linode-credentials Secret in the same namespace as the webhook.
If you would prefer to use separate Linode API tokens for each namespace (e.g. in a multi-tenant environment):
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: letsencrypt-staging
namespace: default
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: example@example.com
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- dns01:
webhook:
solverName: linode
groupName: acme.slicen.me
config:
apiKeySecretRef:
name: linode-credentials
key: token
Conformance testing is achieved through Kubernetes emulation via the kubebuilder-tools suite, in conjunction with real calls to the Linode API on an test domain, using a valid API token.
The test configures a cert-manager-dns01-tests TXT entry, attempts to verify its presence, and removes the entry, thereby verifying the Prepare and CleanUp functions.
Run the test suite with:
./scripts/fetch-test-binaries.sh
export LINODE_TOKEN=$(echo -n "<your API token>" | base64 -w 0)
envsubst < testdata/linode/secret.yaml.example > testdata/linode/secret.yaml
TEST_ZONE_NAME=yourdomain.com. make verify