This solver can be used when you want to use cert-manager with AppsCode DNS Proxy for Cloudfare.
Follow the instructions using the cert-manager documentation to install it within your cluster.
helm repo add appscode https://charts.appscode.com/stable/
helm repo update
helm upgrade -i cert-manager-webhook-ace appscode/cert-manager-webhook-ace \
--namespace cert-manager --create-namespace
Note: The kubernetes resources used to install the Webhook should be deployed within the same namespace as the cert-manager.
To uninstall the webhook run
helm uninstall --namespace cert-manager cert-manager-webhook-ace
In order to access the DNS Proxy, the webhook needs an [API token] from ByteBuilders.
kubectl create secret generic ace-secret --from-literal=api-token=<YOUR_TOKEN>
Create a ClusterIssuer
or Issuer
resource as following:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: [email protected] # REPLACE THIS WITH YOUR EMAIL
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- dns01:
webhook:
solverName: "ace"
groupName: webhook.dns.appscode.com
config:
baseURL: "https://dns.byte.builders"
apiTokenSecretRef:
name: ace-secret
key: api-token
By default, the API token used will be obtained from the secret in the same namespace as the webhook.
Create your certificate resource as follows:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-cert
namespace: cert-manager
spec:
commonName: example.com
dnsNames:
- example.com # REPLACE THIS WITH YOUR DOMAIN
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
secretName: example-cert
This project was forked from okteto/cert-manager-webhook-civo. The cloudflare package was copied from cert-manager project.