This solver can be used when you want to use cert-manager with CIVO DNS.
Follow the instructions using the cert-manager documentation to install it within your cluster.
helm install cert-manager-webhook-civo oci://ghcr.io/okteto/cert-manager-webhook-civo [--version 0.5.4]helm install --namespace cert-manager cert-manager-webhook-civo chart/cert-manager-webhook-civoNote: The kubernetes resources used to install the Webhook should be deployed within the same namespace as the cert-manager.
To uninstall the webhook run
helm uninstall --namespace cert-manager cert-manager-webhook-civoIn order to access the CIVO API, the webhook needs an API token.
kubectl create secret generic civo-secret --from-literal=key=<YOUR_CIVO_TOKEN>
Create a ClusterIssuer or Issuer resource as following:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: [email protected] # REPLACE THIS WITH YOUR EMAIL
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- dns01:
webhook:
solverName: "civo"
groupName: civo.webhook.okteto.com
config:
secretName: civo-secret
secretKey: key
By default, the CIVO API token used will be obtained from the secret in the same namespace as the webhook.
If you would prefer to use separate API tokens for each namespace (e.g. in a multi-tenant environment):
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-staging
namespace: default
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: [email protected] # REPLACE THIS WITH YOUR EMAIL
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- dns01:
webhook:
solverName: "civo"
groupName: civo.webhook.okteto.com
config:
secretName: civo-secret
secretKey: key
By default, the webhook doesn't have permissions to read secrets on all namespaces. To enable this, you'll need to provide your own service account.
Create your certificate resource as follows:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-cert
namespace: cert-manager
spec:
commonName: example.com
dnsNames:
- example.com # REPLACE THIS WITH YOUR DOMAIN
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
secretName: example-cert
- Admin access to a cluster. We recommend you launch one on CIVO.
- okteto CLI
kubectlinstalled and configured to talk to your cluster
- Deploy the latest version of
cert-managerandcert-manager-webhook-civoas per the instructions above. - Run
okteto upfrom the root of this repo. This will deploy your pre-configured remote development environment, and keep your file system synchronized automatically. - Run
makeon the remote terminal to start the webhook. This will build the webhook, start it with the required configuration, and hot reload it whenever a file is changed. - Code away!
If you want to get involved, we'd love to receive a pull request, issues, or an offer to help. Open an issue to get started!
Maintainers:
Please see the contribution guidelines
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent