helm repo add godaddy-webhook https://fred78290.github.io/cert-manager-webhook-godaddy/
helm repo update
helm upgrade -i godaddy-webhook godaddy-webhook/godaddy-webhook \
--set groupName=acme.mycompany.com \
--set image.tag=v1.27.2 \
--set image.pullPolicy=Always \
--namespace cert-manager
apiVersion: v1
kind: Secret
metadata:
name: godaddy-api-key-prod
namespace: cert-manager
type: Opaque
data:
key: <godaddy api key base64 encoded>
secret: <godaddy api secret base64 encoded>
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: <your email>
privateKeySecretRef:
name: letsencrypt-prod-account-key
solvers:
- selector:
dnsNames:
- '*.mycompany.com'
dns01:
webhook:
config:
apiKeySecretRef:
name: godaddy-api-key-prod
key: key
secret: secret
production: true
ttl: 600
groupName: acme.mycompany.com
solverName: godaddy
Certificate
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wildcard-example-com
spec:
secretName: wildcard-example-com-tls
renewBefore: 240h
dnsNames:
- '*.example.com'
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
Ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
namespace: default
annotations:
certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"
spec:
tls:
- hosts:
- '*.example.com'
secretName: wildcard-example-com-tls
rules:
- host: demo.example.com
http:
paths:
- path: /
backend:
serviceName: backend-service
servicePort: 80
All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.
It is essential that you configure and run the test suite when creating a DNS01 webhook.
An example Go test file has been provided in main_test.go.
Prepare
$ scripts/fetch-test-binaries.sh
You can run the test suite with:
$ scripts/test.sh
The example file has a number of areas you must fill in and replace with your own options in order for tests to pass.