Skip to content

Talinx/cert-manager-webhook-porkbun

BranchesTags
 
 

Repository files navigation

cert-manager project logo

Porkbun Webhook for cert-manager

An implementation of the cert-manager webhook.Solver interface for Porkbun. This is based on cert-manager/webhook-example, with inspiration from baarde/cert-manager-webhook-ovh

Note: The test suite does work, but I straight up deleted main_test.go because the dependency on github.com/cert-manager/cert-manager/test/acme was giving me insane, impossible to resolve versioning conflicts. I'm sure these will be resolved by someone more knowledgeable updating the go.mod in the example webhook, at which point I'll add the tests back.

Installation

Install cert-manager

Install cert-manager using its installation documentation.

Install webhook

Add helm repo:

helm repo add cert-manager-webhook-porkbun https://talinx.github.io/cert-manager-webhook-porkbun

Generate a porkbun API key and create a secret with it:

apiVersion: v1
stringData:
  PORKBUN_API_KEY: pk1_yourapikeyhere
  PORKBUN_SECRET_API_KEY: sk1_yoursecretkeyhere
kind: Secret
metadata:
  name: porkbun-secret
  namespace: cert-manager
type: Opaque

Install helm chart in a namespace of your choice, e. g. cert-manager:

helm install cert-manager-webhook-porkbun cert-manager-webhook-porkbun/cert-manager-webhook-porkbun -n cert-manager

Add an issuer (change the email address; the groupName has to match the groupName value of the helm chart), e. g.:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-issuer
spec:
  acme:
    email: youremailhere@example.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-porkbun-tls
    solvers:
    - dns01:
        webhook:
          groupName: porkbun.talinx.dev
          solverName: porkbun
          config:
            apiKey:
              key: PORKBUN_API_KEY
              name: porkbun-secret
            secretApiKey:
              key: PORKBUN_SECRET_API_KEY
              name: porkbun-secret

Add a certificate, e. g.:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: prod-cert
spec:
  secretName: prod-cert
  issuerRef:
    name: letsencrypt-issuer
    kind: ClusterIssuer
  dnsNames:
  - 'mysub.example.com'

Running the test suite

All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.

It is essential that you configure and run the test suite when creating a DNS01 webhook.

An example Go test file has been provided in main_test.go.

You can run the test suite with:

$ TEST_ZONE_NAME=example.com. make test

The example file has a number of areas you must fill in and replace with your own options in order for tests to pass.

About

An implementation of an ACME DNS01 solver webhook for Porkbun

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

2 forks
Report repository

Releases 2

cert-manager-webhook-porkbun-1.0.0 Latest
Oct 17, 2024
+ 1 release

Packages

No packages published

Languages

  • Go 83.1%
  • Smarty 10.6%
  • Makefile 4.4%
  • Dockerfile 1.9%