Skip to content

dmahmalat/cert-manager-webhook-google-domains

Repository files navigation

Build

ACME webhook for google-domains DNS API

Usage:

helm install my-release oci://ghcr.io/dmahmalat/charts/cert-manager-webhook-google-domains

To test:

TEST_DOMAIN_NAME=<domain name> TEST_SECRET=$(echo -n '<google domains ACME API Key>' | base64) make test

Example Issuer

Note: Make sure to change the values.yaml groupName variable accordingly.

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: my.domain.com
spec:
  acme:
    email: [email protected]
    server: https://dv.acme-v02.api.pki.goog/directory
    privateKeySecretRef:
      name: cert-domain-tls-auth-my.domain.com
    externalAccountBinding:
      keyID: <EAB KEY ID>
      keySecretRef:
        name: cert-domain-tls-key-skyloft.cc
        key: eab-key
    solvers:
    - dns01:
        webhook:
          groupName: acmedns.example.org
          solverName: google-domains
          config:
            apiUrl: https://acmedns.googleapis.com/v1
            domainName: my.domain.com
            secretName: cert-domain-tls-key-my.domain.com
            secretKeyName: acme-key

Example Secret

Note: Make sure to change the values.yaml secretName variable accordingly.

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: cert-domain-tls-key-my.domain.com
  namespace: <YOUR NAMESPACE>
stringData:
  eab-key: <EAB KEY>
  acme-key: <ACME API KEY>

Credits

This is based on the project deyaeddin/cert-manager-webhook-hetzner and cert-manager/webhook-example Additional credits to forked project nblxa/cert-manager-webhook-google-domains for various fixes, updates and automation.

Please feel free to fork/optimize/make an official version of this for release to https://artifacthub.io/.