-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
57 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,13 +10,70 @@ alidns-webhook is a generic ACME solver for [cert-manager](https://github.com/ce | |
|
|
||
| ### Quick start | ||
|
|
||
| This tutorial will detail how to configure and install the webhook to your cluster with alidns. | ||
|
|
||
| #### Configure a issuer | ||
|
|
||
| Create this definition locally and update the email address and groupName to your own. | ||
| ```yaml | ||
| # | ||
| # example-acme-issuer.yaml | ||
| # | ||
|
|
||
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: alidns-secret | ||
| namespace: cert-manager | ||
| stringData: | ||
| access-key-id: "Your Access Key Id" | ||
| access-key-secret: "Your Access Key Secret" | ||
| --- | ||
| apiVersion: cert-manager.io/v1 | ||
| kind: ClusterIssuer | ||
| metadata: | ||
| name: example-acme | ||
| spec: | ||
| acme: | ||
| # The ACME server URL | ||
| server: https://acme-v02.api.letsencrypt.org/directory | ||
| # Email address used for ACME registration | ||
| email: [email protected] # Change ME | ||
| # Name of a secret used to store the ACME account private key | ||
| privateKeySecretRef: | ||
| name: example-acme | ||
| solvers: | ||
| - dns01: | ||
| webhook: | ||
| groupName: acme.yourcompany.com # Change ME | ||
| solverName: alidns | ||
| config: | ||
| region: "cn-hangzhou" # Optional | ||
| accessKeyIdRef: | ||
| name: alidns-secret | ||
| key: access-key-id | ||
| accessKeySecretRef: | ||
| name: alidns-secret | ||
| key: access-key-secret | ||
| ``` | ||
| Once edited, apply the custom resource: | ||
| ```bash | ||
| kubectl create --edit -f example-acme-issuer.yaml | ||
| ``` | ||
|
|
||
| #### Install webhook | ||
|
|
||
| __Ensure the `groupName` matches the config in the ClusterIssuer.__ | ||
|
|
||
| If you have Helm, you can deploy the alidns-webhook with the following command: | ||
| ```bash | ||
| helm upgrade --install alidns-webhook alidns-webhook \ | ||
| --repo https://wjiec.github.io/alidns-webhook \ | ||
| --namespace cert-manager --create-namespace \ | ||
| --set groupName=acme.yourcompany.com | ||
| ``` | ||
|
|
||
| It will install the alidns-webhook in the cert-manager namespace, creating that namespace if it doesn't already exist. | ||
|
|
||
|
|
||
|
|
||