Cert-Manager ACME DNS01 Webhook Solver for Skymail DNS Manager

A webhook to use Skymail DNS Manager as a DNS01 ACME Issuer for cert-manager.

Installation

helm install cert-manager-webhook-skymail \
  --namespace cert-manager \
  https://github.com/lsgalves/cert-manager-webhook-skymail/releases/download/v1.0.0/cert-manager-webhook-skymail-v1.0.0.tgz

Usage

Create Skymail API Token Secret

Get your skymail token from https://skymail.docs.apiary.io/#introduction/acesso with proper scope

kubectl create secret generic skymail-credentials \
  --namespace=cert-manager \
  --from-literal=token=<SKYMAIL TOKEN>

Create Issuer

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: example@example.com
    privateKeySecretRef:
      name: letsencrypt-staging
    solvers:
      - dns01:
        webhook:
          solverName: skymail
          groupName: acme.ls.galv.es
          config:
            apiKeySecretRef:
              name: skymail-credentials
              key: token

By default, the Skymail API token used will be obtained from the skymail-credentials Secret in the same namespace as the webhook.

Development

Running the test suite

Conformance testing is achieved through Kubernetes emulation via the kubebuilder-tools suite, in conjunction with real calls to the Skymail API on an test domain, using a valid API token.

The test configures a cert-manager-dns01-tests TXT entry, attempts to verify its presence, and removes the entry, thereby verifying the Prepare and CleanUp functions.

Run the test suite with:

export SKYMAIL_TOKEN=$(echo -n "<your API token>" | base64 -w 0)
envsubst < testdata/skymail/secret.yaml.example > testdata/skymail/secret.yaml
TEST_ZONE_NAME=yourdomain.com. make test