Cert-Manager ACME DNS01 Webhook Solver for Linode DNS Manager
A webhook to use Linode DNS
Manager as a DNS01
ACME Issuer for cert-manager.
helm install cert-manager-webhook-linode \--namespace cert-manager \https://github.com/slicen/cert-manager-webhook-linode/releases/download/v0.2.0/cert-manager-webhook-linode-v0.2.0.tgz
kubectl create secret generic linode-credentials \--namespace=cert-manager \--from-literal=token=<LINODE TOKEN>
apiVersion: cert-manager.io/v1kind: ClusterIssuermetadata:name: letsencrypt-stagingspec:acme:server: https://acme-staging-v02.api.letsencrypt.org/directoryemail: example@example.comprivateKeySecretRef:name: letsencrypt-stagingsolvers:- dns01:webhook:solverName: linodegroupName: acme.slicen.me
By default, the Linode API token used will be obtained from the
linode-credentials Secret in the same namespace as the webhook.
If you would prefer to use separate Linode API tokens for each namespace (e.g.
in a multi-tenant environment):
apiVersion: cert-manager.io/v1kind: Issuermetadata:name: letsencrypt-stagingnamespace: defaultspec:acme:server: https://acme-staging-v02.api.letsencrypt.org/directoryemail: example@example.comprivateKeySecretRef:name: letsencrypt-stagingsolvers:- dns01:webhook:solverName: linodegroupName: acme.slicen.meconfig:apiKeySecretRef:name: linode-credentialskey: token
Conformance testing is achieved through Kubernetes emulation via the
kubebuilder-tools suite, in conjunction with real calls to the Linode API on an
test domain, using a valid API token.
The test configures a cert-manager-dns01-tests TXT entry, attempts to verify its
presence, and removes the entry, thereby verifying the Prepare and CleanUp
functions.
Run the test suite with:
./scripts/fetch-test-binaries.shexport LINODE_TOKEN=$(echo -n "<your API token>" | base64 -w 0)envsubst < testdata/linode/secret.yaml.example > testdata/linode/secret.yamlTEST_ZONE_NAME=yourdomain.com. make verify
