This is a cert-manager webhook solver for DNSPod.
- cert-manager >= 1.6.0
Generate SecretId and SecretKey in Cloud API
$ helm pull oci:https://registry-1.docker.io/scjtqs/cert-manager-webhook-dnspod --untar
$ helm upgrade --install cert-manager-webhook-dnspod ./cert-manager-webhook-dnspod \
--namespace cert-manager \
--set clusterIssuer.secretId=<SECRET_ID> \
--set clusterIssuer.secretKey=<SECRET_KEY> Notice: secretId, secretKey is not DNSPod secret, it's tencent cloud secret!
Then create certificate referring auto-created ClusterIssuer:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-crt
spec:
secretName: example-crt
issuerRef:
name: dnspod
kind: ClusterIssuer
group: cert-manager.io
dnsNames:
- "example.com"
- "*.example.com"Use kubectl apply to install:
kubectl apply -f https://raw.githubusercontent.com/scjtqs2/cert-manager-webhook-dnspod/master/bundle.yamlCreate a secret that contains TencentCloud account's SecretKey:
apiVersion: v1
stringData:
secret-key: ******
kind: Secret
metadata:
name: dnspod-secret
namespace: cert-manager
type: Opaquebase64 is not need in
stringData.
Create a ClusterIssuer referring the secret:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: dnspod
spec:
acme:
email: [email protected]
preferredChain: ""
privateKeySecretRef:
name: dnspod-letsencrypt
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- dns01:
webhook:
config:
secretId: ************************************
secretKeyRef:
key: secret-key
name: dnspod-secret
ttl: 600
groupName: acme.imroc.cc
solverName: dnspod
secretIdis the SecretId of your TencentCloud account.
Create the Certificate you want:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-crt
spec:
secretName: example-crt
issuerRef:
name: dnspod
kind: ClusterIssuer
group: cert-manager.io
dnsNames:
- "example.com"
- "*.example.com"