Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change of implementation of the domain to use ChallengeRequest DNSName #4

Merged
merged 12 commits into from
Mar 25, 2021
Merged

Change of implementation of the domain to use ChallengeRequest DNSName #4

merged 12 commits into from
Mar 25, 2021

Conversation

ebrianne
Copy link
Owner

It tries to remove the domain value in the ClusterIssuer and to get the domain name based on the ChallengeRequest DNSNames that are provided when requesting a certificate.
It still needs to be able to handle multiple dns names inside the request (may need some changes upstream in https://github.com/ebrianne/duckdns-go)

Fixes #3

@ebrianne ebrianne added enhancement New feature or request no-merging labels Mar 24, 2021
@ebrianne ebrianne self-assigned this Mar 24, 2021
@ebrianne ebrianne changed the title [WiP] #3 Change of implementation of the domain to use ChallengeRequest DNSName [WiP] Change of implementation of the domain to use ChallengeRequest DNSName Mar 24, 2021
@ebrianne ebrianne changed the title [WiP] Change of implementation of the domain to use ChallengeRequest DNSName [WIP] Change of implementation of the domain to use ChallengeRequest DNSName Mar 24, 2021
@ebrianne
Copy link
Owner Author

Tested with kind 1.20.2

helm install --wait --timeout 60s cert-manager-webhook-duckdns \                             ✘ INT at ⎈ kind-kind at  23:16:58
          --namespace cert-manager \
          --set duckdns.token='*****' \
          --set clusterIssuer.production.create=true \
          --set clusterIssuer.staging.create=true \
          --set clusterIssuer.email=***** \
          --set logLevel=6 --set image.tag=latest \
          ./deploy/cert-manager-webhook-duckdns

Request of certificate with two different wildcard domains

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: services-***-duckdns-org
  namespace: services
spec:
  dnsNames:
  - '*.<domain1>.duckdns.org'
  - '*.<domain2>.duckdns.org'
  issuerRef:
    name: cert-manager-webhook-duckdns-production
    kind: ClusterIssuer
  secretName: services-****-duckdns-org-tls

Certificate issued perfectly

Events:
  Type    Reason     Age    From          Message
  ----    ------     ----   ----          -------
  Normal  Issuing    2m57s  cert-manager  Issuing certificate as Secret does not exist
  Normal  Generated  2m56s  cert-manager  Stored new private key in temporary Secret resource "services-****-duckdns-org-w9ggx"
  Normal  Requested  2m55s  cert-manager  Created new CertificateRequest resource "services-****-duckdns-org-q69s2"
  Normal  Issuing    102s   cert-manager  The certificate has been successfully issued

@ebrianne
Copy link
Owner Author

Fix #2 by downgrading to v1.19.0 go-client

@ebrianne ebrianne merged commit f2f6185 into master Mar 25, 2021
@ebrianne ebrianne deleted the feature/no-domain branch March 25, 2021 12:59
@ebrianne ebrianne changed the title [WIP] Change of implementation of the domain to use ChallengeRequest DNSName Change of implementation of the domain to use ChallengeRequest DNSName Mar 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@ebrianne ebrianne

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Investigate possible removal of domain value in ClusterIssuer template
1 participant
@ebrianne