Archived, current repo is https://github.com/ice-bergtech/cert-manager-webhook-linode
This adapter allows you to use the popular Cert-Manager with Linode DNS Manager as ACME DNS01 Challange Provider.
One use-case is to use wildcard certificates with Let's Encrypt.
It leverages the official Linode Go Client
helm install cert-manager-linode chart/ -n cert-managerhttps://cert-manager.io/docs/configuration/acme/dns01/webhook/
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: your-email-address
privateKeySecretRef:
name: letsencrypt-prod
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- dns01:
webhook:
groupName: acme.cluster.local
solverName: linode
config:
apiKey: your-api-keyPass API Key with a Secret:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: your-email-address
privateKeySecretRef:
name: letsencrypt-prod
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- dns01:
webhook:
groupName: acme.cluster.local
solverName: linode
config:
apiKeySecretRef:
name: linode-token
key: data
---
apiVersion: v1
kind: Secret
metadata:
name: 'linode-token'
namespace: cert-manager
stringData:
data: 'your-api-key'
---Errors from the service will appear as events in cert-manager challenge resources.
Warning PresentError 10m (x8 over 20m) cert-manager-challenges Error presenting challenge: kube secret error: issue fetching secret: resource name may not be empty
linode.acme.cluster.local is forbidden: User "system:serviceaccount:cert-manager:cert-manager-chart" cannot create resource "linode" in API group "acme.cluster.local" at the cluster scope
Make sure the service account is references properly.
In the chart, set the var certManager.serviceAccountName to the service account created by cert manager.