[Kubernetes (K8S)] Helm install Alidns Webhook for cert-manager within Kubernetes (K8S)

Posted on Edited on In , , Views: Word count in article: 4.8k Reading time ≈ 4 mins.

helm-alidns-webhook-cert-manager-example

Alidns-webhook-cert-manager is a cert-manager plugin to manage SSL certificates on Kubernetes.

Along with Nginx Ingress, you can configure HTTPS access to the website. With Let’s Encrypt provide free SSL certificates, all the free packs of cert-manager + Nginx Ingress + Let’s Encrypt are automatic generated. But cert-manager does not support Alidns(Alibaba Cloud’s DNS) by default.

You can modify it and use Alidns-webhook-cert-manager. There is some examplesabout installing it with Helm in the article.

Prerequisites

  • Kubernetes (K8S)
    Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications.

  • Helm
    Helm is the best way to find, share, and use software built for Kubernetes.

  • cert-manager
    x509 certificate management for Kubernetes.

  • Create an AccessKey - General Reference| Alibaba Cloud Documentation Center

    An AccessKey is equivalent to a logon password, but they are used in different scenarios. AccessKeys are used to directly call APIs, while logon passwords are used to log on to the console. You must create an AccessKey only if you must call APIs.

How to Install

1
2
3
4
# git clone example and alidns-webhook-cert-manager.
$ git clone --recursive https://github.com/CloudoLife/helm-alidns-webhook-cert-manager-example

$ cd helm-alidns-webhook-cert-manager-example

Custom Values.yaml

Edit values.yaml in helm-alidns-webhook-cert-manager-example directory, and replace content within < and >.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# cat values.yaml

# cert-manager-webhook-alidns/values.yaml at master · CloudoLife/cert-manager-webhook-alidns
# https://github.com/CloudoLife/cert-manager-webhook-alidns/blob/master/deploy/webhook-alidns/values.yaml

# The GroupName here is used to identify your company or business unit that
# created this webhook.
# For example, this may be "acme.mycompany.com".
# This name will need to be referenced in each Issuer's `webhook` stanza to
# inform cert-manager of where to send ChallengePayload resources in order to
# solve the DNS01 challenge.
# This group name should be **unique**, hence using your own company's domain
# here is recommended.
groupName: <Your Company>

# Alibaba Cloud Document Center: Find the Documentation for Your Needs - Alibaba Cloud
# https://www.alibabacloud.com/help/doc-detail/50086.htm
regionId: <Your Alidns Region Id>
secrets:
  accessKeyId: <Your Alidns Access Key Id>
  accessKeySecret: <Your Alidns Access Key Secret>

clusterIssuer:
  enabled: true
  # staging: false
  email: <Your email>

  # https://cert-manager.io/docs/configuration/acme/#adding-multiple-solver-types
  selector:
    dnsZones:
      - <Your domain>

image:
#   repository: cloudolife/cert-manager-webhook-alidns
# Or
  repository: <Your Repository>/cert-manager-webhook-alidns
  tag: latest
  pullPolicy: IfNotPresent

# nameOverride: ""
# fullnameOverride: ""

# service:
#   type: ClusterIP
#   port: 443

# resources: {}
#   # We usually recommend not to specify default resources and to leave this as a conscious
#   # choice for the user. This also increases chances charts run on environments with little
#   # resources, such as Minikube. If you do want to specify resources, uncomment the following
#   # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
#   # limits:
#   #  cpu: 100m
#   #  memory: 128Mi
#   # requests:
#   #  cpu: 100m
#   #  memory: 128Mi

# nodeSelector: {}

# tolerations: []

# affinity: {}

Install by Helm

Helm install cert-manager-webhook-alidns within cert-manager namespace. Please create cert-manager namespace first if not exist.

1
2
3
4
# crate namespace:
$ kubectl create namespace cert-manager

$ helm install --name cert-manager-webhook-alidns --namespace=cert-manager ./cert-manager-webhook-alidns/deploy/webhook-alidns -f values.yaml

See Helm release about cert-manager-webhook-alidns.

1
2
3
$ helm list --namespace cert-manager
NAME                       	NAMESPACE   	REVISION	UPDATED                               	STATUS  	CHART                            	APP VERSION
cert-manager-webhook-alidns	cert-manager	1       	2020-09-12 12:57:30.168666 +0800 +0800	deployed	webhook-alidns-0.1.0             	1.0

See pods about cert-manager-webhook-alidns.

1
2
3
$ kubectl get pods -n cert-manager
NAME                                           READY   STATUS    RESTARTS   AGE
cert-manager-webhook-alidns-748956665b-ltxpj   1/1     Running   3          13d

References

[1] CloudoLife/helm-alidns-webhook-cert-manager-example: Examples about Helm install Alidns Webhook cert-manager. https://github.com/CloudoLife/helm-alidns-webhook-cert-manager-example - https://github.com/CloudoLife/helm-alidns-webhook-cert-manager-example

[2] CloudoLife/cert-manager-webhook-alidns: Alidns webhook for cert-manager - https://github.com/CloudoLife/cert-manager-webhook-alidns

[3] cert-manager - https://cert-manager.io/

[4] jetstack/cert-manager-webhook-example: A cert-manager sample repository for creating an ACME DNS01 solver webhook - https://github.com/jetstack/cert-manager-webhook-example

[5] Helm - https://helm.sh/

[6] Kubernetes - https://kubernetes.io/

[7] Alibaba Cloud DNS_Intelligent DNS Management_Website Domain Name Management-Alibaba Cloud - https://www.alibabacloud.com/product/dns

[8]Create an AccessKey - General Reference| Alibaba Cloud Documentation Center - https://www.alibabacloud.com/help/doc-detail/53045.htm