cert-manager Webhook for Scaleway DNS is a ACME webhook for cert-manager allowing users to use Scaleway DNS for DNS01 challenge.
- A Scaleway Access Key and a Scaleway Secret Key
- A valid domain configured on Scaleway DNS
- A Kubernetes cluster (v1.29+ recommended)
- Helm 3 installed on your computer
- cert-manager deployed on the cluster
Attention: starting from
0.1.0
the chart's name is now namedscaleway-certmanager-webhook
, if upgrading from an older version you might want to add--set nameOverride=scaleway-webhook
- Add scaleway's helm chart repository:
helm repo add scaleway https://helm.scw.cloud/
helm repo update
- Install the chart
helm install scaleway-certmanager-webhook scaleway/scaleway-certmanager-webhook
- Alternatively, you can install the webhook with default credentials with:
helm install scaleway-certmanager-webhook scaleway/scaleway-certmanager-webhook --set secret.accessKey=<YOUR-ACCESS-KEY> --set secret.secretKey=<YOUR-SECRET_KEY>
The Scaleway Webhook is now installed! 🎉
Refer to the chart's documentation for more configuration options.
Alternatively, you may use the provided bundle for a basic install in the cert-manager namespace:
kubectl apply -f https://raw.githubusercontent.com/scaleway/cert-manager-webhook-scaleway/main/deploy/bundle.yaml
Note: It uses the cert-manager webhook system. Everything after the issuer is configured is just cert-manager. You can find out more in their documentation.
Now that the webhook is installed, here is how to use it.
Let's say you need a certificate for example.com
(should be registered in Scaleway DNS).
First step is to create a secret containing the Scaleway Access and Secret keys. Create the scaleway-secret.yaml
file with the following content:
(Only needed if you don't have default credentials as seen above).
apiVersion: v1
stringData:
SCW_ACCESS_KEY: <YOUR-SCALEWAY-ACCESS-KEY>
SCW_SECRET_KEY: <YOUR-SCALEWAY-SECRET-KEY>
kind: Secret
metadata:
name: scaleway-secret
type: Opaque
And run:
kubectl create -f scaleway-secret.yaml
Next step is to create a cert-manager Issuer
. Create a issuer.yaml
file with the following content:
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: my-scaleway-issuer
spec:
acme:
email: [email protected]
# this is the acme staging URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# for production use this URL instead
# server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: my-scaleway-private-key-secret
solvers:
- dns01:
webhook:
groupName: acme.scaleway.com
solverName: scaleway
config:
# Only needed if you don't have default credentials as seen above.
accessKeySecretRef:
key: SCW_ACCESS_KEY
name: scaleway-secret
secretKeySecretRef:
key: SCW_SECRET_KEY
name: scaleway-secret
And run:
kubectl create -f issuer.yaml
Finally, you can now create the Certificate
object for example.com
. Create a certificate.yaml
file with the following content:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-com
spec:
dnsNames:
- example.com
issuerRef:
name: my-scaleway-issuer
secretName: example-com-tls
And run:
kubectl create -f certificate.yaml
After some seconds, you should see the certificate as ready:
$ kubectl get certificate example-com
NAME READY SECRET AGE
example-com True example-com-tls 1m12s
Your certificate is now available in the example-com-tls
secret!
Before running the test, you need:
- A valid domain on Scaleway DNS (here
example.com
) - The variables
SCW_ACCESS_KEY
andSCW_SECRET_KEY
valid and in the environment
In order to run the integration tests, run:
TEST_ZONE_NAME=example.com make test