Cert-manager: DNSSimple support
/kind feature
Support DNSimple as a DNS provider. We use DNSimple so it would be nice to have support for them in cert-manager.
API docs are here:
https://developer.dnsimple.com/v2/
Could probably be adapted from one of the other DNS backend fairly easily.
dobesv
All 18 comments
The xenolf/lego library seems to support DNSSimple already too: https://github.com/xenolf/lego/tree/master/providers/dns
In the past, we've taken providers from here and adapted them. We should be able to do the same 😄
munnerz
on 15 Apr 2018
I've started this work in #483. I didn't use the lego project as the base, but can update the PR to be more inline with what that is doing
marc-sensenich
on 16 Apr 2018
Wow, thanks! Honestly I had expected this to just get a help wanted tag
and to have to learn go and do it myself!
On Mon, Apr 16, 2018, 7:46 AM Marc Sensenich notifications@github.com
wrote:
I've started this work in #483
https://github.com/jetstack/cert-manager/pull/483. I didn't use the lego
project as the base, but can update the PR to be more inline with what that
is doing—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/jetstack/cert-manager/issues/472#issuecomment-381624696,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAUAmVL5ZX9PU5yJGImb7dpJvwc5PxGXks5tpK6pgaJpZM4TVWX7
.
dobesv
on 16 Apr 2018
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle stale
retest-bot
on 15 Jul 2018
/remove-lifecycle stale
marc-sensenich
on 16 Jul 2018
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle stale
retest-bot
on 14 Oct 2018
Any updates here? This would be great.
seanb4t
on 4 Dec 2018
/remove-lifecycle stale
marc-sensenich
on 4 Dec 2018
@sean-brandt working through this on #920, it's in a runnable state if you want to try it out. Currently facing a CI issue
marc-sensenich
on 4 Dec 2018
Hey, what is the status on this?
manmat
on 8 Mar 2019
We've updated our policy on DNS01 providers and will soon have a webhook implementation that will allow you to build your own DNS providers outside of the main cert-manager codebase.
More information on why we're making this change can be read on the mailing list post.
This would be a great candidate for an out-of-tree DNS01 provider, as we aren't really in a position to perform automated testing of this provider.
munnerz
on 8 Mar 2019
so the thing that @marc-sensenich mentioned will not be a part of the codebase and we will have to build our own solutions? I saw that this was implemented in kube-cert-manager, but that is deprecated in favour of this project.
manmat
on 8 Mar 2019
Yeah, looks like cert-manager doesn't plan to support this natively. Not sure if anyone is working on a webservice to do this.
dobesv
on 23 May 2019
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle stale
retest-bot
on 21 Aug 2019
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle rotten
/remove-lifecycle stale
retest-bot
on 20 Sep 2019
At this point, due to our inability to test all DNS01 providers that we currently have in our codebase, we are requiring all new DNS01 implementations to be implemented as external DNS01 webhooks, following the example here: https://github.com/jetstack/cert-manager-webhook-example/
We are currently not accepting new DNS01 providers into the core codebase as we don't have a good way to test them reliably - we've not determined an exact process for 'upstreaming' these DNS01 providers into the core codebase yet, but if a provider demonstrates it passes tests, and we are able to find a way to run these tests in our own environment, we'd definitely like to explore defining this process 😄
Hope that makes sense, and hopefully it'll allow for you to develop on your own provider with more confidence (as you can actually configure some end-to-end tests!)
munnerz
on 16 Oct 2019
In case anyone is stumbling across this issue (like I have): I created a webhook solver based on the example repository mentioned by @munnerz. The repo is here:
https://github.com/neoskop/cert-manager-webhook-dnsimple
Please check it out and leave feedback if something isn't working correctly - I just released 0.0.1 so ymmv :wink:
arnediekmann
on 27 May 2020
Thanks @arnediekmann :+1:
kubaracek
on 24 Jun 2020
Related issues
Azylog
·
3Comments
timblakely
·
4Comments
kragniz
·
4Comments
munnerz
·
4Comments
howardjohn
·
3Comments
Most helpful comment
In case anyone is stumbling across this issue (like I have): I created a webhook solver based on the example repository mentioned by @munnerz. The repo is here:
https://github.com/neoskop/cert-manager-webhook-dnsimple
Please check it out and leave feedback if something isn't working correctly - I just released
0.0.1so ymmv :wink: