Issuing a certificate with Cert-Manager

The Cert-Manager plugin is an instrument for managing SSL/TLS certificates with Kubernetes. The plugin provides the option of generating, issuing, renewing, and managing certificates with different providers.

ClouDNS is utilized as a DNS provider for cert-manager in scenarios where certificate issuance is required for domains whose DNS is managed by ClouDNS. This is beneficial if you want to leverage cert-manager's automated integration with ClouDNS to generate and manage SSL/TLS certificates for your services and applications utilizing Kubernetes.

One of the requirements for the automatic generation of the Cert-Manager certificate is to have access to our HTTP API. All our Premium DNS and DDoS Protected DNS plans include access to the HTTP API and can be used to generate free SSL certificates with Cert-Manager for any hostname you need. Another important condition is, that your domain is delegated to our name servers and the DNS for the domain name is hosted on our side.

Here are the steps for the configuration:

Before installing cert-manager-cloudns, make sure you have cert-manager installed & running, including the cert-manager Custom Resource Definitions (CRD). You can find how to do this with Helm here.

Create a secret containing the cloudns API credentials by placing the credentials in files and creating the secret. Example:

kubectl create secret generic cert-manager-webhook-cloudns-api-secret \
    --from-file .creds/auth_id \
   --from-file .creds/auth_password

Create the manifest. Note, that this requires helm to be installed.

make rendered-manifest.yaml

Apply the manifest:

kubectl apply -f .out/rendered-manifest.yaml

Last but not least, you'll need to set up a cert-manager (Cluster) Issuer to use this solver.
You can do this using the following config under acme of the (Cluster)Issuer:

  - dns01:
     solverName: cloudns

Last modified: 2024-05-20
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more