Open ecerulm opened 1 year ago
I also didn't find any examples, so here's one:
apiVersion: acm.services.k8s.aws/v1alpha1
kind: Certificate
metadata:
name: mydomain
spec:
domainName: "mydomain.com"
subjectAlternativeNames:
- "*.mydomain.com"
This creates a certificate with two records. But I have no idea how to automate the route 53 verification, or if it is even possible atm.
After skimming the code in https://github.com/aws-controllers-k8s/acm-controller/blob/v0.0.9/pkg/resource/certificate/sdk.go I don't think this resource controller is actually capable of verifying the certificates it requests. In order to do so it would need to also use the API of Route53 (or some other DNS provider) and at the moment it only uses the ACM API.
This was previously discussed here where @jaypipes said it's not planned, as there is/was also a route53 controller in the works.
I can create a certificate with:
apiVersion: acm.services.k8s.aws/v1alpha1
kind: Certificate
metadata:
name: "mydomain"
spec:
domainName: "mydomain.com"
and using the route53-controller, add the cname resource record for validation.
apiVersion: route53.services.k8s.aws/v1alpha1
kind: RecordSet
metadata:
name: "mydomain-validation"
spec:
hostedZoneID:<hosted-zone-id>
recordType: CNAME
name: <validation.ResourceRecord.name>
resourceRecords:
- value: <validation.ResourceRecord.value>
ttl: 300
but I can't figure out how to fully automate this. Are there examples on how to do this?
@john-r-swyftx Mutation webhook should do the trick then, see Kyverno for more info.
Issues go stale after 180d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 60d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/aws-controllers-k8s/community.
/lifecycle stale
Stale issues rot after 60d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 60d of inactivity.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/aws-controllers-k8s/community.
/lifecycle rotten
What is the URL of the document?
https://aws-controllers-k8s.github.io/community/docs/community/overview/
Which section(s) is the issue in?
Tutorials
What needs fixing?
A basic example on how to use the
acm-controller
should be provided.Like creating a
acm.services.k8s.aws/Certificate
and how to use it together withaws-load-balancer-controller
. In particular it would be great to include the DNS validation as well,Additional context
I googled and can't find any example of the
acm-controller
.So I think now my only options is to manually inspect the CRDs in
acm-controller
And then trying to guess how to use it, specially how to the DNS validation will be implemented.