scaleway/cert-manager-webhook-scaleway
Go
Captured source
source ↗scaleway/cert-manager-webhook-scaleway
Description: A Scaleway DNS ACME webhook for cert-manager
Language: Go
License: Apache-2.0
Stars: 49
Forks: 20
Open issues: 7
Created: 2020-11-18T17:00:00Z
Pushed: 2026-06-08T22:24:10Z
Default branch: main
Fork: no
Archived: no
README:
cert-manager Webhook for Scaleway DNS
cert-manager Webhook for Scaleway DNS is a ACME webhook for cert-manager allowing users to use Scaleway DNS for DNS01 challenge.
Getting started
Prerequisites
- A Scaleway Access Key and a Scaleway Secret Key
- A valid domain configured on Scaleway DNS
- A Kubernetes cluster (v1.29+ recommended)
- Helm 3 installed on your computer
- cert-manager deployed on the cluster
Installing
> Attention: starting from 0.1.0 the chart's name is now named scaleway-certmanager-webhook, if upgrading from an older version you might want to add --set nameOverride=scaleway-webhook
- Add scaleway's helm chart repository:
helm repo add scaleway https://helm.scw.cloud/ helm repo update
- Install the chart
helm install scaleway-certmanager-webhook scaleway/scaleway-certmanager-webhook
- Alternatively, you can install the webhook with default credentials with:
helm install scaleway-certmanager-webhook scaleway/scaleway-certmanager-webhook --set secret.accessKey= --set secret.secretKey=
The Scaleway Webhook is now installed! :tada:
> Refer to the chart's documentation for more configuration options.
> Alternatively, you may use the provided bundle for a basic install in the cert-manager namespace: > kubectl apply -f https://raw.githubusercontent.com/scaleway/cert-manager-webhook-scaleway/main/deploy/bundle.yaml
How to use it
Note: It uses the cert-manager webhook system. Everything after the issuer is configured is just cert-manager. You can find out more in their documentation.
Now that the webhook is installed, here is how to use it. Let's say you need a certificate for example.com (should be registered in Scaleway DNS).
First step is to create a secret containing the Scaleway Access and Secret keys. Create the scaleway-secret.yaml file with the following content: (Only needed if you don't have default credentials as seen above).
apiVersion: v1 stringData: SCW_ACCESS_KEY: SCW_SECRET_KEY: kind: Secret metadata: name: scaleway-secret type: Opaque
And run:
kubectl create -f scaleway-secret.yaml
Next step is to create a cert-manager Issuer. Create a issuer.yaml file with the following content:
apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: my-scaleway-issuer spec: acme: email: my-user@example.com # this is the acme staging URL server: https://acme-staging-v02.api.letsencrypt.org/directory # for production use this URL instead # server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: my-scaleway-private-key-secret solvers: - dns01: webhook: groupName: acme.scaleway.com solverName: scaleway config: # Only needed if you don't have default credentials as seen above. accessKeySecretRef: key: SCW_ACCESS_KEY name: scaleway-secret secretKeySecretRef: key: SCW_SECRET_KEY name: scaleway-secret
And run:
kubectl create -f issuer.yaml
Finally, you can now create the Certificate object for example.com. Create a certificate.yaml file with the following content:
apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: example-com spec: dnsNames: - example.com issuerRef: name: my-scaleway-issuer secretName: example-com-tls
And run:
kubectl create -f certificate.yaml
After some seconds, you should see the certificate as ready:
$ kubectl get certificate example-com NAME READY SECRET AGE example-com True example-com-tls 1m12s
Your certificate is now available in the example-com-tls secret!
Integration testing
Before running the test, you need:
- A valid domain on Scaleway DNS (here
example.com) - The variables
SCW_ACCESS_KEYandSCW_SECRET_KEYvalid and in the environment
In order to run the integration tests, run:
TEST_ZONE_NAME=example.com make test