cert-manager Webhook for Scaleway DNS is a ACME webhook for cert-manager allowing users to use Scaleway DNS for DNS01 challenge.

• A Scaleway Access Key and a Scaleway Secret Key
• A valid domain configured on Scaleway DNS
• A Kubernetes cluster (v1.29+ recommended)
• Helm 3 installed on your computer
• cert-manager deployed on the cluster

Attention: starting from 0.1.0 the chart's name is now named scaleway-certmanager-webhook, if upgrading from an older version you might want to add --set nameOverride=scaleway-webhook

• Add scaleway's helm chart repository:

helm repo add scaleway https://helm.scw.cloud/ helm repo update

• Install the chart

helm install scaleway-certmanager-webhook scaleway/scaleway-certmanager-webhook

• Alternatively, you can install the webhook with default credentials with:

helm install scaleway-certmanager-webhook scaleway/scaleway-certmanager-webhook --set secret.accessKey=<YOUR-ACCESS-KEY> --set secret.secretKey=<YOUR-SECRET_KEY>

The Scaleway Webhook is now installed! 🎉

Refer to the chart's documentation for more configuration options.

Alternatively, you may use the provided bundle for a basic install in the cert-manager namespace: kubectl apply -f https://raw.githubusercontent.com/scaleway/cert-manager-webhook-scaleway/main/deploy/bundle.yaml

Note: It uses the cert-manager webhook system. Everything after the issuer is configured is just cert-manager. You can find out more in their documentation.

Now that the webhook is installed, here is how to use it. Let's say you need a certificate for example.com (should be registered in Scaleway DNS).

First step is to create a secret containing the Scaleway Access and Secret keys. Create the scaleway-secret.yaml file with the following content: (Only needed if you don't have default credentials as seen above).

apiVersion: v1 stringData: SCW_ACCESS_KEY: <YOUR-SCALEWAY-ACCESS-KEY> SCW_SECRET_KEY: <YOUR-SCALEWAY-SECRET-KEY> kind: Secret metadata: name: scaleway-secret type: Opaque

And run:

kubectl create -f scaleway-secret.yaml

Next step is to create a cert-manager Issuer. Create a issuer.yaml file with the following content:

apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: my-scaleway-issuer spec: acme: email: my-user@example.com # this is the acme staging URL server: https://acme-staging-v02.api.letsencrypt.org/directory # for production use this URL instead # server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: my-scaleway-private-key-secret solvers: - dns01: webhook: groupName: acme.scaleway.com solverName: scaleway config: # Only needed if you don't have default credentials as seen above. accessKeySecretRef: key: SCW_ACCESS_KEY name: scaleway-secret secretKeySecretRef: key: SCW_SECRET_KEY name: scaleway-secret

And run:

kubectl create -f issuer.yaml

Finally, you can now create the Certificate object for example.com. Create a certificate.yaml file with the following content:

apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: example-com spec: dnsNames: - example.com issuerRef: name: my-scaleway-issuer secretName: example-com-tls

And run:

kubectl create -f certificate.yaml

After some seconds, you should see the certificate as ready:

$ kubectl get certificate example-com NAME READY SECRET AGE example-com True example-com-tls 1m12s

Your certificate is now available in the example-com-tls secret!

Before running the test, you need:

• A valid domain on Scaleway DNS (here example.com)
• The variables SCW_ACCESS_KEY and SCW_SECRET_KEY valid and in the environment

In order to run the integration tests, run:

TEST_ZONE_NAME=example.com make test