Kubernetes cert-manager

nbauer · April 28, 2020, 9:17am

Hi there!
Is somebody already trying to add deSEC support to cert-manager so that it can be used for letsencrypt dns challenges in kubernetes?

Yours
Nils

peter · April 28, 2020, 9:53am

Hi Nils,

Thanks for your post, and welcome to deSEC!

As far as I can tell, nobody has started working on adding support to cert-manager. However, that would be greatly appreciated (and frankly, I’ve been hoping that someone would bring it up!).

We are currently focusing on our GUI and some additional security features w.r.t. to account management, and haven’t had the time to get started with cert-manager ourselves. However, I’ve you’d like to take a stab at it, we’re very happy to help you out with any questions etc. Just let us know!

Stay secure,
Peter

kmorning · February 13, 2021, 5:24pm

Hi,

I’m reviving this old thread to let you know I have a cert-manager webhook for deSEC working. It can be found at https://github.com/kmorning/cert-manager-webhook-desec. Feel free to submit any issues over at my github if you run into any.

waxling · February 16, 2022, 1:15pm

Hi, its been a while so I thought I’d check-in - I can’t currently get this fork working @kmorning. I’ve submitted one Issue and fix, although I suspect that there might be more.

chris · June 17, 2023, 9:09am

Any news?
I am using TrueNAS Scale + TrueCharts, they started to heavily rely on cert-manager. They fully support CloudFlare, but I would like to stick with deSEC

su541 · October 5, 2023, 5:23pm

Hi,

i also had problems, so created my own one.

works on my arm64 cluster. I pushed running images to hub.docker.io for amd64, arm and arm64.

Prewar6 · March 2, 2025, 7:15am

Can’t get that one to work either, @su541. cert-manager keeps mentioning either “EOF …” while reading something, I suppose a secret, or the TLS connection between cert-manager and the plugin times out.

Sad, because I wanted to use this in my personal Oracle cloud cluster.

su541 · March 2, 2025, 9:33am

Hi Prewar6,

i just updated the readme and chart files on github. After that I used the helm chart to deploy the webhook on my kubernetes cluster. The certification request was send.

Prewar6 · March 2, 2025, 11:27am

Thanks! I think the command should be helm install desec-webhook -n cert-manager deploy/desec-webhook, at least when cloning and executing it from the root of the repo. But that aside, I still get the same. Going to uninstall cert-manager.

What version of cert-manager are you running?

su541 · March 3, 2025, 5:35pm

Hi,

i was offline since yesterday. I run cert-manager v1.17.1 deployed on a kubernetes v1.32.2.

Using this charts:

helm repo add jetstack https://charts.jetstack.io