Home

Awesome

DNS-01 Exec Plugins

To support multiple DNS providers the kube-cert-manager supports an exec based plugin system.

Overview

DNS-01 plugins are responsible for creating or deleting a single DNS TXT record for a specific DNS provider.

Exec Interface

Environment Variables

Stdin

Arbitrary configuration data will be written on stdin. The contents of the configuration data will be provider specific and must be documented separately.

Error Handling

Exit Codes

Error Messages

A single error should be printed to stderr that will be logged by the kube-cert-manager

Examples

The following example executes a binary named dns01. The dns01 plugin does not create or delete DNS records, but it does provide a good example of how to write a DNS-01 plugin.

Create

cat dns01.json | \
  APIVERSION="v1" \
  COMMAND="CREATE" \
  DOMAIN="example.com" \
  FQDN="_acme-challenge.example.com" \
  TOKEN="8bGFl9SNhZzukcwdR7e52gFwq6HaEHB43LbimZQwnLg" \
  dns01
echo $?
0

Delete

cat dns01.json | \
  APIVERSION="v1" \
  COMMAND="DELETE" \
  DOMAIN="example.com" \
  FQDN="_acme-challenge.example.com" \
  TOKEN="8bGFl9SNhZzukcwdR7e52gFwq6HaEHB43LbimZQwnLg" \
  dns01
echo $?
0

API Version Conflict

cat dns01.json | \
  APIVERSION="v2" \
  COMMAND="DELETE" \
  DOMAIN="example.com" \
  FQDN="_acme-challenge.example.com" \
  TOKEN="8bGFl9SNhZzukcwdR7e52gFwq6HaEHB43LbimZQwnLg" \
  dns01
echo $?
3

Bad Configuration Data

cat dns01-bad.json | \
  APIVERSION="v1" \
  COMMAND="DELETE" \
  DOMAIN="example.com" \
  FQDN="_acme-challenge.example.com" \
  TOKEN="8bGFl9SNhZzukcwdR7e52gFwq6HaEHB43LbimZQwnLg" \
  dns01

A single error message is printed to stderr.

invalid character 'B' looking for beginning of value
echo $?
2