Skip to main content

cert-manager-webhook-all-inkl

cert-manager ACME DNS-01 webhook solver for the ALL-INKL.com registrar.

cert-manager-webhook-all-inkl is a custom cert-manager webhook that implements the DNS-01 ACME challenge solver for the ALL-INKL.com domain registrar. It is needed in this cluster to issue Let's Encrypt certificates for domains hosted at ALL-INKL, since those domains cannot use the HTTP-01 challenge method (e.g. for wildcard certificates or private-IP ingress).

Installation

Architecture

HelmRelease allinkl-webhook in namespace cert-manager, chart version 0.3.0 from the OCI registry oci://ghcr.io/johnnycube (johnnycube-charts). No CRDs — it registers as a cert-manager webhook solver. No separate namespace; runs alongside cert-manager.

Security

No explicit securityContext is configured at the HelmRelease level. RBAC is scoped to the cert-manager namespace. The webhook reads DNS provider credentials from a Kubernetes Secret.

Updates

Managed by Renovate. Chart version is semver-pinned (0.3.0) from the OCI registry.

Administration

Usage

A ClusterIssuer or Issuer referencing this webhook solver is used when requesting certificates for ALL-INKL-hosted domains. cert-manager calls the webhook to create and clean up DNS TXT records for the ACME DNS-01 challenge, enabling automated wildcard certificate issuance.

Cluster-specific deviations from the above live in the per-cluster README — see k8s/infrastructure/talos/controllers/cert-manager-webhook-all-inkl/README.md.

Cluster Deployment

cert-manager-webhook-all-inkl — Talos cluster

Cluster-specific notes only. General product info, "why we use it", and alternatives live in docusaurus/docs/platform/cert-manager-webhook-all-inkl.mdx.

Deviations from defaults

Defaults live in docusaurus/docs/platform/cert-manager-webhook-all-inkl.mdx — document anything this cluster does differently here, with a one-line reason.

Kubernetes Metadata
  • HelmRelease: allinkl-webhook@0.3.0
  • HelmRepo: johnnycube-charts (oci://ghcr.io/johnnycube)