Register in acme-dns using Kubernetes secrets.
- Create a container with exagone313/acme-dns-sidecar Docker image.
- Configure acme-dns to use
sqlite3database engine. - Mount acme-dns configuration file and database into that container.
- Create secrets in the same namespace with these keys:
username: a UUID (RFC 4122)password: matches^[-_A-Za-z0-9]{40}$subdomain: a valid subdomain name
Secret values not following the limitations introduced in acme-dns implementation will be ignored.
Tested with my own acme-dns Docker image although official one should work too.
To control which secrets are read by acme-dns-sidecar, you may add these keys to the configuration file. This doesn't introduce any incompatibility with acme-dns as it doesn't read unknown configuration keys.
[sidecar.secrets]
# only secrets matching these patterns will be read
#field_selector = ""
#label_selector = ""See also config.cfg for the list of options read by acme-dns-sidecar.
A sample YAML file for deploying acme-dns-sidecar alongside acme-dns can be found in acmedns.yml.
You need to make sure port 53 is not used on the host, typically by local resolvers bound on 127.0.0.53.
See UNLICENSE.
acme-dns-sidecar distribution relies on third party dependencies, such as:
- Debian Buster Docker image and Debian Buster packages, see
/usr/share/doc/*/copyright - Python, under PSF License
- Kubernetes Python Client, under Apache License 2.0
- TOML Kit, under MIT License
- bcrypt, under Apache License 2.0