feat: Modify for Hetzner Cloud DNS support

https://blog.nashcom.de/nashcomblog.nsf/dx/hetzner-is-moving-their-dns-to-the-cloud-console-update-your-dns-txt-api-integrations.htm

Author: sshine

.envrc

@@ -0,0 +1 @@
+use nix

.github/workflows/build.yml

@@ -26,8 +26,7 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            zmejg/cert-manager-webhook-hetzner
-            ghcr.io/vadimkim/cert-manager-webhook-hetzner
+            ghcr.io/sshine/cert-manager-webhook-hetzner
           tags: |
             type=ref,event=branch
             type=ref,event=pr

.gitignore

@@ -2,6 +2,7 @@
 kubebuilder
 .vscode/
 .idea/
+.direnv/
 # Binaries for programs and plugins
 *.exe
 *.exe~

Dockerfile

@@ -21,8 +21,7 @@ RUN CGO_ENABLED=0 GOARCH=$TARGETARCH go build -o webhook -ldflags '-w -extldflag
 
 # ---- Final runtime image ----
 FROM alpine:3.22
-LABEL maintainer="vadimkim <vadim@ant.ee>"
-LABEL org.opencontainers.image.source="https://github.com/vadimkim/cert-manager-webhook-hetzner"
+LABEL org.opencontainers.image.source="https://github.com/sshine/cert-manager-webhook-hetzner"
 
 # Install minimal runtime
 RUN apk add --no-cache ca-certificates \

deploy/cert-manager-webhook-hetzner/Chart.yaml

@@ -1,21 +1,20 @@
 apiVersion: v2
 name: cert-manager-webhook-hetzner
-version: 1.4.2
-appVersion: "1.4.2"
+version: 1.6.0
+appVersion: "1.6.0"
 kubeVersion: ">= 1.22.0-0"
-description: Allow cert-manager to solve DNS challenges using Hetzner DNS API
-home: https://github.com/vadimkim/cert-manager-webhook-hetzner
+description: cert-manager webhook for Hetzner Cloud DNS API
+home: https://github.com/sshine/cert-manager-webhook-hetzner
 icon: https://raw.githubusercontent.com/cert-manager/cert-manager/master/logo/logo-small.png
 keywords:
   - cert-manager
   - hetzner
-  - kube-lego
-  - letsencrypt
+  - dns
+  - acme
   - tls
 sources:
-  - https://github.com/vadimkim/cert-manager-webhook-hetzner
-maintainers:
-  - name: vadimkim
-    email: vadim@ant.ee
+  - https://github.com/sshine/cert-manager-webhook-hetzner
+mainters:
+  - name: sshine
 annotations:
   artifacthub.io/license: Apache-2.0

deploy/cert-manager-webhook-hetzner/templates/pki.yaml

@@ -32,7 +32,7 @@ spec:
   duration: 43800h0m0s # 5y
   issuerRef:
     name: {{ include "cert-manager-webhook-hetzner.selfSignedIssuer" . }}
-  commonName: "ca.cert-manager-webhook-hetzner.cert-manager"
+  commonName: "ca.{{ include "cert-manager-webhook-hetzner.fullname" . }}.cert-manager"
   isCA: true
 
 ---

deploy/cert-manager-webhook-hetzner/values.yaml

@@ -1,18 +1,17 @@
-# The kubernetes api group under which the webhook will be exposed. There is no need to
-# modify this value unless you are facing a collision in your api services.
-groupName: hetzner.cert-mananger-webhook.noshoes.xyz
+groupName: acme.yourdomain.tld
 
 certManager:
   namespace: cert-manager
   serviceAccountName: cert-manager
 
 image:
   registry: ghcr.io
-  repository: vadimkim/cert-manager-webhook-hetzner
-  # Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }}
+  repository: sshine/cert-manager-webhook-hetzner
   tag: ""
   pullPolicy: IfNotPresent
 
+replicaCount: 1
+
 nameOverride: ""
 fullnameOverride: ""
 
@@ -24,28 +23,13 @@ secretName:
   - hetzner-secret
 
 resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-#  memory: 128Mi
 
 nodeSelector: {}
 
 tolerations: []
 
 affinity: {}
 
-# Use these variables to configure the HTTP_PROXY environment variables
-# http_proxy: "http://proxy:8080"
-# https_proxy: "https://proxy:8080"
-# no_proxy: 127.0.0.1,localhost
-
 securityContext:
   allowPrivilegeEscalation: false
   capabilities:

internal/hetzner.go

@@ -1,63 +1,83 @@
 package internal
 
+import "strconv"
+
+const (
+	DefaultApiUrl = "https://api.hetzner.cloud/v1"
+	DefaultSecretKey = "api-token"
+	DefaultTxtTTL = 120
+)
+
 type Config struct {
-	ApiKey, ZoneName, ApiUrl string
+	ApiKey    string
+	ZoneName  string
+	ZoneId    int64
+	ApiUrl    string
+	SecretKey string
 }
 
-type RecordResponse struct {
-	Records []Record `json:"records"`
-	Meta    Meta     `json:"meta"`
+func (c *Config) ZoneIdStr() string {
+	return strconv.FormatInt(c.ZoneId, 10)
 }
 
-type ZoneResponse struct {
+type ZoneListResponse struct {
 	Zones []Zone `json:"zones"`
-	Meta  Meta   `json:"meta"`
 }
 
-type Meta struct {
-	Pagination Pagination `json:"pagination"`
+type ZoneResponse struct {
+	Zone Zone `json:"zone"`
+}
+
+type Zone struct {
+	Id          int64  `json:"id"`
+	Name        string `json:"name"`
+	TTL         int    `json:"ttl"`
+	RecordCount int    `json:"record_count"`
 }
 
-type Pagination struct {
-	Page         int `json:"page"`
-	PerPage      int `json:"per_page"`
-	LastPage     int `json:"last_page"`
-	TotalEntries int `json:"total_entries"`
+type RRSetListResponse struct {
+	RRSets []RRSet `json:"rrsets"`
 }
 
-type Record struct {
-	Type     string `json:"type"`
-	Id       string `json:"id"`
-	Created  string `json:"created"`
-	Modified string `json:"modified"`
-	ZoneId   string `json:"zone_id"`
-	Name     string `json:"name"`
-	Value    string `json:"value"`
-	Ttl      int    `json:"ttl"`
+type RRSetResponse struct {
+	RRSet RRSet `json:"rrset"`
 }
 
-type Zone struct {
-	Id              string       `json:"id"`
-	Created         string       `json:"created"`
-	Modified        string       `json:"modified"`
-	LegacyDnsHost   string       `json:"legacy_dns_host"`
-	LegacyNs        []string     `json:"legacy_ns"`
-	Name            string       `json:"name"`
-	Ns              []string     `json:"ns"`
-	Owner           string       `json:"owner"`
-	Paused          bool         `json:"paused"`
-	Permission      string       `json:"permission"`
-	Project         string       `json:"project"`
-	Registrar       string       `json:"registrar"`
-	Status          string       `json:"status"`
-	Ttl             int          `json:"ttl"`
-	Verified        string       `json:"verified"`
-	RecordsCount    int          `json:"records_count"`
-	IsSecondaryDns  bool         `json:"is_secondary_dns"`
-	TxtVerification Verification `json:"txt_verification"`
-}
-
-type Verification struct {
-	Name  string `json:"name"`
-	Token string `json:"token"`
+type RRSet struct {
+	Id      string       `json:"id"`
+	Name    string       `json:"name"`
+	Type    string       `json:"type"`
+	TTL     *int         `json:"ttl"`
+	Records []RRSetRecord `json:"records"`
+	Zone    int64        `json:"zone"`
+}
+
+type RRSetRecord struct {
+	Value   string `json:"value"`
+	Comment string `json:"comment,omitempty"`
+}
+
+type RRSetCreateRequest struct {
+	Name    string        `json:"name"`
+	Type    string        `json:"type"`
+	TTL     *int          `json:"ttl,omitempty"`
+	Records []RRSetRecord `json:"records"`
+}
+
+type RRSetAddRecordsRequest struct {
+	Records []RRSetRecord `json:"records"`
+	TTL     *int          `json:"ttl,omitempty"`
+}
+
+type RRSetRemoveRecordsRequest struct {
+	Records []RRSetRecord `json:"records"`
+}
+
+type ErrorResponse struct {
+	Error ErrorDetail `json:"error"`
+}
+
+type ErrorDetail struct {
+	Code    string `json:"code"`
+	Message string `json:"message"`
 }