Metadata-Version: 2.4
Name: cloud-cert-renewer
Version: 0.3.0b3
Summary: Automated HTTPS certificate renewal tool for cloud services, supporting CDN and Load Balancer (multi-cloud support, currently supports Alibaba Cloud)
Project-URL: Homepage, https://github.com/maskshell/cloud-cert-renewer
Project-URL: Documentation, https://github.com/maskshell/cloud-cert-renewer#readme
Project-URL: Repository, https://github.com/maskshell/cloud-cert-renewer
Project-URL: Issues, https://github.com/maskshell/cloud-cert-renewer/issues
Author-email: analyser <analyser@gmail.com>
License: MIT
License-File: LICENSE
Keywords: alibaba-cloud,automation,cdn,certificate,certificate-renewal,cloud,load-balancer,multi-cloud,ssl,tls
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Topic :: Internet :: WWW/HTTP :: HTTP Servers
Classifier: Topic :: Security
Classifier: Topic :: System :: Networking
Classifier: Topic :: Utilities
Requires-Python: >=3.10
Requires-Dist: alibabacloud-cdn20180510>=3.1.2
Requires-Dist: alibabacloud-credentials>=0.3.6
Requires-Dist: alibabacloud-slb20140515>=3.1.2
Requires-Dist: cryptography>=41.0.0
Requires-Dist: python-dotenv>=1.0.0
Provides-Extra: dev
Requires-Dist: pre-commit>=3.0.0; extra == 'dev'
Requires-Dist: pytest-mock>=3.10.0; extra == 'dev'
Requires-Dist: pytest>=7.0.0; extra == 'dev'
Requires-Dist: ruff>=0.1.0; extra == 'dev'
Requires-Dist: yamllint>=1.32.0; extra == 'dev'
Description-Content-Type: text/markdown

# Cloud Certificate Renewer

Automated HTTPS certificate renewal tool for cloud services, supporting CDN and Load Balancer products. Currently supports Alibaba Cloud, with architecture designed for multi-cloud extension.

## Table of Contents

- [Features](#features)
- [Kubernetes Deployment](#kubernetes-deployment)
- [Documentation](#documentation)
- [Contributing](#contributing)

## Features

- Automatic certificate renewal for cloud CDN services (currently supports Alibaba Cloud)
- Automatic certificate renewal for cloud Load Balancer services (currently supports Alibaba Cloud SLB)
- Certificate validation (domain matching, expiration checking)
- Support for wildcard domain certificates
- CLI support with arguments (`--dry-run`, `--verbose`, `--version`)
- Multiple authentication methods:
  - Access Key authentication
  - STS (Security Token Service) temporary credentials
  - IAM Role authentication
  - OIDC (RRSA) authentication for Kubernetes
  - Service Account authentication
  - Environment variable authentication
- Configuration via environment variables or Kubernetes Secrets
- Comprehensive error handling and logging
- Helm Chart deployment support
- Integration with cert-manager and Reloader
- Automated release workflow with multi-architecture Docker images, Helm Charts, and PyPI packages

## Kubernetes Deployment

### Prerequisites

**Required:**

- Kubernetes cluster

**Recommended:**

- cert-manager (for automatic certificate acquisition and renewal)
- Reloader (for monitoring certificate Secret changes and automatically triggering Deployment redeployment)

### Deployment

```bash
# 1. Create Secret (using generic naming, recommended)
kubectl create secret generic cloud-credentials \
  --from-literal=access-key-id=YOUR_KEY \
  --from-literal=access-key-secret=YOUR_SECRET

# Or use legacy naming (backward compatible)
# kubectl create secret generic alibaba-cloud-credentials \
#   --from-literal=access-key-id=YOUR_KEY \
#   --from-literal=access-key-secret=YOUR_SECRET

# 2. Deploy using Helm
helm install cloud-cert-renewer ./helm/cloud-cert-renewer \
  --set serviceType=cdn \
  --set cdn.domainName=your-domain.com
```

For detailed deployment instructions and troubleshooting, see:

- [Helm Chart README](helm/cloud-cert-renewer/README.md)
- [TROUBLESHOOTING.md](TROUBLESHOOTING.md)

### How It Works

1. cert-manager automatically acquires/updates Let's Encrypt certificates and updates the `cert-secret` Secret
2. Reloader detects Secret changes and triggers Deployment redeployment
3. Init container starts, reads certificate from Secret, and calls cloud service API to update certificate
4. Init container exits after completion
5. Main container (placeholder) keeps running to ensure Deployment status is normal

### Development

For development and testing, see [DEVELOPMENT.md](DEVELOPMENT.md) for detailed setup instructions.

## CLI Installation

### Using pip (PyPI)

You can install the tool directly from PyPI:

```bash
pip install cloud-cert-renewer
```

After installation, you can run the tool using the `cloud-cert-renewer` command:

```bash
# View help
cloud-cert-renewer --help

# Run in dry-run mode
cloud-cert-renewer --dry-run --verbose

# Run with environment variables
export SERVICE_TYPE=cdn
export CLOUD_ACCESS_KEY_ID=your_key
...
cloud-cert-renewer
```

## Documentation

- **[CONTRIBUTING.md](CONTRIBUTING.md)**: Guidelines for contributing to the project
- **[DEVELOPMENT.md](DEVELOPMENT.md)**: Detailed development guide (code formatting, linting, testing, building)
- **[TROUBLESHOOTING.md](TROUBLESHOOTING.md)**: Common issues and debugging tips
- **[Helm Chart README](helm/cloud-cert-renewer/README.md)**: Detailed Kubernetes deployment guide
- **[testing-design-principles.mdc](testing-design-principles.mdc)**: Testing design and implementation principles

## Contributing

We welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines, including the language policy.

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
