stackitcloud · nburchha · Mar 4, 2026 · Mar 4, 2026 · Mar 5, 2026 · Mar 5, 2026
@@ -1,4 +1,3 @@
----
 # based on https://github.com/mvdan/github-actions-golang
 name: CI
 
@@ -18,7 +17,7 @@ jobs:
   test:
     strategy:
       matrix:
-        go-version: [1.25.x]
+        go-version: [1.26.x]
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
 

@@ -1,4 +1,7 @@
-* patrick.koss@stackit.cloud
-* marius.galm@stackit.cloud
-* simon.stier@stackit.cloud
-* florian.sandel@stackit.cloud
+* marius.galm@digits.schwarz
+* simon.stier@digits.schwarz
+* florian.sandel@digits.schwarz
+* Ondrej.Behavka@digits.schwarz
+* Johannes.Moritz@digits.schwarz
+* Andreas.Turtschan@digits.schwarz
+* niklas.burchhardt@digits.schwarz
@@ -1,4 +1,4 @@
-GOLANGCI_VERSION = 2.6.1
+GOLANGCI_VERSION = 2.10.1
 HELM_DOCS_VERSION = 1.14.2
 LICENCES_IGNORE_LIST = $(shell cat licenses/licenses-ignore-list.txt)
 

@@ -1,32 +1,37 @@
 # stackit-cert-manager-webhook
 
-![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
+![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![AppVersion: v0.4.1](https://img.shields.io/badge/AppVersion-v0.4.1-informational?style=flat-square)
 
-A Helm chart for Kubernetes
+A Helm chart for stackitcloud/stackit-cert-manager-webhook
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| additionalVolumeMounts | list | `[]` |  |
+| additionalVolumes | list | `[]` |  |
 | affinity | object | `{}` |  |
 | certManager | object | `{"namespace":"cert-manager","serviceAccountName":"cert-manager"}` | Meta information of the cert-manager itself. |
 | certManager.namespace | string | `"cert-manager"` | namespace where the webhook should be installed. Cert-Manager and the webhook should be in the same namespace. |
 | certManager.serviceAccountName | string | `"cert-manager"` | service account name for the cert-manager. |
+| extraEnv | list | `[]` | delete the next line and add your variables as in the commented example below. |
 | fullnameOverride | string | `""` | Fullname override of the webhook. |
 | groupName | string | `"acme.stackit.de"` | The GroupName here is used to identify your company or business unit that created this webhook. Therefore, it should be acme.stackit.de. |
-| image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/stackitcloud/stackit-cert-manager-webhook","tag":"latest"}` | Image information for the webhook. |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/stackitcloud/stackit-cert-manager-webhook","tag":""}` | Image information for the webhook. |
 | image.pullPolicy | string | `"IfNotPresent"` | pull policy of the image. |
 | image.repository | string | `"ghcr.io/stackitcloud/stackit-cert-manager-webhook"` | repository of the image. |
-| image.tag | string | `"latest"` | tag of the image. |
+| imagePullSecrets | list | `[]` |  |
 | nameOverride | string | `""` | Webhook configuration. |
 | nodeSelector | object | `{}` | Node selector for the webhook. |
 | podSecurityContext.runAsGroup | int | `1000` |  |
 | podSecurityContext.runAsNonRoot | bool | `true` |  |
 | podSecurityContext.runAsUser | int | `1000` |  |
+| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | replicaCount | int | `1` | Replicas for the webhook. Since it is a stateless application server that sends requests you can increase the number as you want. Most of the time however, 1 replica is enough. |
 | resources | object | `{}` | Kubernetes resources for the webhook. Usually limits.cpu=100m, limits.memory=128Mi, requests.cpu=100m, requests.memory=128Mi is enough for the webhook. |
 | securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | service | object | `{"port":443,"type":"ClusterIP"}` | Configuration for the webhook service. |
 | service.port | int | `443` | port of the service. |
 | service.type | string | `"ClusterIP"` | type of the service. |

@@ -1,8 +1,6 @@
 module github.com/stackitcloud/stackit-cert-manager-webhook
 
-go 1.25.0
-
-toolchain go1.26.0
+go 1.26.0
 
 // Do not remove this comment:
 // please place any replace statements here at the top for visibility and add a

@@ -12,21 +12,17 @@ func newStackitDnsClient(
 }
 
 func newStackitDnsClientBearerToken(config Config) (*stackitdnsclient.APIClient, error) {
-	httpClient := *config.HttpClient
-
 	return newStackitDnsClient(
 		stackitconfig.WithToken(config.AuthToken),
-		stackitconfig.WithHTTPClient(&httpClient),
+		stackitconfig.WithHTTPClient(new(*config.HttpClient)),
 		stackitconfig.WithEndpoint(config.ApiBasePath),
 	)
 }
 
 func newStackitDnsClientKeyPath(config Config) (*stackitdnsclient.APIClient, error) {
-	httpClient := *config.HttpClient
-
 	return newStackitDnsClient(
 		stackitconfig.WithServiceAccountKeyPath(config.SaKeyPath),
-		stackitconfig.WithHTTPClient(&httpClient),
+		stackitconfig.WithHTTPClient(new(*config.HttpClient)),
 		stackitconfig.WithEndpoint(config.ApiBasePath),
 		stackitconfig.WithTokenEndpoint(config.ServiceAccountBaseUrl),
 	)

@@ -135,8 +135,7 @@ func (r *rrSetRepository) UpdateRRSet(
 func (r *rrSetRepository) DeleteRRSet(ctx context.Context, rrSetId string) error {
 	_, err := r.apiClient.DeleteRecordSet(ctx, r.projectId, r.zoneId, rrSetId).Execute()
 	if err != nil {
-		var oapiError *oapierror.GenericOpenAPIError
-		if errors.As(err, &oapiError) {
+		if oapiError, ok := errors.AsType[*oapierror.GenericOpenAPIError](err); ok {
 			if oapiError.StatusCode == 404 || oapiError.StatusCode == 400 {
 				return ErrRRSetNotFound
 			}

@@ -72,45 +72,33 @@ func TestRrSetRepository_UpdateRRSet(t *testing.T) {
 
 	t.Run("UpdateRRSet success", func(t *testing.T) {
 		t.Parallel()
-		comment := "comment1"
-		id := "0000"
-		name := "test.com."
-		ttl := int64(60)
-		content := "content1"
-
 		rrSetRepository, err := rrSetRepositoryFactory.NewRRSetRepository(config, "2222")
 		require.NoError(t, err)
 		err = rrSetRepository.UpdateRRSet(
 			ctx,
 			stackitdnsclient.RecordSet{
-				Comment: &comment,
-				Id:      &id,
-				Name:    &name,
-				Ttl:     &ttl,
-				Records: &[]stackitdnsclient.Record{{Content: &content}},
+				Comment: new("comment1"),
+				Id:      new("0000"),
+				Name:    new("test.com."),
+				Ttl:     new(int64(60)),
+				Records: &[]stackitdnsclient.Record{{Content: new("content1")}},
 			},
 		)
 		require.NoError(t, err)
 	})
 
 	t.Run("UpdateRRSet failure", func(t *testing.T) {
 		t.Parallel()
-		comment := "comment2"
-		id := "2222"
-		name := "test.com."
-		ttl := int64(60)
-		content := "content2"
-
 		rrSetRepository, err := rrSetRepositoryFactory.NewRRSetRepository(config, "3333")
 		require.NoError(t, err)
 		err = rrSetRepository.UpdateRRSet(
 			ctx,
 			stackitdnsclient.RecordSet{
-				Comment: &comment,
-				Id:      &id,
-				Name:    &name,
-				Ttl:     &ttl,
-				Records: &[]stackitdnsclient.Record{{Content: &content}},
+				Comment: new("comment2"),
+				Id:      new("2222"),
+				Name:    new("test.com."),
+				Ttl:     new(int64(60)),
+				Records: &[]stackitdnsclient.Record{{Content: new("content2")}},
 			},
 		)
 		require.Error(t, err)

@@ -185,19 +185,16 @@ func (s *stackitDnsProviderResolver) initializeResolverContext(
 func (s *stackitDnsProviderResolver) createRRSet(
 	initResolverRes *initResolverContextResult, key string,
 ) error {
-	comment := "This record set is managed by stackit-cert-manager-webhook"
-	rrSetType := typeTxtRecord
-
 	rrSet := stackitdnsclient.RecordSet{
-		Comment: &comment,
+		Comment: new("This record set is managed by stackit-cert-manager-webhook"),
 		Name:    &initResolverRes.rrSetName,
 		Records: &[]stackitdnsclient.Record{
 			{
 				Content: &key,
 			},
 		},
 		Ttl:  &initResolverRes.acmeTxtDefaultTTL,
-		Type: stackitdnsclient.RecordSetGetTypeAttributeType(&rrSetType),
+		Type: stackitdnsclient.RecordSetGetTypeAttributeType(new(typeTxtRecord)),
 	}
 
 	s.logger.Info("Creating RRSet", zap.String("rrSet", fmt.Sprintf("%+v", rrSet)))