This repo allows cert-manager to use ExternalDNS to handle ACME challenges.
The default configuration of ExternalDNS needs altering for this integration to function:
- TXT records are not managed by ExternalDNS by default, it requires an extra flag
- The DNSEndpoint CRD is not enabled by default
If you are deploying with the official Helm chart you can accomplish this by including this in your values file:
extraArgs:
- --managed-record-types=A # ┐
- --managed-record-types=AAAA # ├ Default values
- --managed-record-types=CNAME # ┘
- --managed-record-types=TXT # ─ New value
sources:
- service # ┬ Default values
- ingress # ┘
- crd # ─ New valueAny supported version of cert-manager supports DNS webhooks, for documentation on installing cert-manager see the official documentation
TODO
To configure an issuer to use ExternalDNS you just specify the group and solver name within the Issuer or ClusterIssuer config:
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: example-issuer
spec:
acme:
...
solvers:
- dns01:
webhook:
groupName: external-dns.acme.cert-manager.io
solverName: external-dns