infra
/
kubernetes
1
0
Fork 0
Code Pull Requests 4 Activity

cert-manager: Use recursive resolver for checks 

I've completely blocked all outgoing unencrypted DNS traffic at the
firewall now, which prevents _cert-manager_ from using its default
behavior of using the authoritative name servers for its managed domains
to check poll for ACME challenge DNS TXT record availability.
Fortunately, it has an option to use a recursive resolver (i.e. the
network-provided DNS server) instead.
pull/67/head
Dustin 2025-06-18 02:30:58 +00:00
parent f4b0d43d25
commit 4106038fe9
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cert-manager/kustomization.yaml
View File

@ -52,3 +52,13 @@ patches:
nameservers: nameservers:
- 172.30.0.1 - 172.30.0.1
dnsPolicy: None dnsPolicy: None
- patch: |
- op: add
path: /spec/template/spec/containers/0/args/-
value: >-
--dns01-recursive-nameservers-only
target:
group: apps
version: v1
kind: Deployment
name: cert-manager