cert-manager: Use recursive resolver for checks

I've completely blocked all outgoing unencrypted DNS traffic at the firewall now, which prevents _cert-manager_ from using its default behavior of using the authoritative name servers for its managed domains to check poll for ACME challenge DNS TXT record availability. Fortunately, it has an option to use a recursive resolver (i.e. the network-provided DNS server) instead.
2025-06-18 02:30:58 +00:00 · 2025-06-18 02:30:58 +00:00 · 4106038fe9
parent f4b0d43d25
commit 4106038fe9
1 changed files with 10 additions and 0 deletions
--- a/cert-manager/kustomization.yaml
+++ b/cert-manager/kustomization.yaml
@ -52,3 +52,13 @@ patches:
            nameservers:
            - 172.30.0.1
          dnsPolicy: None
+- patch: |
+    - op: add
+      path: /spec/template/spec/containers/0/args/-
+      value: >-
+        --dns01-recursive-nameservers-only
+  target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: cert-manager