Overview
In some circumstances, you may need to change the list of DNS name servers used by the cert-manager component when it issues DNS01 challenges for ACME certs. By default, cert-manager will use the recursive name servers specified in /etc/resolv.conf for these challenges, but this configuration may not always be desired. cert-manager offers two flags that can be used to configure what DNS servers are used for these challenges:
--dns01-recursive-nameservers
--dns01-recursive-nameservers-only
Solution
To configure these settings for cert-manager in a Konvoy 1.x installation, change your cluster.yaml as follows:
kind: ClusterConfiguration
...
addons:
...
- name: cert-manager
enabled: true
values: |
cert-manager:
extraArgs:
- --dns01-recursive-nameservers-only
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
For more information on these cert-manager flags, consult the
cert-manager documentation.