Using Microsoft AD DNS and Kubernetes Cert-Manager

Hansen, Kyle 0 Reputation points
2023-06-29T15:07:32.84+00:00

Hello, I am trying to use cert-manager for automated certificate requests and renewals inside our kubernetes environment. We use Microsoft AD DNS for DNS configuration. There is no listed DNS01 supported provider on the cert-manager webpage that could be used with this.

Is there any information on how I can get this set up?

Cert-Manager Documentation: https://cert-manager.io/docs/configuration/acme/dns01/#webhook

If anyone has any tips or experience using Microsoft AD DNS to perform DNS01 challenges, any information would be appreciated.

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,262 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,877 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Prrudram-MSFT 27,786 Reputation points
    2023-06-29T20:55:17.0866667+00:00

    @Hansen, Kyle

    According to the Cert-Manager documentation, you can use a webhook to integrate with a DNS provider that is not natively supported by Cert-Manager<sup>.</sup>

    To use Microsoft AD DNS with Cert-Manager, you can create a webhook that calls a PowerShell script to create the required DNS records in Microsoft AD DNS.

    Here are the high-level steps to set up the webhook:

    1. Create a PowerShell script that creates the required DNS records in Microsoft AD DNS. You can use the DNS Server Tools to manage DNS and create conditional forwarders for an Azure Active Directory Domain Services managed domain.
    2. Create a webhook that calls the PowerShell script. You can use Azure Functions to create the webhook.
    3. Configure Cert-Manager to use the webhook to perform DNS01 challenges. You can follow the steps in the Cert-Manager documentation to configure the webhook.

    Here are some additional resources that may be helpful:

    If this does answer your question, please accept it as the answer as a token of appreciation.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.