Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support delegated domains for DNS01 challenges #101

Merged
merged 1 commit into from
Mar 2, 2022
Merged

Support delegated domains for DNS01 challenges #101

merged 1 commit into from
Mar 2, 2022

Conversation

MartinWeindel
Copy link
Member

What this PR does / why we need it:
If it is not desired to provide write access to the hosted zone of the certificate domain, the DNS record for DNS01 challenge cannot be written. With help of an existing CNAME DNS record the DNS challenge can be forwarded to another, accessible domain.

Example:
A certificate is requested for the domain example.domain.com. If by some external means a CNAME DNS record has been created for _acme-challenge.example.domain.com with target _acme-challenge.another.domain.org, the TXT record for the DNS01 challenge has to be written to _acme-challenge.another.domain.org.
The cert controller manager only checks for following a CNAME record, if the field spec.followCNAME of the certificate object is set to true.

This feature is expected to be used only in special cases, as the CNAME record must be managed externally and individually for every domain.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Release note:

Support delegated domains for DNS01 challenges

@MartinWeindel MartinWeindel requested a review from a team as a code owner March 2, 2022 16:54
@gardener-robot gardener-robot added needs/review Needs review size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Mar 2, 2022
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Mar 2, 2022
@mandelsoft mandelsoft merged commit 8fc429e into master Mar 2, 2022
@mandelsoft mandelsoft deleted the delegated-domains-for-DNS01 branch March 2, 2022 18:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mandelsoft mandelsoft mandelsoft approved these changes

Assignees
No one assigned
Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/review Needs review size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MartinWeindel @mandelsoft @gardener-robot-ci-1 @gardener-robot