Issue certificate to AKS PublicIP (AzureDNS) with dns challenge

2/26/2020

I want to create a certificate for Kubernetes application using dns challenge i.e. blabla.westeurope.cloudapp.azure.com. According to below link, I have to create my custom dns zone within azure and have to use it for the same:

https://cert-manager.io/docs/configuration/acme/dns01/azuredns/

kind: Issuer
metadata:
  name: example-issuer
spec:
  acme:
    ...
    solvers:
    - dns01:
        azuredns:
          clientID: AZURE_CERT_MANAGER_SP_APP_ID
          clientSecretSecretRef:
          # The following is the secret we created in Kubernetes. Issuer will use this to present challenge to Azure DNS.
            name: azuredns-config
            key: client-secret
          subscriptionID: AZURE_SUBSCRIPTION_ID
          tenantID: AZURE_TENANT_ID
          resourceGroupName: AZURE_DNS_ZONE_RESOURCE_GROUP
          hostedZoneName: AZURE_DNS_ZONE
          # Azure Cloud Environment, default to AzurePublicCloud
          environment: AzurePublicCloud 

Can anyone assist me here, how to use Azure Provided DNS for issuing certificate?

-- Nitin Kalra
azure-aks
azure-kubernetes
kubernetes

1 Answer

2/26/2020

If you've configured everything according to the article the next step would be to create a certificate:

apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: domain.AZURE_DNS_ZONE
spec:
  acme:
    config:
      - domains:
          - "domain.AZURE_DNS_ZONE"
        dns01:
          provider: azure
  commonName: "domain.AZURE_DNS_ZONE"
  dnsNames:
    - "domain.AZURE_DNS_ZONE"
  issuerRef:
    kind: Issuer
    name: example-issuer
  secretName: secretname

also, you cant issue a certificate for westeurope.cloudapp.azure.com using a DNS challenge, so you can only issue a certificate for you AZURE_DNS_ZONE

-- 4c74356b41
Source: StackOverflow