Skip to content
English
Submit Ticket
  • There are no suggestions because the search field is empty.

Kubernetes ACME Integration with OpusDNS

Introduction

Kubernetes is an open-source platform used to run and manage containerized applications at scale. It is widely used by cloud-native companies, DevOps teams, and enterprises to deploy microservices, APIs, and distributed systems in a reliable and automated way.

One of the key challenges in Kubernetes environments is managing TLS certificates. Because services are dynamic and frequently created or scaled, manual certificate handling is not practical. This is where ACME-based automation becomes essential.


What is Kubernetes?

Kubernetes is a container orchestration system that automates the deployment, scaling, and management of applications in containers.

It is commonly used for:

  • Microservices architectures
  • Cloud-native applications
  • Scalable APIs and backend systems
  • Multi-cloud and hybrid infrastructure

Kubernetes helps teams manage complex infrastructure by handling scheduling, scaling, and service discovery automatically.


Why ACME in Kubernetes?

In Kubernetes environments, services change frequently. New pods, services, and ingress resources are constantly created and removed.

This creates challenges for TLS management:

  • Frequent certificate renewals
  • Dynamic domains and ingress endpoints
  • Need for wildcard certificates
  • High automation requirements

ACME solves this by automating the full certificate lifecycle:

  • Domain validation
  • Certificate issuance
  • Renewal and rotation


Kubernetes ACME Integration with OpusDNS

The OpusDNS integration enables Kubernetes to automatically manage SSL/TLS certificates using cert-manager and ACME DNS-01 challenges.

GitHub Repository:
https://github.com/OpusDNS/cert-manager-webhook-opusdns


How the Integration Works

The integration is based on cert-manager, the standard Kubernetes tool for certificate automation.

The process works as follows:

  1. A Certificate resource is created in Kubernetes
  2. cert-manager detects the request
  3. An ACME challenge is created (DNS-01)
  4. The OpusDNS webhook is triggered
  5. The webhook uses the OpusDNS API
  6. A DNS TXT record is created automatically
  7. The ACME provider validates the domain
  8. The certificate is issued and stored as a Kubernetes Secret
  9. The temporary DNS record is removed

Everything runs fully automated after initial setup.


Key Benefits

Fully automated certificate management

No manual DNS or certificate handling is required.

Kubernetes-native integration

Certificates are managed as native Kubernetes resources via cert-manager.

DNS-01 challenge support

Enables wildcard certificates and works without exposing HTTP endpoints.

API-based DNS automation

OpusDNS handles DNS record creation securely via API.

Scalable architecture

Works across multiple clusters and environments.

 

Conclusion

The Kubernetes ACME integration with OpusDNS provides a fully automated way to manage TLS certificates using cert-manager and DNS-01 challenges.

It eliminates manual certificate operations, supports scalable cloud-native architectures, and ensures secure and reliable certificate lifecycle management in Kubernetes environments.

GitHub Repository:
https://github.com/OpusDNS/cert-manager-webhook-opusdns