Add docs for using DNS01
Sem-Ver: docs
Change-Id: I491161f0aa0b2ea4560487da06a5364f14e40465
diff --git a/docs/certificates.md b/docs/certificates.md
index fd32d47..7772774 100644
--- a/docs/certificates.md
+++ b/docs/certificates.md
@@ -1,5 +1,52 @@
# Certificates
+## Using LetsEncrypt DNS challenges
+
+### RFC2136
+
+If you have DNS server that supports RFC2136, you can use it to solve the DNS
+challenges, you'll need to have the following information:
+
+- Email address
+- Nameserver IP address
+- TSIG Algorithm
+- TSIG Key Name
+- TSIG Key Secret
+
+You'll need to update your Ansible inventory to be the following:
+
+```yaml
+cert_manager_issuer:
+ acme:
+ email: <EMAIL>
+ privateKeySecretRef:
+ name: letsencrypt-prod
+ server: https://acme-v02.api.letsencrypt.org/directory
+ solvers:
+ - dns01:
+ rfc2136:
+ nameserver: <NS>:<PORT>
+ tsigAlgorithm: <ALGORITHM>
+ tsigKeyName: <NAME>
+ tsigSecretSecretRef:
+ key: tsig-secret-key
+ name: tsig-secret
+```
+
+After you're done, you'll need to add a new secret to the Kubernetes cluster,
+you will need to do it by using the following YAML file:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: tsig-secret
+ namespace: openstack
+type: Opaque
+stringData:
+ tsig-secret-key: <KEY>
+```
+
## Using self-signed certificates
If you are in an environment which does not have a trusted certificate authority
@@ -10,4 +57,4 @@
cert_manager_issuer:
ca:
secretName: root-secret
-```
\ No newline at end of file
+```
diff --git a/releasenotes/notes/add-dns01-docs-f4849506aa12c25c.yaml b/releasenotes/notes/add-dns01-docs-f4849506aa12c25c.yaml
new file mode 100644
index 0000000..75d8d54
--- /dev/null
+++ b/releasenotes/notes/add-dns01-docs-f4849506aa12c25c.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Added documentation to using DNS01 challenges for certificates.