Documentation for Google CloudDNS - Non-GKE Workload Identity

[dronenb]

Is your feature request related to a problem? Please describe.

Presently, the documentation for using Google CloudDNS as an ACME DNS challenge solver only discusses how to use GKE workload identity to authenticate. However, since cert-manager uses Google's standard libraries, it is possible to use workload identity with non-GKE clusters to authenticate to CloudDNS.

I installed Cert-Manager via OLM, but when doing this testing I scaled down the OLM operator and patched the cert-manager deployment.

Example configuration:

• https://github.com/dronenb/HomeLab/blob/e8b36a333497a3850f4782525c9724731fa170a5/kubernetes/workloads/cert-manager-olm/manifests/additions/deployment.yaml#L185-L205
• https://github.com/dronenb/HomeLab/blob/e8b36a333497a3850f4782525c9724731fa170a5/kubernetes/workloads/cert-manager-olm/manifests/additions/config/credential-configuration.json
• https://github.com/dronenb/HomeLab/blob/e8b36a333497a3850f4782525c9724731fa170a5/kubernetes/workloads/cert-manager-olm/manifests/additions/kustomization.yaml#L8-L13
• https://github.com/dronenb/HomeLab/blob/e8b36a333497a3850f4782525c9724731fa170a5/cloud/tofu/cert-manager-clouddns.tf#L1-L13
• https://cert-manager.io/docs/configuration/acme/dns01/google/#create-an-issuer-that-uses-clouddns-1

This works as desired, would be nice if it was documented for non-GKE users to be able to take advantage of workload identity for authentication.

Additional information:

• https://cloud.google.com/iam/docs/workload-identity-federation-with-kubernetes
• https://cloud.google.com/docs/authentication/application-default-credentials#GAC

Environment details (remove if not applicable):

• Kubernetes version: 1.31
• Cloud-provider/provisioner: on-prem
• cert-manager version: 1.16.1
• Install method: OLM

/kind feature