1. Proposed title of this feature request

Provide DNS-01 support for OpenStack Designate in cert-manager operator

2. What is the nature and description of the request?

cert-manager does not have native support for OpenStack Designate as a DNS service for DNS-01 challenges. There are some example webhook solvers in the community but they do not appear to be well-maintained. This request is to include a supported Designate DNS-01 solver implementation in the cert-manager operator.

3. Why does the customer need this? (List the business requirements here)

The customer is running shift-on-stack on a Red Hat OpenStack Services for OpenShift (RHOSO) which provides Designate for tenants to manage their DNS records. Cluster DNS records are managed with Designate. The customer would like to be able to use ACME to automate the management of the cluster TLS certificates in that environment without direct CA integration (i.e. Vault plugin). The customer's ACME solution (Hashicorp Vault) does not support ACME without domain validation.

4. List any affected packages or components.

cert-manager Operator for OpenShift