I have a bare metal kubernetes deployment running on vmware vcloud director and I am struggling to setup cert-manager to manage ssl certificates. As described in following issue, "Challenge" always fails with self-check to cluster's domain name/Public IP because of it is not accessible from inside of cluster (vmware vcloud director doesn't support hairpin nat which is routing traffic from internal server back to internal server using edge gateways public IP).
https://github.com/jetstack/cert-manager/issues/863
There is also a feature request to disable http01 and dns01 self-check but this is not implemented yet.
https://github.com/jetstack/cert-manager/issues/1292
My questin is "Is there a work-around solution to fix this self-check request?" I am also using node-port to open nginx-ingress service to outside. Therefore, I have to route www.domain.com:80 request from cert-manager pod to ingress-nginx pod 31080 port without leaving the kubernetes cluster.
Best Regard
