Support Azure Private DNS Zones for DNS Challenge

[patst]

Is your feature request related to a problem? Please describe.

We use cert-manager in air-gapped kubernetes setup for issuing certificates.
We run Azure AKS clusters and have a private ACME server providing us with certificates.
The DNS records are stored in private Azure DNS Zones.

At the moment we have to use the HTTP challenge and therefore have to open port 80 in the firewalls to allow the ACME server doing its challenge.

Describe the solution you'd like

We would like to use the DNS challenge with Azure Private DNS Zones instead of the HTTP challenge.

There has already some discussions about that in #3128 . The ticket is now two years old and I would disagree with the discussion result that DNS records should be publicly visible.
We are not allowed to publish DNS records in public DNS zones. (regulated environment)

Additional context

At the moment only the Azure APIs for managing public DNS zones are used in the azuredns issuer stuff (https://github.com/cert-manager/cert-manager/tree/fd9c01fa8ce02decf22f917535af26ec9468f988/pkg/issuer/acme/dns/azuredns ). The Azure Go SDK contains client for using azure private dns as well: https://github.com/Azure-Samples/azure-sdk-for-go-samples/blob/main/sdk/resourcemanager/privatedns/record_sets/main.go#L90

Environment details (remove if not applicable):

• Cloud-provider/provisioner: Azure AKS

wdyt?

/kind feature

[jetstack-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle stale

[jetstack-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle rotten
/remove-lifecycle stale

[jetstack-bot]

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Send feedback to jetstack.
/close

[jetstack-bot]

@jetstack-bot: Closing this issue.

Details

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Send feedback to jetstack.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[rbinder-vg]

/reopen

[jetstack-bot]

@rbinder-vg: You can't reopen an issue/PR unless you authored it or you are a collaborator.

Details

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[patst]

/reopen

Still relevant for us

[jetstack-bot]

@patst: Reopened this issue.

Details

In response to this:

/reopen

Still relevant for us

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[jetstack-bot]

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Send feedback to jetstack.
/close