TLSPolicy is not enforced with multicluster and Azure DNS

[averevki]

I have a problem when trying to set up TLS Policies on multicluster with Azure DNS. One of the TLS Policies gets enforced, and the other one does not. I'm continuously getting the following lines from the cert-manager on not enforced cluster:
E1007 11:57:01.921774 1 sync.go:190] "propagation check failed" err="DNS record for \"95m6ow0.azure.something.net\" not yet propagated" logger="cert-manager.challenges" resource_name="gw-averevki--mslh-tls-1-2594030270-2480175981" resource_namespace="kuadrant" resource_kind="Challenge" resource_version="v1" dnsName="95m6ow0.azure.something.net" type="DNS-01". Not enforced TLSPolicy just shows that the certificate is not ready.

I believe it has something to do with acme challenges (race condition?). We are using the DNS 01 challenge to issue Let's Encrypt certificates. It's always the first policy I'm creating that is failing, and if I wait around a minute between their creation (after around that time acme challenge on the first cluster is completed), all is enforced successfully. There are no issues with the same setup and other DNS providers

Kuadrant operator catalog image tag: nightly-07-10-2024

[mikenairn]

@averevki Can you provide more details about the gateways/listeners and TLSPolices you are using when you get this error? How many do you have, are they all in the same namespace?