diff --git a/inventory/sample/group_vars/k8s_cluster/addons.yml b/inventory/sample/group_vars/k8s_cluster/addons.yml
index 4cf9ba45b..f55d338c0 100644
--- a/inventory/sample/group_vars/k8s_cluster/addons.yml
+++ b/inventory/sample/group_vars/k8s_cluster/addons.yml
@@ -169,6 +169,10 @@ cert_manager_enabled: false
 #     - "1.1.1.1"
 #     - "8.8.8.8"
 
+# cert_manager_controller_extra_args:
+#   - "--dns01-recursive-nameservers-only=true"
+#   - "--dns01-recursive-nameservers=1.1.1.1:53,8.8.8.8:53"
+
 # MetalLB deployment
 metallb_enabled: false
 metallb_speaker_enabled: "{{ metallb_enabled }}"
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/defaults/main.yml b/roles/kubernetes-apps/ingress_controller/cert_manager/defaults/main.yml
index bd3d2fefa..ae5918a37 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/defaults/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/defaults/main.yml
@@ -6,6 +6,7 @@ cert_manager_affinity: {}
 cert_manager_nodeselector: {}
 cert_manager_dns_policy: "ClusterFirst"
 cert_manager_dns_config: {}
+cert_manager_controller_extra_args: []
 
 
 ## Change leader election namespace when deploying on GKE Autopilot that forbid the changes on kube-system namespace.
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2
index 69635b351..2fc60bb87 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2
@@ -947,6 +947,9 @@ spec:
           - --v=2
           - --cluster-resource-namespace=$(POD_NAMESPACE)
           - --leader-election-namespace={{ cert_manager_leader_election_namespace }}
+{% for extra_arg in cert_manager_controller_extra_args %}
+          - {{ extra_arg }}
+{% endfor %}
           ports:
           - containerPort: 9402
             name: http-metrics