From cf73809362553ac1db1d402375f7e452b84bcccd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Krop=C3=A1=C4=8Dek?= <kropikuba@gmail.com>
Date: Wed, 29 Jan 2025 11:24:55 +0100
Subject: [PATCH] added cert-manager-cf config (base)

---
 .envs/.cloudflare.template             |  2 ++
 .gitignore                             |  2 ++
 kustomization.yaml                     |  9 +++++++++
 kustomize/cert-manager-cloudflare.yaml | 20 ++++++++++++++++++++
 kustomizeconfig/clusterIssuer.yaml     |  7 +++++++
 5 files changed, 40 insertions(+)
 create mode 100644 .envs/.cloudflare.template
 create mode 100644 .gitignore
 create mode 100644 kustomize/cert-manager-cloudflare.yaml
 create mode 100644 kustomizeconfig/clusterIssuer.yaml

diff --git a/.envs/.cloudflare.template b/.envs/.cloudflare.template
new file mode 100644
index 0000000..c69dd2c
--- /dev/null
+++ b/.envs/.cloudflare.template
@@ -0,0 +1,2 @@
+CF_API_TOKEN=
+CF_API_KEY=
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..9de2b2c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+.envs/.*
+!.envs/.*.template
\ No newline at end of file
diff --git a/kustomization.yaml b/kustomization.yaml
index b4563b0..e9814ea 100644
--- a/kustomization.yaml
+++ b/kustomization.yaml
@@ -4,6 +4,15 @@ kind: Kustomization
 resources:
 - ./kustomize/metallb.yaml
 - ./kustomize/csi-driver-nfs.yaml
+- ./kustomize/cert-manager-cloudflare.yaml
+
+secretGenerator:
+  - name: cert-manager-cloudflare
+    envs:
+      - .envs/.cloudflare
+
+configurations:
+  - ./kustomizeconfig/clusterIssuer.yaml
 
 labels:
 - includeSelectors: true
diff --git a/kustomize/cert-manager-cloudflare.yaml b/kustomize/cert-manager-cloudflare.yaml
new file mode 100644
index 0000000..2743190
--- /dev/null
+++ b/kustomize/cert-manager-cloudflare.yaml
@@ -0,0 +1,20 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: cloudflare-issuer
+spec:
+  acme:
+    email: kropikuba@gmail.com
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cloudflare-issuer-account-key
+    solvers:
+      - dns01:
+          cloudflare:
+            email: kropikuba@gmail.com
+            apiTokenSecretRef:
+              name: cert-manager-cloudflare
+              key: CF_API_TOKEN
+            apiKeySecretRef:
+              name: cert-manager-cloudflare
+              key: CF_API_KEY
\ No newline at end of file
diff --git a/kustomizeconfig/clusterIssuer.yaml b/kustomizeconfig/clusterIssuer.yaml
new file mode 100644
index 0000000..40ca23d
--- /dev/null
+++ b/kustomizeconfig/clusterIssuer.yaml
@@ -0,0 +1,7 @@
+nameReference:
+  - kind: Secret
+    fieldSpecs:
+      - kind: Issuer
+        path: spec/acme/solvers/dns01/cloudflare/apiTokenSecretRef/name
+      - kind: Issuer
+        path: spec/acme/solvers/dns01/cloudflare/apiKeySecretRef/name
\ No newline at end of file