added cert-manager-cf config (base)

2025-01-29 11:24:55 +01:00 · 2025-01-29 11:24:55 +01:00 · cf73809362
commit cf73809362
parent 826f74e04f
5 changed files with 40 additions and 0 deletions
--- a/.envs/.cloudflare.template
+++ b/.envs/.cloudflare.template
@ -0,0 +1,2 @@
+CF_API_TOKEN=
+CF_API_KEY=
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+.envs/.*
+!.envs/.*.template
--- a/kustomization.yaml
+++ b/kustomization.yaml
@ -4,6 +4,15 @@ kind: Kustomization
 resources:
 - ./kustomize/metallb.yaml
 - ./kustomize/csi-driver-nfs.yaml
+- ./kustomize/cert-manager-cloudflare.yaml
+
+secretGenerator:
+  - name: cert-manager-cloudflare
+    envs:
+      - .envs/.cloudflare
+
+configurations:
+  - ./kustomizeconfig/clusterIssuer.yaml

 labels:
 - includeSelectors: true
--- a/kustomize/cert-manager-cloudflare.yaml
+++ b/kustomize/cert-manager-cloudflare.yaml
@ -0,0 +1,20 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: cloudflare-issuer
+spec:
+  acme:
+    email: kropikuba@gmail.com
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cloudflare-issuer-account-key
+    solvers:
+      - dns01:
+          cloudflare:
+            email: kropikuba@gmail.com
+            apiTokenSecretRef:
+              name: cert-manager-cloudflare
+              key: CF_API_TOKEN
+            apiKeySecretRef:
+              name: cert-manager-cloudflare
+              key: CF_API_KEY
--- a/kustomizeconfig/clusterIssuer.yaml
+++ b/kustomizeconfig/clusterIssuer.yaml
@ -0,0 +1,7 @@
+nameReference:
+  - kind: Secret
+    fieldSpecs:
+      - kind: Issuer
+        path: spec/acme/solvers/dns01/cloudflare/apiTokenSecretRef/name
+      - kind: Issuer
+        path: spec/acme/solvers/dns01/cloudflare/apiKeySecretRef/name