K8s cluster - cert-manager
Why?
It’s quite handy to have a service which automatically requests and renews all required SSL certificates.
k8s config
installing the CRD and cert-manager)
$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml
cloudflare token:
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-api-token
namespace: cert-manager
type: Opaque
stringData:
token: REDACTED
cluster issuer (the difference between Issuer
and ClusterIssuer
is that Issuer
is bound to namespace it is created in, while ClusterIssuer
is available in every namespace):
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: bonusplay
namespace: cert-manager
spec:
acme:
email: [email protected]
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-bonusplay
solvers:
- dns01:
cloudflare:
email: REDACTED
apiKeySecretRef:
name: cloudflare-api-token
key: token