K8s cluster - cert-manager

Why?

It’s quite handy to have a service which automatically requests and renews all required SSL certificates.

k8s config

installing the CRD and cert-manager)

$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml

cloudflare token:

apiVersion: v1
kind: Secret
metadata:
  name: cloudflare-api-token
  namespace: cert-manager
type: Opaque
stringData:
  token: REDACTED

cluster issuer (the difference between Issuer and ClusterIssuer is that Issuer is bound to namespace it is created in, while ClusterIssuer is available in every namespace):

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: bonusplay
  namespace: cert-manager
spec:
  acme:
    email: [email protected]
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-bonusplay
    solvers:
      - dns01:
          cloudflare:
            email: REDACTED
            apiKeySecretRef:
              name: cloudflare-api-token
              key: token