What you will need to follow along:
- A domain name and a cloudflare api token with the following permissions:
- Helm
First install cert-manager
#Add the helm repo
helm repo add jetstack https://charts.jetstack.io
# You can remove the experimental support if you don't need it
helm install cert-manager jetstack/cert-manager --version v1.12.3 \
--namespace cert-manager \
--set installCRDs=true \
--create-namespace \
--set "extraArgs={--feature-gates=ExperimentalGatewayAPISupport=true}"
Validating the deployment by executing
kubectl get pods -n cert-manager
should produce the following output
We need cluster issuer to be able to create certificates in our cluster
First we need to create scecret with the cloudflare token in the cert manager space
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-api-token-secret
namespace: cert-manager
type: Opaque
stringData:
api-token: ${CLOUDFLARE_API_TOKEN}
Then we can create the cluster issuer:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: cloudflare-domain-issuer
spec:
acme:
email: email-to-register-domain
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- dns01:
cloudflare:
email: cloudflare-email
apiTokenSecretRef:
name: cloudflare-api-token-secret
key: api-token
if the cluster issuer is ready then we can issue our wildcard certificate
secretName: fine-ops: Specifies the name of the Kubernetes Secret where the generated certificate and private key will be stored.
Note: secretName
specifies the name of the Kubernetes Secret where the generated certificate and private key will be stored.
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: certificate-fine-ops
namespace: default
spec:
dnsNames:
- "*.fine-ops.com"
secretName: fine-ops
issuerRef:
name: cloudflare-domain-issuer
kind: ClusterIssuer
kubectl get cr
Here you have it :)
Using the certificate in the kubernetes Gateway API
Top comments (0)