2023-12-31 18:26:32 +00:00
|
|
|
# 06 | Cert Manager
|
|
|
|
|
|
|
|
|
|
https://cert-manager.io/docs/installation/kubectl/
|
|
|
|
|
|
|
|
|
|
Install cert-manager - check for latest version.
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml
|
|
|
|
|
```
|
|
|
|
|
|
2024-02-19 00:59:20 +00:00
|
|
|
After cert manager is installed, create API tokens (not keys, but tokens) on cloudflare (User Profile > API Tokens > API Tokens) with permissions:
|
|
|
|
|
|
|
|
|
|
Permissions:
|
|
|
|
|
|
|
|
|
|
* Zone - DNS - Edit
|
|
|
|
|
* Zone - Zone - Read
|
|
|
|
|
|
|
|
|
|
Zone Resources:
|
|
|
|
|
|
|
|
|
|
* Include - All Zones
|
|
|
|
|
|
|
|
|
|
Configure a the API token as a secret in Kubernetes and replace the <APITOKEN> in the below command with the token from cloudflare.
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
kubectl create secret generic cloudflare-api-token-secret --namespace=cert-manager --type=Opaque --from-literal=api-token=<APIKEY>
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Create the Let's Encrypt ClusterIssuer:
|
2023-12-31 18:26:32 +00:00
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
|
|
|
|
|
# Be sure to edit the file and set the production URL if not a test cluster
|
|
|
|
|
kubectl apply -f lets-encrypt-issuer.yaml
|
|
|
|
|
```
|
