# 06 | Cert Manager

https://cert-manager.io/docs/installation/kubectl/

Install cert-manager - check for latest version.

```yaml
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml
```

After cert manager is installed, create API tokens (not keys, but tokens) on cloudflare (User Profile > API Tokens > API Tokens) with permissions:

Permissions:

* Zone - DNS - Edit
* Zone - Zone - Read

Zone Resources:

* Include - All Zones

Configure a the API token as a secret in Kubernetes and replace the <APITOKEN> in the below command with the token from cloudflare.

```bash
kubectl create secret generic cloudflare-api-token-secret --namespace=cert-manager --type=Opaque --from-literal=api-token=<APIKEY>
```

Create the Let's Encrypt ClusterIssuer:

```yaml

# Be sure to edit the file and set the production URL if not a test cluster
kubectl apply -f lets-encrypt-issuer.yaml
```