kubernetes-bootstrapping/06-cert-manager
2024-02-18 17:59:20 -07:00
..
lets-encrypt-issuer.yaml Add letsencrypt 2024-02-18 17:59:20 -07:00
README.md Add letsencrypt 2024-02-18 17:59:20 -07:00

06 | Cert Manager

https://cert-manager.io/docs/installation/kubectl/

Install cert-manager - check for latest version.

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml

After cert manager is installed, create API tokens (not keys, but tokens) on cloudflare (User Profile > API Tokens > API Tokens) with permissions:

Permissions:

  • Zone - DNS - Edit
  • Zone - Zone - Read

Zone Resources:

  • Include - All Zones

Configure a the API token as a secret in Kubernetes and replace the in the below command with the token from cloudflare.

kubectl create secret generic cloudflare-api-token-secret --namespace=cert-manager --type=Opaque --from-literal=api-token=<APIKEY>

Create the Let's Encrypt ClusterIssuer:


# Be sure to edit the file and set the production URL if not a test cluster
kubectl apply -f lets-encrypt-issuer.yaml