創建存放cloudflare api token的Secret
01-cloudflare-token.yaml
apiVersion: v1 kind: Secret metadata: name: cloudflare-api-token-secret namespace: cert-manager type: Opaque stringData: api-token: $Your_api_token
創建 issuer
02-cloudflare-ClusterIssuer.yaml
apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-dns01 spec: acme: privateKeySecretRef: name: letsencrypt-dns01 server: https://acme-v02.api.letsencrypt.org/directory solvers: - dns01: cloudflare: email: [email protected] # 替換成你的 cloudflare 郵箱賬號,API Token 方式認證非必需,API Keys 認證是必需 apiTokenSecretRef: key: api-token name: cloudflare-api-token-secret # 引用儲存 cloudflare 認證資訊的 Secret
自簽Certificate
03-cloudflare-Certificate.yaml
apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: cert-yourdomain-com namespace: default spec: dnsNames: - cert.yourdomain.com # 要簽發證書的域名 issuerRef: kind: ClusterIssuer name: letsencrypt-dns01 # 引用 ClusterIssuer,指示採用 dns01 方式進行校驗 secretName: cert-yourdomain-com # 最終簽發出來的證書會儲存在這個 Secret 裡面
創建ingress
04-cloudflare-ingress.yaml
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tls-test-ingress annotations: # add an annotation indicating the issuer to use. cert-manager.io/cluster-issuer: letsencrypt-dns01 spec: ingressClassName: cilium rules: - host: cert.yourdomain.com http: paths: - path: / pathType: Prefix backend: service: name: nginx-service port: number: 80 tls: - hosts: - cert.yourdomain.com secretName: cert-yourdomain-com
Cloudflare創建一筆要產生TLS的DNS
訪問url 檢查tls是否正常