Skip to content

cert-manager

brew install helm

Installing with Helm

helm repo add jetstack https://charts.jetstack.io --force-update
helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.18.0 \
  --set crds.enabled=true
kubectl -n cert-manager get pod

Issuer Configuration

Create a secret in Kubernetes containing the Cloudflare API token.

Go to Cloudflare dashboard - click Create Token and use the Edit zone DNS template. Pick the specific zone resource. Restrict the client IP.

For details on yaml configuration, see:

Cloudflare API tokens

Creating a ACME ClusterIssuer

cd ~/git/Privat/homelab-pages/docs/traefik
kubectl apply -n cert-manager -f cloudflare_api_token.yaml
kubectl apply -f acme_clusterissuer.yaml

Troubleshooting

Check the status of the certificate in the traefik namespace:

kubectl get certificates -n traefik --no-headers -o custom-columns=":metadata.name" | xargs -I {} kubectl describe certificates {} -n traefik

kubectl get certificaterequests -n traefik --no-headers -o custom-columns=":metadata.name" | xargs -I {} kubectl describe certificaterequests {} -n traefik

kubectl get order -n traefik --no-headers -o custom-columns=":metadata.name" | xargs -I {} kubectl describe order {} -n traefik

kubectl get challenges -n traefik --no-headers -o custom-columns=":metadata.name" | xargs -I {} kubectl describe challenges {} -n traefik