-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathletsencrypt-cloudflare.sh
50 lines (44 loc) · 1.07 KB
/
letsencrypt-cloudflare.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash
echo "---------------------------------------------"
echo "-- cert-manager/cluster-issuer/letsencrypt-cloudflare.sh"
echo "---------------------------------------------"
DEVBOX_INGRESS=${DEVBOX_INGRESS:-traefik}
if [ -z "$CLOUDFLARE_EMAIL" ];
then
echo "CLOUDFLARE_EMAIL is required"
exit 1
fi
if [ -z "$CLOUDFLARE_API_KEY" ];
then
echo "CLOUDFLARE_API_KEY is required"
exit 1
fi
cat <<EOF | kubectl -n cert-manager apply -f -
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-api-key
type: Opaque
stringData:
api-key: ${CLOUDFLARE_API_KEY}
EOF
# Create mkcert ClusterIssuer
cat <<EOF | kubectl -n cert-manager apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-cloudflare
spec:
acme:
email: ${CLOUDFLARE_EMAIL}
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-cloudflare
solvers:
- dns01:
cloudflare:
email: ${CLOUDFLARE_EMAIL}
apiKeySecretRef:
name: cloudflare-api-key
key: api-key
EOF