CloudFlare
To use CloudFlare, you may use one of two types of tokens. API Tokens allow application-scoped keys bound to specific zones and permissions, while API Keys are globally-scoped keys that carry the same permissions as your account.
API Tokens are recommended for higher security, since they have more restrictive permissions and are more easily revocable.
API Tokens
Tokens can be created at User Profile > API Tokens > API Tokens. The following settings are recommended:
- Permissions:
Zone - DNS - Edit
Zone - Zone - Read
- Zone Resources:
Include - All Zones
To create a new Issuer
, first make a Kubernetes secret containing your new API token:
apiVersion: v1kind: Secretmetadata:name: cloudflare-api-token-secrettype: OpaquestringData:api-token: <API Token>
Then in your Issuer
manifest:
apiVersion: cert-manager.io/v1alpha2kind: Issuermetadata:name: example-issuerspec:acme:...solvers:- dns01:cloudflare:email: my-cloudflare-acc@example.comapiTokenSecretRef:name: cloudflare-api-token-secretkey: api-token
API Keys
API keys can be retrieved at User Profile > API Tokens > API Keys > Global API Key > View.
To create a new Issuer
, first make a Kubernetes secret containing your API key:
apiVersion: v1kind: Secretmetadata:name: cloudflare-api-key-secrettype: OpaquestringData:api-key: <API Key>
Then in your Issuer
manifest:
apiVersion: cert-manager.io/v1alpha2kind: Issuermetadata:name: example-issuerspec:acme:...solvers:- dns01:cloudflare:email: my-cloudflare-acc@example.comapiKeySecretRef:name: cloudflare-api-key-secretkey: api-key