Skip to main content

Cloudflare Origin Issuer

Overview

Cloudflare Origin Issuer is available as an add-on within Ankra's platform, allowing you to automatically manage and issue Cloudflare Origin CA certificates. It ensures secure and trusted connections between your applications and Cloudflare. This add-on supports both Issuer and ClusterIssuer types for certificate management.

Configuration Options

The Cloudflare Origin Issuer add-on offers configurable inputs to customize the deployment based on your cluster's needs. Below are the available inputs:

Inputs

  • Helm Chart Version
    This input sets the version of the Cloudflare Origin Issuer Helm chart to deploy.

    • Default: 0.5.7
    • Options:
      • 0.5.7 (default)

    Example:

    helm_chart_version: "0.5.7"

  • Kubectl CRD Version
    This input sets the version of the Custom Resource Definition (CRD) to be applied when deploying the Cloudflare Origin Issuer.

    • Default: v0.9.0
    • Options:
      • v0.9.0 (default)

    Example:

    kubectl_crd_version: "v0.9.0"

  • Cloudflare Origin Key Variable Name
    This input specifies the secret key variable that contains the Cloudflare Origin key for secure communications.

    • Default: CLOUDFLARE_ORIGIN_KEY

    Example:

    cloudflare_origin_key_variable_name: "CLOUDFLARE_ORIGIN_KEY"

Usage

Deploying Cloudflare Origin Issuer

To deploy Cloudflare Origin Issuer in your Kubernetes cluster using Ankra, follow these steps:

  1. Access the Add-ons Section
    In Ankra's platform, navigate to the Add-ons section and select Cloudflare Origin Issuer from the available add-ons.

  2. Configure Inputs
    You will be prompted to configure the following inputs:

    • Helm Chart Version: Choose the required version of the Cloudflare Origin Issuer Helm chart or leave it as the default version.
    • Kubectl CRD Version: Specify the CRD version for the Cloudflare Origin Issuer.
    • Cloudflare Origin Key Variable Name: Set the environment variable containing your Cloudflare Origin key.

    Example configuration:

    helm_chart_version: "0.5.7"
    kubectl_crd_version: "v0.9.0"
    cloudflare_origin_key_variable_name: "CLOUDFLARE_ORIGIN_KEY"

  3. How to use Cloudflare Origin Iusser

    ClusterIusser

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
    name: example-ingress-cloudflare
    namespace: default
    annotations:
        cert-manager.io/cluster-issuer: "cloudflare-origin-issuer"  # Cloudflare Origin CA ClusterIssuer
        cert-manager.io/issuer-kind: "ClusterOriginIssuer"  # Use the ClusterOriginIssuer from Cloudflare Origin CA
        cert-manager.io/issuer-group: "cert-manager.k8s.cloudflare.com"  # Cloudflare Origin CA Issuer group
    spec:
    tls:
    - hosts:
        - example.com
        secretName: cloudflare-origin-cert  # Secret for storing the certificate
    rules:
    - host: example.com
        http:
        paths:
        - path: /
            pathType: Prefix
            backend:
            service:
                name: example-service
                port:
                number: 80