[stable/zed] feat: add Cloudflare ACME solver (#1221)
This is an automated cherry-pick of #1217
/assign mnaser
diff --git a/roles/cluster_issuer/defaults/main.yml b/roles/cluster_issuer/defaults/main.yml
index f66a246..407acaf 100644
--- a/roles/cluster_issuer/defaults/main.yml
+++ b/roles/cluster_issuer/defaults/main.yml
@@ -23,6 +23,10 @@
cluster_issuer_acme_http01_ingress_class: "{{ atmosphere_ingress_class_name }}"
+cluster_issuer_acme_cloudflare_secret_name: cloudflare-api-token
+cluster_issuer_acme_cloudflare_email: "{{ cluster_issuer_acme_email }}"
+#cluster_issuer_acme_cloudflare_api_token: <CLOUDFLARE_API_TOKEN>
+
cluster_issuer_acme_rfc2136_secret_name: cert-manager-issuer-tsig-secret-key
# cluster_issuer_acme_rfc2136_nameserver: <NAMESERVER>:<PORT>
# cluster_issuer_acme_rfc2136_tsig_algorithm: <ALGORITHM>
diff --git a/roles/cluster_issuer/tasks/type/acme/solver/cloudflare.yml b/roles/cluster_issuer/tasks/type/acme/solver/cloudflare.yml
new file mode 100644
index 0000000..431b08e
--- /dev/null
+++ b/roles/cluster_issuer/tasks/type/acme/solver/cloudflare.yml
@@ -0,0 +1,44 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Create ClusterIssuer
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ - apiVersion: v1
+ kind: Secret
+ metadata:
+ name: "{{ cluster_issuer_acme_cloudflare_secret_name }}"
+ namespace: cert-manager
+ type: Opaque
+ stringData:
+ api-token: "{{ cluster_issuer_acme_cloudflare_api_token }}"
+
+ - apiVersion: cert-manager.io/v1
+ kind: ClusterIssuer
+ metadata:
+ name: "{{ cluster_issuer_name }}"
+ spec:
+ acme:
+ email: "{{ cluster_issuer_acme_email }}"
+ server: "{{ cluster_issuer_acme_server }}"
+ privateKeySecretRef:
+ name: "{{ cluster_issuer_acme_private_key_secret_name }}"
+ solvers:
+ - dns01:
+ cloudflare:
+ email: "{{ cluster_issuer_acme_cloudflare_email }}"
+ apiTokenSecretRef:
+ name: "{{ cluster_issuer_acme_cloudflare_secret_name }}"
+ key: api-token