📝 Improve documentation on using PVC with TLS certificates

traefik · Nov 28, 2022 · f42aa49 · f42aa49
1 parent a85ab38
commit f42aa49
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 5 deletions.
diff --git a/EXAMPLES.md b/EXAMPLES.md
@@ -185,3 +185,24 @@ additionalArguments:
   - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.120.0.0/16"
   - "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.120.0.0/16"
 ```
+
+# Use Traefik Let's Encrypt Integration with CloudFlare
+
+It needs a CloudFlare token in a Kubernetes `Secret` and a working Storage Class
+
+```yaml
+persistence:
+  enabled: true
+  storageClass: xxx
+certResolvers:
+  letsencrypt:
+    dnsChallenge:
+      provider: cloudflare
+    storage: /data/acme.json
+env:
+  - name: CF_DNS_API_TOKEN
+    valueFrom:
+      secretKeyRef:
+        name: yyy
+        key: zzz
+```
diff --git a/traefik/values.yaml b/traefik/values.yaml
@@ -693,10 +693,7 @@ autoscaling:
 
 # Enable persistence using Persistent Volume Claims
 # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
-# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
-# additionalArguments:
-# - "--certificatesresolvers.le.acme.storage=/data/acme.json"
-# It will persist TLS certificates.
+# It can be used to store TLS certificates, see `storage` in certResolvers
 persistence:
   enabled: false
   name: data
@@ -726,7 +723,7 @@ certResolvers: {}
 #     tlsChallenge: true
 #     httpChallenge:
 #       entryPoint: "web"
-#     # match the path to persistence
+#     # It has to match the path with a persistent volume
 #     storage: /data/acme.json
 
 # If hostNetwork is true, runs traefik in the host network namespace