From f42aa49939d19e257649f353222d93fd10a626cd Mon Sep 17 00:00:00 2001 From: mloiseleur <97035654+mloiseleur@users.noreply.github.com> Date: Mon, 28 Nov 2022 11:32:05 +0100 Subject: [PATCH] :memo: Improve documentation on using PVC with TLS certificates --- EXAMPLES.md | 21 +++++++++++++++++++++ traefik/values.yaml | 7 ++----- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/EXAMPLES.md b/EXAMPLES.md index 0c6363d43..181ad2ab8 100644 --- a/EXAMPLES.md +++ b/EXAMPLES.md @@ -185,3 +185,24 @@ additionalArguments: - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.120.0.0/16" - "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.120.0.0/16" ``` + +# Use Traefik Let's Encrypt Integration with CloudFlare + +It needs a CloudFlare token in a Kubernetes `Secret` and a working Storage Class + +```yaml +persistence: + enabled: true + storageClass: xxx +certResolvers: + letsencrypt: + dnsChallenge: + provider: cloudflare + storage: /data/acme.json +env: + - name: CF_DNS_API_TOKEN + valueFrom: + secretKeyRef: + name: yyy + key: zzz +``` diff --git a/traefik/values.yaml b/traefik/values.yaml index 15f1682c7..b2b08ef06 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -693,10 +693,7 @@ autoscaling: # Enable persistence using Persistent Volume Claims # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg: -# additionalArguments: -# - "--certificatesresolvers.le.acme.storage=/data/acme.json" -# It will persist TLS certificates. +# It can be used to store TLS certificates, see `storage` in certResolvers persistence: enabled: false name: data @@ -726,7 +723,7 @@ certResolvers: {} # tlsChallenge: true # httpChallenge: # entryPoint: "web" -# # match the path to persistence +# # It has to match the path with a persistent volume # storage: /data/acme.json # If hostNetwork is true, runs traefik in the host network namespace