apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: cert-manager namespace: argo-cd finalizers: - resources-finalizer.argocd.argoproj.io spec: destination: server: https://kubernetes.default.svc namespace: cert-manager project: default source: chart: cert-manager helm: values: | prometheus: enabled: false extraArgs: - --enable-certificate-owner-ref=true - --dns01-recursive-nameservers-only - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53 repoURL: https://charts.jetstack.io targetRevision: 1.10.1 syncPolicy: automated: prune: true selfHeal: true --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: roxedus.com-cloudflare namespace: cert-manager spec: acme: server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: cloudflare-issuer-account-key solvers: - dns01: cloudflare: apiTokenSecretRef: name: cloudflare-api-token-secret key: CLOUDFLARE_API_KEY # selector: # dnsNames: # - 'roxedus.com' # - '*.roxedus.com' --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: # add an annotation indicating the issuer to use. cert-manager.io/acme-challenge-type: dns01 cert-manager.io/cluster-issuer: roxedus.com-cloudflare name: testingress namespace: default spec: ingressClassName: traefik rules: - host: test.roxedus.com http: paths: - pathType: Prefix path: / backend: service: name: searxng port: number: 8080 tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames - hosts: - test.roxedus.com secretName: test-roxedus-com-cert # < cert-manager will store the created certificate in this secret.