home-cluster-ops/kubernetes/infrastructure/cert-manager/clusterissuer/clusterissuer-cloudflare.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: clusterissuer
  namespace: cert-manager
spec:
  acme:
    email: ${email}
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: cluster-issuer-account-key
    solvers:
      - dns01:
          cloudflare:
            email: ${email}
            apiTokenSecretRef:
              name: clusterissuer-secrets
              key: cloudflare_api_token
        selector:
          dnsNames:
            - "${cluster_cert_domain}"
            - "*.${cluster_cert_domain}"