Skip to content

feat: unified Cloudflare secret with Reflector replication #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
justgithubaccount merged 4 commits into from
Dec 6, 2025
Merged

feat: unified Cloudflare secret with Reflector replication #8

justgithubaccount merged 4 commits into from
Dec 6, 2025

Conversation

@justgithubaccount
Copy link
Owner

@justgithubaccount justgithubaccount commented Dec 6, 2025

Summary

  • Add new Cloudflare SealedSecret in external-dns namespace with Reflector annotations
  • Configure automatic replication to cert-manager namespace
  • Update external-dns and cert-manager to use unified cloudflare-token secret name
  • Remove duplicate cloudflare-secrets.yaml from cert-manager

Changes

File Change
external-dns/cloudflare-secrets.yaml New SealedSecret with Reflector annotations
external-dns/application.yaml Use cloudflare-token secret
cert-manager/issuer-cluster.yaml Use cloudflare-token secret
cert-manager/kustomization.yaml Remove cloudflare-secrets.yaml reference
cert-manager/cloudflare-secrets.yaml Deleted (replaced by Reflector)

How it works

  1. SealedSecret creates cloudflare-token in external-dns namespace
  2. Reflector automatically replicates to cert-manager namespace
  3. Both services use the same token with unified naming

Test plan

  • Verify SealedSecret is created in external-dns namespace
  • Verify Reflector replicates secret to cert-manager namespace
  • Verify external-dns can manage DNS records
  • Verify cert-manager can issue certificates

🤖 Generated with Claude Code

justgithubaccount and others added 4 commits December 6, 2025 11:44
@justgithubaccount @claude
feat(external-dns): add Cloudflare SealedSecret with Reflector
8613e1c 
Add new SealedSecret for Cloudflare API token with Reflector annotations
to automatically replicate to cert-manager namespace.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@justgithubaccount @claude
refactor(external-dns): use cloudflare-token secret name
44c8d65 
Change secret reference from external-dns-secret to cloudflare-token
for unified secret naming across services.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@justgithubaccount @claude
refactor(cert-manager): use cloudflare-token secret name
375557f 
Change ClusterIssuer to use cloudflare-token secret (replicated by
Reflector from external-dns namespace) instead of cert-manager-secret.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@justgithubaccount @claude
refactor(cert-manager): remove duplicate Cloudflare secret
3b63cbd 
Remove cloudflare-secrets.yaml - secret is now replicated from
external-dns namespace via Reflector.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@justgithubaccount justgithubaccount merged commit e084269 into main Dec 6, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@justgithubaccount