Cloudflare has released Origin CA Issuer, an extension to cert-manager, a native Kubernetes certificate management controller. Integrating with Cloudflare Origin CA, the extension makes it easier to create and renew Cloudflare Origin Certificates.

For many years, Cloudflare has recommended that site owners install a TLS certificate on their web servers so that they can encrypt traffic from the content delivery network (CDN) endpoint to the origin. However, implementing this as a site owner is not straightforward.

Acknowledging the challenges with certificate maintenance on a Kubernetes cluster, Terin Stock, software engineer at Cloudflare, discussed the steps required to integrate the Origin CA in a blog post. Supported on Kubernetes 1.16 or newer, the origin-ca-issuer installation requires permissions to create Custom Resources Definitions (CRDs) in the target cluster.

#kubernetes