DNS - Cloudflare

Reference for the humanitec/dns-cloudflare driver

This driver generates a new subdomain for a domain that is managed in a Cloudflare Zone.

Property

Description

Resource Type

​dns​

Account Type

cloudflare

Inputs

Values

Name

Type

Description

zone_id

string

The ID of the Cloudflare zone the record is in.

domain

string

The domain under which to specify the subdomain. E.g. staging.example.com

proxied

boolean

[Optional] A boolean value specifying whether Cloudflare proxies this subdomain. Defaults to false.

ttl

integer

[Optional] An integer number of seconds that the DNS name should live for. Defaults to 1 which means "Default" in Cloudflare.

Secrets

Name

Type

Description

tls

object

A TLS certificate in Kubernetes certificate format. E.g. {"tls.crt": "...", "tls.key": "..."}

The TLS certificate must be a wildcard certificate valid for subdomains of the domain value. E.g. for staging.example.com, the certificate must include *.staging.example.com as an CN or SAN.

Notes

Zone Identifier

Cloudflare organises resources into "Zones". You can find the Zone Identifier on the main dash page for the domain. It is at the bottom right under the heading Zone ID.

API Token

The driver uses a Cloudflare API Token to add, update and remove DNS records. The token must have Zone.DNS edit permissions on the zone the subdomain should be set up in.

The token should be added as an account of type cloudflare.

Example

In this example, we use the humantec/dns-cloudflare driver to provision new subdomains under staging.cf-hosted-domain.com for an app called cloudflare-dns-example-app.

First, the Resource Account containing the Cloudflare API Token must be created:

curl https://api.humanitec.io/orgs/my-org/resources/accounts \
-X POST \
-H "Authorization: Bearer $HUMANITEC_TOKEN" \
-H "Content-Type: application/json" \
--data-binary '{
"id": "cloudflare-example-account",
"name": "Cloudflare Example Account",
"type": "cloudflare",
"credentials": {
"token": "kji2b0masdlkfjbaslf-b28n"
}
}'

Then following Dynamic Resource Definition should be added:

curl https://api.humanitec.io/orgs/my-org/resources/dynamic \
-X POST \
-H "Authorization: Bearer $HUMANITEC_TOKEN" \
-H "Content-Type: application/json" \
--data-binary '{
"id": "dynamic-dns-cloudflare",
"name": "Dynamic DNS via Cloudflare",
"type": "dns",
"criteria": [
{
"app_id": "cloudflare-dns-example-app"
}
],
"account_id": "cloudflare-example-account",
"driver_type": "humanitec/dns-cloudflare",
"driver_params": {
"values": {
"zone_id": "1ef520391d97ed73c38bc35dd8b570d0",
"domain": "staging.cf-hosted-domain.com",
"ttl": 1,
"proxied": false
},
"secrets": {
"tls": {
"tls.crt": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n",
"tls.key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
}
}
}
}'

​