Cloudflare

This Driver generates a new subdomain for a domain that is managed in a Cloudflare Zone.

Inputs #

Values #

Secrets #

None

Notes #

This Driver adds records to a Cloudflare Zonefile pointing at the Load Balancer for the relevant cluster. The Driver will generate new unique subdomains.

This Driver can be used with environments running on different clusters.

Zone Identifier #

Cloudflare organizes resources into “Zones”. You can find the Zone Identifier on the main dash page for the domain. It is at the bottom right under the heading Zone ID.

API Token #

The Driver uses a Cloudflare API Token to add, update and remove DNS records. The token must have Zone.DNS edit permissions on the zone the subdomain should be set up in.

The token should be added as an account of type cloudflare.

Example #

Use the humanitec/dns-cloudflare Driver to provision a new subdomain under staging.cf-hosted-domain.com for an app called cloudflare-dns-example-app.

First, the Cloud Account containing the Cloudflare API Token must be created:

curl https://api.humanitec.io/orgs/my-org/resources/accounts \
  -X POST \
  -H "Authorization: Bearer ${HUMANITEC_TOKEN}" \
  -H "Content-Type: application/json" \
  --data-binary '{
    "id": "cloudflare-example-account",
    "name": "Cloudflare Example Account",
    "type": "cloudflare",
    "credentials": {
      "token": "kji2b0masdlkfjbaslf-b28n"
    }
  }'

Testing the account will verify that the token is valid, has not expired, and is in the correct form for the Platform Orchestrator to use:

humctl api POST /orgs/my-org/resources/accounts/cloudflare-example-account/actions/check -d '{}'

Then the following dynamic Resource Definition should be added. Apply the following modifications as needed:

• Adjust the criteria to the Matching Criteria to fit your setup.
• Decide whether you need to co-provision an ingress resource as shown, and remove the provision section if not. See Routes for a discussion on how the networking Resource Types work together.

• CLI
• API
• Terraform

cat <<EOF > dynamic-dns-cloudflare.yaml
apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
  id: dynamic-dns-cloudflare
entity:
  driver_account: cloudflare-example-account
  driver_type: humanitec/dns-cloudflare
  name: "Dynamic DNS via Cloudflare"
  type: dns
  driver_inputs:
    values:
      zone_id: 1ef520391d97ed73c38bc35dd8b570d0
      domain: staging.cf-hosted-domain.com
      ttl: 1
      proxied: false
  criteria:
    - app_id: cloudflare-dns-example-app
  provision:
    ingress:
      is_dependent: false
EOF

humctl create -f dynamic-dns-cloudflare.yaml

curl https://api.humanitec.io/orgs/my-org/resources/defs \
  -X POST \
  -H "Authorization: Bearer ${HUMANITEC_TOKEN}" \
  -H "Content-Type: application/json" \
  --data-binary '{
  "id": "dynamic-dns-cloudflare",
  "name": "Dynamic DNS via Cloudflare",
  "type": "dns",
  "driver_account": "cloudflare-example-account",
  "driver_type": "humanitec/dns-cloudflare",
  "driver_inputs": {
    "values": {
      "zone_id": "1ef520391d97ed73c38bc35dd8b570d0",
      "domain": "staging.cf-hosted-domain.com",
      "ttl": 1,
      "proxied": false
    }
  },
  "criteria": [
    {
      "app_id": "cloudflare-dns-example-app"
    }
  ],
  "provision": {
    "ingress": {
      "is_dependent": false
    }
  }
}'

resource "humanitec_resource_definition" "dns-cloudflare" {
  id             = "dynamic-dns-cloudflare"
  name           = "Dynamic DNS via Cloudflare"
  type           = "dns"
  driver_account = "cloudflare-example-account"
  driver_type    = "humanitec/dns-cloudflare"

  driver_inputs = {
    values_string = jsonencode({
      "zone_id" = "1ef520391d97ed73c38bc35dd8b570d0"
      "domain"  = "staging.cf-hosted-domain.com"
      "ttl"     = 1
      "proxied" = false
    })
  }

  provision = {
    ingress = {
      is_dependent = false
    }
  }
}

resource "humanitec_resource_definition_criteria" "dns-cloudflare" {
  resource_definition_id = humanitec_resource_definition.dns-cloudflare.id
  app_id                 = "cloudflare-dns-example-app"
}