Cloudflare DNS

While one of the main tennants of this cluster project is to be entirely selfhosted. There are some things that simply cannot be. One of those things is public DNS.

Chose cloudflare as a domain registrar because not only does it have a terraform provider to manage configuration as code, but also has free to use tunnel proxies as a mechanism to ingress public traffic (more on these later) and the community has created the cloudflare-operator for well integrated use inside of kubernetes. A perfect match.

Creating an account is straight forward enough as well as searching for an buying a domain.

Setup 2FA on the account.

First setup a bootstrap tf environment. This environment will need the Global API Key and will perfom setup that cant function with an api token like handling domain registration and generating api tokens

cloudflare/bootstrap/main.tf

provider "cloudflare" {}

resource "cloudflare_registrar_domain" "evolutionchamber_org" {
  account_id  = "..."
  domain_name = "evolutionchamber.org"
  auto_renew  = true
  locked      = true
  privacy     = true
}

resource ""

To use the terraform provider will need to setup a token.

https://dash.cloudflare.com/profile/api-tokens

Create a new token terraform and grant

Account:Account Settings:Edit
Zone:Zone:Edit
Zone:DNS:Edit

Add Client IP Address filtering as this will be a fairly high privileged token to do account setup.

main.tf

provider "cloudflare" {}

resource "cloudflare_zone" "evolutionchamber_org" {
  account = {
    id = "..."
  }
  name = "evolutionchamber.org"
  type = "full"
}

requirements.tf

terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
    }
  }
}

When I was initially setting this up I haddnt gotten so far as to get it all into terraform. So had to import the existing zone

main.tf

import {
  to = cloudflare_zone.evolutionchamber_org
  id = "<zone id>""  
}

export CLOUDFLARE_API_TOKEN=...
terraform init && terraform apply