apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production-dns
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: var_acme_email

    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-sec-production-dns

    # ACME DNS-01 provider configurations
    solvers:
    # An empty 'selector' means that this solver matches all domains
    - selector: {}
      dns01:
        cloudflare:
          email: var_acme_email
          # !! Remember to first create a k8s secret
          # kubectl create secret generic cloudflare-api-key-secret
          apiKeySecretRef:
            name: cf-api-secret
            key: cf-api-key