Zone
A kind: Zone resource should be created per domain name that's managed in Cloudflare. Here you can specify the API
Token and any Zone settings.
A kind: Zone resource is required in order to configure any additional api types on a Cloudflare domain. Each domain
managed by Kubeflare should have exactly 1 resource of this type deployed to the cluster.
All keys under settings default to the same default values as documented in the Cloudflare API.
If the settings key is not included in the manifest, no settings will be changed in the Cloudflare zone. If
the settings key is specified, only keys that are specified will be applied to the Cloudflare zone.
apiVersion: crds.kubeflare.io/v1alpha1
kind: Zone
metadata:
name: domainname.io
spec:
apiToken: api-token-name
settings:
alwaysUseHttps: true
alwaysOnline: true
minify:
css: true
apiToken
Each zone should have an API Token specified. The value of this field should be the name of a kind: APIToken resource.
settings
All Cloudflare Zone Settings can be specified in the settings
key of this resource. Kubeflare uses a lowerCamelCase standard to specify all fields in the Cloudflare Zone.
Note that the Cloudflare API and docs use string types with values of "off" and "on" for boolean settings. Kubeflare uses boolean objects (true, false) and will map those to the string types accepted by Cloudflare.
| Kubeflare Setting | Cloudflare Setting | Data Type |
|---|---|---|
| advancedDDOS | advanced_ddos | boolean |
| alwaysOnline | always_online | boolean |
| alwaysUseHttps | always_use_https | boolean |
| opportunisticOnion | opportunistic_onion | boolean |
| automaticHTTPSRewrites | automatic_https_rewrites | boolean |
| browserCacheTTL | browser_cache_ttl | int |
| browserCheck | browser_check | boolean |
| cacheLevel | cache_level | string |
| challengeTTL | challenge_ttl | int |
| developmentMode | development_mode | boolean |
| emailObfuscation | email_obfuscation | boolean |
| hotlinkProtection | hotlink_protection | boolean |
| ipGeolocation | ip_geoloation | boolean |
| ipv6 | ipv6 | boolean |
| minify | minify | |
| mobileRedirect | mobile_redirect | |
| mirage | mirage | boolean |
| originErrorPagePassThru | origin_error_page_pass_thru | boolean |
| opportunisticEncryption | opportunistic_encryption | boolean |
| polish | polish | boolean |
| webp | webp | boolean |
| brotli | brotli | boolean |
| prefetchPreload | prefetch_preload | boolean |
| privacyPass | privacy_pass | boolean |
| responseBuffering | response_buffering | boolean |
| rocketLoader | rocket_loader | boolean |
| securityHeader | security_header | |
| securityLevel | security_level | string |
| serverSideExclude | server_side_exclude | boolean |
| sortQueryStringForCache | sort_query_string_for_cache | boolean |
| ssl | ssl | boolean |
| minTLSVersion | min_tls_version | string |
| ciphers | ciphers | []string |
| tls13 | tls_1_3 | boolean |
| tlsClientAuth | tls_client_auth | boolean |
| trueClientIPHeader | true_client_ip_header | boolean |
| waf | waf | boolean |
| http2 | http2 | boolean |
| http3 | http3 | boolean |
| 0rtt | 0rtt | boolean |
| pseudoIPV4 | pseudo_ipv4 | boolean |
| websockets | websockets | boolean |
| imageResizing | image_resizing | boolean |
| http2Prioritization | h2_prioritization | boolean |