remove cloudflare email

nebari-dev · Feb 14, 2025 · a7d3422 · a7d3422
1 parent dd97d27
commit a7d3422
Show file tree

Hide file tree

Showing 5 changed files with 3 additions and 24 deletions.
diff --git a/src/_nebari/stages/kubernetes_ingress/__init__.py b/src/_nebari/stages/kubernetes_ingress/__init__.py
@@ -194,19 +194,15 @@ def input_vars(self, stage_outputs: Dict[str, Dict[str, Any]]):
             self.config.certificate.acme_challenge_type
         )
         if self.config.certificate.acme_challenge_type == AcmeChallengeType.dns.value:
-            if None in {
-                os.environ.get("CLOUDFLARE_TOKEN"),
-                os.environ.get("CLOUDFLARE_EMAIL"),
-            }:
+            if os.environ.get("CLOUDFLARE_TOKEN") is None:
                 raise ValueError(
-                    "Environment variables 'CLOUDFLARE_TOKEN' and 'CLOUDFLARE_EMAIL' "
-                    "must be set for DNS challenge type ('acme_challenge_type: dns')"
+                    "Environment variable 'CLOUDFLARE_TOKEN' must be set along with "
+                    "'DNS:Edit' permission for DNS challenge type ('acme_challenge_type: dns')"
                 )
             else:
                 cert_details["cloudflare-dns-api-token"] = os.environ.get(
                     "CLOUDFLARE_TOKEN"
                 )
-                cert_details["cloudflare-email"] = os.environ.get("CLOUDFLARE_EMAIL")
         return {
             **{
                 "traefik-image": {

diff --git a/src/_nebari/stages/kubernetes_ingress/template/main.tf b/src/_nebari/stages/kubernetes_ingress/template/main.tf
@@ -11,7 +11,6 @@ module "kubernetes-ingress" {
   acme-email                = var.acme-email
   acme-server               = var.acme-server
   acme-challenge-type       = var.acme-challenge-type
-  cloudflare-email          = var.cloudflare-email
   cloudflare-dns-api-token  = var.cloudflare-dns-api-token
   certificate-secret-name   = var.certificate-secret-name
   load-balancer-annotations = var.load-balancer-annotations

diff --git a/src/_nebari/stages/kubernetes_ingress/template/modules/kubernetes/ingress/main.tf b/src/_nebari/stages/kubernetes_ingress/template/modules/kubernetes/ingress/main.tf
@@ -16,10 +16,6 @@ locals {
   }
   # for dns challenge, we need to set the cloudflare env vars
   cloudflare_env_vars = var.acme-challenge-type == "dns" ? [
-    {
-      name  = "CLOUDFLARE_EMAIL"
-      value = var.cloudflare-email
-    },
     {
       name  = "CLOUDFLARE_DNS_API_TOKEN"
       value = var.cloudflare-dns-api-token

diff --git a/src/_nebari/stages/kubernetes_ingress/template/modules/kubernetes/ingress/variables.tf b/src/_nebari/stages/kubernetes_ingress/template/modules/kubernetes/ingress/variables.tf
@@ -50,12 +50,6 @@ variable "acme-challenge-type" {
   default     = "tls"
 }
 
-variable "cloudflare-email" {
-  # https://go-acme.github.io/lego/dns/cloudflare/
-  description = "Cloudflare email"
-  default     = null
-}
-
 variable "cloudflare-dns-api-token" {
   # https://go-acme.github.io/lego/dns/cloudflare/
   description = "Cloudflare dns api token for DNS challenge"

diff --git a/src/_nebari/stages/kubernetes_ingress/template/variables.tf b/src/_nebari/stages/kubernetes_ingress/template/variables.tf
@@ -43,12 +43,6 @@ variable "acme-challenge-type" {
   default     = "tls"
 }
 
-variable "cloudflare-email" {
-  # https://go-acme.github.io/lego/dns/cloudflare/
-  description = "Cloudflare email"
-  default     = null
-}
-
 variable "cloudflare-dns-api-token" {
   # https://go-acme.github.io/lego/dns/cloudflare/
   description = "Cloudflare dns api token for DNS challenge"