Cloudflare Tunnel Ingress Controller
TLDR; This project simplifies exposing Kubernetes services to the internet easily and securely using Cloudflare Tunnel.
Prerequisites
To use the Cloudflare Tunnel Ingress Controller, you need to have a Cloudflare account and a domain configured on Cloudflare. You also need to create a Cloudflare API token with the following permissions: Zone:Zone:Read, Zone:DNS:Edit, and Account:Cloudflare Tunnel:Edit.
Additionally, you need to fetch the Account ID from the Cloudflare dashboard.
Finally, you need to have a Kubernetes cluster with public Internet access.
Get Started
Take a look on this video to see how smoothly and easily it works:
Want to DIY? The following instructions would help your bootstrap a minikube Kubernetes Cluster, then expose the Kubernetes Dashboard to the internet via Cloudflare Tunnel Ingress Controller.
- You should have a Cloudflare account and a domain configured on Cloudflare.
- Create a Cloudflare API token with the following:
Zone:Zone:ReadZone:DNS:EditAccount:Cloudflare Tunnel:Edit
- Fetch the Account ID from the Cloudflare dashboard, follow the instructions here.
- Bootstrap a minikube cluster
minikube start- Add Helm Repository;
helm repo add strrl.dev https://helm.strrl.dev
helm repo update- Install with Helm:
helm upgrade --install --wait \
-n cloudflare-tunnel-ingress-controller --create-namespace \
cloudflare-tunnel-ingress-controller \
strrl.dev/cloudflare-tunnel-ingress-controller \
--set=cloudflare.apiToken="<cloudflare-api-token>",cloudflare.accountId="<cloudflare-account-id>",cloudflare.tunnelName="<your-favorite-tunnel-name>" if the tunnel does not exist, controller will create it for you.
- Then enable some awesome features in minikube, like kubernetes-dashboard:
minikube addons enable dashboard
minikube addons enable metrics-server- Then expose the dashboard to the internet by creating an
Ingress:
kubectl -n kubernetes-dashboard \
create ingress dashboard-via-cf-tunnel \
--rule="<your-favorite-domain>/*=kubernetes-dashboard:80"\
--class cloudflare-tunnelfor example, I would use
dash.strrl.cloudas my favorite domain here.
- At last, access the dashboard via the domain you just created:
- Done! Enjoy! 🎉
Alternative
There is also an awesome project which could integrate with Cloudflare Tunnel as CRD, check it out adyanth/cloudflare-operator!
Contributing
Contributions are welcome! If you find a bug or have a feature request, please open an issue or submit a pull request.
License
This project is licensed under the MIT License. See the LICENSE file for details.