tunnel deletion does not clean up associated load balancer origin entries

[gregnetau]

We are using cloudflared/CF tunnel to handle ~30M requests per day (and growing) at AWS instances spread around the globe.

On instance startup, these EC2 instances install cloudflared, retrieve certificate from IAM/Secrets Manager, and automatically add themselves to the relevant load balancer pool for the region they are in.

All is swell!

Except - when they shut down, we've had to write a bash script that executes as a last 'gasp' - this process completely de-registers the tunnel instance using /usr/bin/cloudflared tunnel delete $(echo $HOSTNAME) - however we end up with redundant entries in our Cloudflare Load Balancers that eat up quantites of our licensed/paid origins eg:

Pool "foo" hostname => abc123.cfargotunnel (redundant, tunnel abc123 was deleted) hostname => def456.cfargotunnel (redundant, tunnel def456 was deleted) hostname => ghi789.cfargotunnel = ACTIVE, working

We spin up and down tens of EC2 instances per day, so the problem of redundant entries in our load balancer pools is becoming unmanageable.

We have reached out to EntSupport on this one but were told to use the CF API - however, there is currently no Cloudflare API call that permits the removal of a single origin from a load balancer pool.

[gregnetau]

This seems to be similar to https://github.com/cloudflare/cloudflared/issues/549, but my use case is LB specific.