Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/adyanth/cloudflare-operator

A Kubernetes Operator to create and manage Cloudflare Tunnels and DNS records for (HTTP/TCP/UDP*) Service Resources
https://github.com/adyanth/cloudflare-operator

cloudflare cloudflare-tunnel cloudflared kubernetes kubernetes-operator operator operator-sdk

Last synced: 4 days ago
JSON representation

A Kubernetes Operator to create and manage Cloudflare Tunnels and DNS records for (HTTP/TCP/UDP*) Service Resources

Host: GitHub
URL: https://github.com/adyanth/cloudflare-operator
Owner: adyanth
License: apache-2.0
Created: 2022-01-02T19:38:54.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2024-09-12T01:27:36.000Z (5 months ago)
Last Synced: 2024-11-24T17:43:10.381Z (3 months ago)
Topics: cloudflare, cloudflare-tunnel, cloudflared, kubernetes, kubernetes-operator, operator, operator-sdk
Language: Go
Homepage: https://adyanth.site/posts/migration-compose-k8s/cloudflare-tunnel-operator-architecture/
Size: 745 KB
Stars: 357
Watchers: 5
Forks: 37
Open Issues: 31
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

awesome-repositories - adyanth/cloudflare-operator - A Kubernetes Operator to create and manage Cloudflare Tunnels and DNS records for (HTTP/TCP/UDP*) Service Resources (Go)

README

Cloudflare Operator

A Kubernetes Operator to create and manage Cloudflare Tunnels and DNS records
for (HTTP/TCP/UDP*) Service Resources

Getting Started Guide »

Report Bug
·
Request Feature

[![GitHub license](https://img.shields.io/github/license/adyanth/cloudflare-operator?color=brightgreen)](https://github.com/adyanth/cloudflare-operator/blob/main/LICENSE)
[![GitHub forks](https://img.shields.io/github/forks/adyanth/cloudflare-operator)](https://github.com/adyanth/cloudflare-operator/network)
[![GitHub stars](https://img.shields.io/github/stars/adyanth/cloudflare-operator)](https://github.com/adyanth/cloudflare-operator/stargazers)
[![GitHub issues](https://img.shields.io/github/issues/adyanth/cloudflare-operator)](https://github.com/adyanth/cloudflare-operator/issues)
[![Go Report Card](https://goreportcard.com/badge/github.com/adyanth/cloudflare-operator)](https://goreportcard.com/report/github.com/adyanth/cloudflare-operator)

> **_NOTE_**: This project is currently in Alpha

> UDP*: UDP support for Cloudflare Tunnels is in [Early Access](https://blog.cloudflare.com/extending-cloudflares-zero-trust-platform-to-support-udp-and-internal-dns/)

## Motivation

The [Cloudflare Tunnels guide](https://developers.cloudflare.com/cloudflare-one/tutorials/many-cfd-one-tunnel) for deployment on Kubernetes provides a [manifest](https://github.com/cloudflare/argo-tunnel-examples/tree/master/named-tunnel-k8s) which is very bare bones and does not hook into Kubernetes in any meaningful way. The operator started out as a hobby project of mine to deploy applications in my home lab and expose them to the internet via Cloudflare Tunnels without doing a lot of manual work every time a new application is deployed.

## Overview

The Cloudflare Operator aims to provide a new way of dynamically deploying the [cloudflared](https://github.com/cloudflare/cloudflared) daemon on Kubernetes. Scaffolded and built using `operator-sdk`. Once deployed, this operator provides the following:

* Ability to create new and use existing Tunnels for [Cloudflare for Teams](https://developers.cloudflare.com/cloudflare-one/) using Custom Resources (CR/CRD) which will:
* Accept a Secret for Cloudflare API Tokens and Keys
* Run a scaled (configurable) Deployment of `cloudflared`
* Manage a ConfigMap for the above Deployment
* Have Cluster and Namespace scoped Tunnels
* A TunnelBinding controller which does the following:
* Update the `cloudflared` ConfigMap to include the new Services to be served under a given Tunnel
* Restart the `cloudflared` Deployment to make the configuration change take effect
* Add a DNS entry in Cloudflare for the specified domain to be a [proxied CNAME to the referenced tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/routing-to-tunnel/dns)
* Reverse the above when the TunnelBinding is deleted using Finalizers

## Bird's eye view

Here is how the operator and the Tunnel Resource fit into your deployment.

![Operator Architecture](images/OperatorArchitecture.png#center)

There is more detailed information on this architecture and the thought process behind it in my [blog post](https://adyanth.site/posts/migration-compose-k8s/cloudflare-tunnel-operator-architecture/).

## Getting Started

Go through the dedicated documentation on [Getting Started](docs/getting-started.md) to learn how to deploy this operator and a sample tunnel along with a service to expose.

Look into the [Configuration](docs/configuration.md) documentation to understand various configurable parameters of this operator.

> **_NOTE_**: This is **NOT** an official operator provided/backed by Cloudflare Inc. It utilizes their [v4 API](https://api.cloudflare.com/) and their [`cloudflared`](https://github.com/cloudflare/cloudflared) to automate setting up of tunnels on Kubernetes.