A Kubernetes Operator to create and manage Cloudflare Tunnels and DNS records
for (HTTP/TCP/UDP*) Service Resources

Getting Started Guide »

Report Bug · Request Feature

NOTE: This project is currently in Alpha

UDP*: UDP support for Cloudflare Tunnels is in Early Access

The Cloudflare Tunnels guide for deployment on Kubernetes provides a manifest which is very bare bones and does not hook into Kubernetes in any meaningful way. The operator started out as a hobby project of mine to deploy applications in my home lab and expose them to the internet via Cloudflare Tunnels without doing a lot of manual work every time a new application is deployed.

The Cloudflare Operator aims to provide a new way of dynamically deploying the cloudflared daemon on Kubernetes. Scaffolded and built using operator-sdk. Once deployed, this operator provides the following:

• Ability to create new and use existing Tunnels for Cloudflare for Teams using Custom Resources (CR/CRD) which will:
  • Accept a Secret for Cloudflare API Tokens and Keys
  • Run a scaled (configurable) Deployment of cloudflared
  • Manage a ConfigMap for the above Deployment
  • Have Cluster and Namespace scoped Tunnels
• A TunnelBinding controller which does the following:
  • Update the cloudflared ConfigMap to include the new Services to be served under a given Tunnel
  • Restart the cloudflared Deployment to make the configuration change take effect
  • Add a DNS entry in Cloudflare for the specified domain to be a proxied CNAME to the referenced tunnel
  • Reverse the above when the TunnelBinding is deleted using Finalizers

Here is how the operator and the Tunnel Resource fit into your deployment.

There is more detailed information on this architecture and the thought process behind it in my blog post.

NOTE: This is NOT an official operator provided/backed by Cloudflare Inc. It utilizes their v4 API and their cloudflared to automate setting up of tunnels on Kubernetes.