cloudflare-operator icon indicating copy to clipboard operation
cloudflare-operator copied to clipboard

Published 20 hours ago verified publisher icon adyanth

Migrate to Cloudflare Tunnels API

Open adyanth opened this issue 2 years ago • 8 comments

The Argo Tunnels API has been set to be EOL on 4th Feb 2024.

The new Cloudflare Tunnels API may also have configuration APIs once the feature to configure the tunnels from the dashboard comes out of beta. This means that when a new service is added, an API call can be made to add it, rather than managing a ConfigMap manually.

adyanth avatar Mar 27 '22 05:03 adyanth

No point in implementing this until the configuration API is available and documented.

:method: PUT :scheme: https :authority: api.teams.cloudflare.com :path: /api/v4/accounts//cfd_tunnel//configurations Content-Type: text/plain;charset=UTF-8 Accept: / Host: api.teams.cloudflare.com Content-Length: 123

{
    "config": {
        "ingress": [
            {
                "hostname": "sample.example.com",
                "service": "http://localhost:8080"
            },
            {
                "service": "http_status:404"
            }
        ]
    }
}

adyanth avatar Mar 27 '22 05:03 adyanth

First of all, fantastic project! I believe they have published the docs here https://api.cloudflare.com/#cloudflare-tunnel-properties

mysticaltech avatar May 10 '22 04:05 mysticaltech

Yup, looks like it is out of beta!

I'm thinking if I should just substitute this API in place of writing to the configMap (which only helps to have the config safe outside the cluster), or is there something else I can do. Creating a tunnel per service is wasteful IMO.

Adding this would take away the mode/feature this currently has, that is the ability to run without connecting to the Cloudflare API directly using any tokens. I think that might be a feature people would like, so this should be an alternative that you can select (probably in the CRD) rather than the only implementation.

adyanth avatar May 10 '22 05:05 adyanth

Sounds good. As long as things are well compartmentalized, and this works equally well for an individual hobby setup or a cluster being hit millions of times a day, it's good!

mysticaltech avatar May 10 '22 06:05 mysticaltech

Hey @adyanth in the meantime do you think it's ok to use the latest cloudflared version?

acrogenesis avatar Jul 15 '22 00:07 acrogenesis

Hey @acrogenesis , where do you mean? You can set the cloudflared version by setting the Tunnel.spec.image to cloudflare/cloudflared:latest

adyanth avatar Jul 15 '22 04:07 adyanth

Yeah, I meant if it was safe to do that.

acrogenesis avatar Jul 20 '22 14:07 acrogenesis

@acrogenesis yes. But I held back from making it take the latest by default to prevent any breaking changes upstream break this as well. I'll update the default every release and later probably set up an automated pipeline to do it.

adyanth avatar Jul 20 '22 14:07 adyanth