cloudflare-docs icon indicating copy to clipboard operation
cloudflare-docs copied to clipboard
verified publisher icon cloudflare

Deploying a tunnel with terraform and connecting manually

Open povilasb opened this issue 1 year ago • 1 comments

Existing documentation URL(s)

  • https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/
  • https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/deploy-tunnels/deployment-guides/terraform/

What changes are you suggesting?

There's the 2 above mentioned documents on how to create the Cloudflare tunnels in different ways:

  1. manually via the dashboard,
  2. with terraform.

I was dealing with a use case that is a combo of both:

  1. created a tunnel with terraform,
  2. and manually ran a Mac OS connector with cloudflared tunnel run

None of the docs cover this use case and quite some time was spent on how to make it work. Which roughly resulted in

  1. describe the tunnel in Terraform based on: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/deploy-tunnels/deployment-guides/terraform/
  2. but now I can't use something like
  // Configures the VM to run a startup script that takes in the Terraform variables.
  metadata_startup_script = templatefile("./install-tunnel.tpl",
    {
      tunnel_token = cloudflare_tunnel.auto_tunnel.tunnel_token
    })
    
  cloudflared:
    image: cloudflare/cloudflared:latest
    restart: always
    container_name: cloudflared
    command: tunnel run --token ${tunnel_token}

since my Mac OS machine is not managed by Terraform.

  1. Then on Mac OS I had to do:
cloudflared login
cloudflared tunnel token --cred-file ~/.cloudflared/$TUNNEL_ID.json $TUNNEL_ID
cloudflared tunnel run

Quite simple but this command took me some time to find: cloudflared tunnel token --cred-file.

Do you think it would be worth expanding the docs?

Additional information

No response

povilasb avatar Oct 08 '24 11:10 povilasb

Hi @povilasb, thanks for raising this issue. Were you trying to create a remotely-managed tunnel or a locally-managed tunnel (see descriptions)? Are you able to manually get the token value and put it into cloudflared tunnel run --token ${tunnel_token}?

ranbel avatar Oct 18 '24 18:10 ranbel

Hi, I'm using a default value which I believe is cloudflare, i.e. "remotely managed".

So you know, I've got set this up successfully. And the only problem I'm raising is potentially documenting this case :)

povilasb avatar Oct 21 '24 10:10 povilasb

I don't think this is a new use case, but rather an issue with the Terraform page mixing up remotely-managed tunnels vs. locally-managed tunnels. From https://developers.cloudflare.com/api/operations/cloudflare-tunnel-create-a-cloudflare-tunnel, config_src defaults to creating a local tunnel. We're planning to rewrite the Terraform page to use remotely-managed tunnels instead (pending the 5.0.0 release), which should remove the need for --cred-file.

ranbel avatar Oct 21 '24 16:10 ranbel

ok, will stay in tune. Thank you.

povilasb avatar Oct 22 '24 09:10 povilasb

Hey @povilasb, Here are the updates to the Terraform guide: #21641 How to run a tunnel that was created using the API/Terraform: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel-api/#4-install-and-run-the-tunnel

ranbel avatar Apr 11 '25 22:04 ranbel