cloudflared icon indicating copy to clipboard operation
cloudflared copied to clipboard
verified publisher icon cloudflare

🐛Cloudflare tunnels fail to serve on k8s with unique config

Open SpiderUnderUrBed opened this issue 9 months ago • 3 comments

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior:

  1. Have a k8s cluster (k3s is what im using, if it doesnt work normally try k3s)
  2. run this config:
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tunnel
  labels:
    app: tunnel
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tunnel
  template:
    metadata:
      labels:
        app: tunnel
    spec:
      containers:
        - name: tunnel
          image: cloudflare/cloudflared:latest
          args:
            - tunnel
            - --no-autoupdate
            - run
          env:
            - name: TUNNEL_TOKEN
              valueFrom:
                configMapKeyRef:
                  name: env
                  key: CLOUDFLARE_TUNNEL_TOKEN
      restartPolicy: Always
  1. Make a configmap with your tunnel key
  2. apply it

If it's an issue with Cloudflare Tunnel: 6. Tunnel ID : 45c97001-1aa1-4159-9c26-93d4fcc9262f 7. cloudflared config: Expected behaviorA clear and concise description of what you expected to happen. Shared it earlier

Environment and versions

  • OS: Linux (raspberrypi buster)
  • Architecture: aarch64
  • Version:Debian GNU/Linux 12 (bookworm)

Logs and errors

If applicable, add logs or errors to help explain your problem.
2025-03-26T10:40:28Z INF Starting tunnel tunnelID=45c97001-1aa1-4159-9c26-93d4fcc9262f
2025-03-26T10:40:28Z INF Version 2025.2.1 (Checksum a08167aafc749f0c6dbdd0df3c82fc72f9de0d3e47a66959d7ed7a5d603a4a76)
2025-03-26T10:40:28Z INF GOOS: linux, GOVersion: go1.22.5-devel-cf, GoArch: arm64
2025-03-26T10:40:28Z INF Settings: map[no-autoupdate:true]
2025-03-26T10:40:28Z INF Environmental variables map[TUNNEL_TOKEN:*****]
2025-03-26T10:40:28Z INF Generated Connector ID: 9002a8cf-39a9-4d02-b4bd-4ed9196c25f4
2025-03-26T10:40:28Z INF Initial protocol quic
2025-03-26T10:40:29Z INF ICMP proxy will use 172.16.246.55 as source for IPv4
2025-03-26T10:40:29Z INF ICMP proxy will use fe80::7850:31ff:fe93:b43c in zone eth0 as source for IPv6
2025-03-26T10:40:29Z INF ICMP proxy will use 172.16.246.55 as source for IPv4
2025-03-26T10:40:29Z INF ICMP proxy will use fe80::7850:31ff:fe93:b43c in zone eth0 as source for IPv6
2025-03-26T10:40:29Z INF Starting metrics server on [::]:20241/metrics
2025-03-26T10:40:29Z INF Using [CurveID(4588) CurveID(25497) CurveP256] as curve preferences connIndex=0 event=0 ip=198.41.192.37
2025-03-26T10:40:29Z ERR Failed to serve tunnel connection error="context canceled" connIndex=0 event=0 ip=198.41.192.37
2025-03-26T10:40:29Z INF Retrying connection in up to 2s connIndex=0 event=0 ip=198.41.192.37
2025-03-26T10:40:29Z INF Tunnel server stopped
2025-03-26T10:40:29Z ERR Initiating shutdown error="context canceled"
2025-03-26T10:40:29Z ERR icmp router terminated error="context canceled"
2025-03-26T10:40:29Z INF Metrics server stopped
context canceled

Additional context Add any other context about the problem here.

SpiderUnderUrBed avatar Mar 26 '25 10:03 SpiderUnderUrBed

I added the protocol to be http2, and now I am getting this:

2025-03-26T18:36:51Z ERR Register tunnel error from server side error="Unauthorized: Failed to get tunnel" connIndex=0 event=0 ip=198.41.192.77
2025-03-26T18:36:51Z INF Retrying connection in up to 1m4s connIndex=0 event=0 ip=198.41.192.77

I checked the token, 3 times and its correct, so if its not a token issue, is this a cloudflared issue? and how do i fix it

SpiderUnderUrBed avatar Mar 26 '25 18:03 SpiderUnderUrBed

@bermudo01 Please send it through pastebin, that link looks suspicious and I am not opening it.

SpiderUnderUrBed avatar Apr 17 '25 02:04 SpiderUnderUrBed