cloudflared

package
v0.2.0-alpha.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 7, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package cloudflared provides utilities for managing cloudflared Kubernetes resources.

Package cloudflared provides utilities for managing cloudflared Kubernetes resources.

Index

Constants

View Source 
const (
	// DefaultImage is the default cloudflared container image.
	// Points to the inherent-design fork which includes h2c origin support.
	DefaultImage = "ghcr.io/inherent-design/cloudflared:2026.3.0-h2c.2"

	// DefaultMetricsPort is the default port for cloudflared metrics.
	DefaultMetricsPort = 2000

	// TokenEnvVar is the environment variable name for the tunnel token.
	TokenEnvVar = "TUNNEL_TOKEN"

	// TokenSecretKey is the key in the secret containing the token.
	TokenSecretKey = "token"
)

Variables

This section is empty.

Functions

func ConfigMapName 

func ConfigMapName(tunnelName string) string

ConfigMapName returns the name for the cloudflared ConfigMap.

func DeploymentName 

func DeploymentName(tunnelName string) string

DeploymentName returns the name for the cloudflared Deployment.

func Labels 

func Labels(tunnelName string) map[string]string

Labels returns the standard labels for cloudflared resources.

func Selector 

func Selector(tunnelName string) map[string]string

Selector returns the label selector for cloudflared pods.

func TokenSecretName 

func TokenSecretName(tunnelName string) string

TokenSecretName returns the name for the tunnel token Secret.

Types

type Builder 

type Builder interface {
	// BuildDeployment creates a Deployment for cloudflared.
	// The deployment uses the tunnel token for authentication.
	BuildDeployment(tunnel *cfgatev1alpha1.CloudflareTunnel, token string) *appsv1.Deployment

	// BuildConfigMap creates a ConfigMap for cloudflared configuration.
	// This is used when running with a config file instead of remote config.
	BuildConfigMap(tunnel *cfgatev1alpha1.CloudflareTunnel, config *TunnelConfig) (*corev1.ConfigMap, error)

	// BuildTokenSecret creates a Secret containing the tunnel token.
	BuildTokenSecret(tunnel *cfgatev1alpha1.CloudflareTunnel, token string) *corev1.Secret
}

Builder creates Kubernetes resources for cloudflared deployments.

type DefaultBuilder 

type DefaultBuilder struct{}

DefaultBuilder is the default implementation of Builder.

func NewBuilder 

func NewBuilder() *DefaultBuilder

NewBuilder creates a new DefaultBuilder.

func (*DefaultBuilder) BuildConfigMap 

func (b *DefaultBuilder) BuildConfigMap(tunnel *cfgatev1alpha1.CloudflareTunnel, config *TunnelConfig) (*corev1.ConfigMap, error)

BuildConfigMap creates a ConfigMap for cloudflared configuration. This is used when running with a config file instead of remote config.

func (*DefaultBuilder) BuildDeployment 

func (b *DefaultBuilder) BuildDeployment(tunnel *cfgatev1alpha1.CloudflareTunnel, token string) *appsv1.Deployment

BuildDeployment creates a Deployment for cloudflared. The deployment includes: - Proper labels for selection - Resource limits and requests - Liveness and readiness probes - Token-based authentication - Metrics endpoint configuration

func (*DefaultBuilder) BuildTokenSecret 

func (b *DefaultBuilder) BuildTokenSecret(tunnel *cfgatev1alpha1.CloudflareTunnel, token string) *corev1.Secret

BuildTokenSecret creates a Secret containing the tunnel token.

type IngressRule 

type IngressRule struct {
	// Hostname is the hostname to match.
	Hostname string `yaml:"hostname,omitempty"`

	// Path is the path regex to match.
	Path string `yaml:"path,omitempty"`

	// Service is the origin service URL.
	Service string `yaml:"service"`

	// OriginRequest contains per-rule origin settings.
	OriginRequest *OriginRequestConfig `yaml:"originRequest,omitempty"`
}

IngressRule represents a single ingress rule in the config.

type OriginRequestConfig 

type OriginRequestConfig struct {
	ConnectTimeout         string `yaml:"connectTimeout,omitempty"`
	TLSTimeout             string `yaml:"tlsTimeout,omitempty"`
	TCPKeepAlive           string `yaml:"tcpKeepAlive,omitempty"`
	NoHappyEyeballs        bool   `yaml:"noHappyEyeballs,omitempty"`
	KeepAliveConnections   int    `yaml:"keepAliveConnections,omitempty"`
	KeepAliveTimeout       string `yaml:"keepAliveTimeout,omitempty"`
	HTTPHostHeader         string `yaml:"httpHostHeader,omitempty"`
	OriginServerName       string `yaml:"originServerName,omitempty"`
	CAPool                 string `yaml:"caPool,omitempty"`
	NoTLSVerify            bool   `yaml:"noTLSVerify,omitempty"`
	DisableChunkedEncoding bool   `yaml:"disableChunkedEncoding,omitempty"`
	BastionMode            bool   `yaml:"bastionMode,omitempty"`
	ProxyAddress           string `yaml:"proxyAddress,omitempty"`
	ProxyPort              int    `yaml:"proxyPort,omitempty"`
	ProxyType              string `yaml:"proxyType,omitempty"`
	HTTP2Origin            bool   `yaml:"http2Origin,omitempty"`
	H2cOrigin              bool   `yaml:"h2cOrigin,omitempty"`
}

OriginRequestConfig contains origin connection settings.

func BuildOriginConfig 

func BuildOriginConfig(defaults *cfgatev1alpha1.OriginDefaults, annotations map[string]string) *OriginRequestConfig

BuildOriginConfig builds an OriginRequestConfig from tunnel defaults and annotations.

type TunnelConfig 

type TunnelConfig struct {
	// TunnelID is the tunnel UUID.
	TunnelID string `yaml:"tunnel"`

	// CredentialsFile is the path to the credentials file.
	CredentialsFile string `yaml:"credentials-file,omitempty"`

	// Ingress is the list of ingress rules.
	Ingress []IngressRule `yaml:"ingress"`

	// OriginRequest contains default origin settings.
	OriginRequest *OriginRequestConfig `yaml:"originRequest,omitempty"`

	// WarpRouting enables WARP routing.
	WarpRouting *WarpRoutingConfig `yaml:"warp-routing,omitempty"`

	// Protocol is the tunnel transport protocol.
	Protocol string `yaml:"protocol,omitempty"`

	// LogLevel is the log level.
	LogLevel string `yaml:"loglevel,omitempty"`

	// NoAutoUpdate disables auto-updates.
	NoAutoUpdate bool `yaml:"no-autoupdate,omitempty"`

	// Metrics is the metrics endpoint address.
	Metrics string `yaml:"metrics,omitempty"`
}

TunnelConfig represents the cloudflared configuration file structure. This is used when running cloudflared with a config file instead of remote config.

func NewTunnelConfig 

func NewTunnelConfig(tunnel *cfgatev1alpha1.CloudflareTunnel, tunnelID string) *TunnelConfig

NewTunnelConfig creates a new TunnelConfig with defaults from a CloudflareTunnel.

func ParseConfig 

func ParseConfig(data []byte) (*TunnelConfig, error)

ParseConfig parses a YAML configuration file.

func (*TunnelConfig) AddRule 

func (c *TunnelConfig) AddRule(rule IngressRule)

AddRule adds an ingress rule to the configuration. Rules are inserted before the catch-all rule.

func (*TunnelConfig) Marshal 

func (c *TunnelConfig) Marshal() ([]byte, error)

Marshal serializes the configuration to YAML.

func (*TunnelConfig) SetCatchAll 

func (c *TunnelConfig) SetCatchAll(service string)

SetCatchAll sets the catch-all rule (must be last).

func (*TunnelConfig) Validate 

func (c *TunnelConfig) Validate() error

Validate validates the configuration. Returns an error if the configuration is invalid.

type WarpRoutingConfig 

type WarpRoutingConfig struct {
	Enabled bool `yaml:"enabled"`
}

WarpRoutingConfig contains WARP routing settings.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.