From e85857a3290d1ce07f731b0cf0451b6699cfb953 Mon Sep 17 00:00:00 2001 From: Ibrahim Mkusa Date: Wed, 4 Jun 2025 22:12:50 -0400 Subject: [PATCH] Cloudflare tunnel for k8s --- manifests/TIPS.md | 3 +++ manifests/cloudflare/deploy.yaml | 46 ++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 manifests/cloudflare/deploy.yaml diff --git a/manifests/TIPS.md b/manifests/TIPS.md index 88ad61b..51c78f5 100644 --- a/manifests/TIPS.md +++ b/manifests/TIPS.md @@ -24,3 +24,6 @@ kubectl create secret generic pihole-dashboard-password ``` + +If possible, create a secret resource during setup rather than hardcoding +passwords otherwise there's a good chance of it being committed unawares diff --git a/manifests/cloudflare/deploy.yaml b/manifests/cloudflare/deploy.yaml new file mode 100644 index 0000000..51521cf --- /dev/null +++ b/manifests/cloudflare/deploy.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + creationTimestamp: null + labels: + app: cloudflare + name: cloudflare + namespace: gitea +spec: + securityContext: + sysctls: + - name: net.ipv4.ping_group_range + value: "65532 65532" + replicas: 2 + selector: + matchLabels: + app: cloudflare + strategy: {} + template: + metadata: + creationTimestamp: null + labels: + app: cloudflare + spec: + containers: + - image: cloudflare/cloudflared:latest + name: cloudflared + command: + - cloudflared + - tunnel + - --no-autoupdate + - --metrics + - 0.0.0.0:2000 + - run + args: + - --token + - YOUR_TOKEN_HERE_FROM_CLOUDFLARE_GUI + livenessProbe: + httpGet: + path: /ready + port: 2000 + failureThreshold: 1 + initialDelaySeconds: 10 + periodSeconds: 10 + resources: {} +status: {}