A Kubernetes Operator to create and manage Cloudflare Tunnels and DNS records for (HTTP/TCP/UDP*) Service Resources
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Adyanth H 702e042e33
Merge pull request #59 from acrogenesis/patch-1
6 months ago
.github Create FUNDING.yml 6 months ago
api/v1alpha1 ⬆️ Update default cloudflared image 8 months ago
bundle 🔖 v0.8.2 6 months ago
config 🔖 v0.8.2 6 months ago
controllers 🐛 Prevent deleting the DNS entry 8 months ago
docs add cloudflare-operator-system namespace to verify 6 months ago
hack 🎉 Initial commit: Controller for Ingess 11 months ago
images 📝 Update getting started with new Cloudflare API scope terminology 9 months ago
samples 🔨 Update samples to not use kustomize 10 months ago
.dockerignore 🎉 Initial commit: Controller for Ingess 11 months ago
.gitignore 🎉 Initial commit: Controller for Ingess 11 months ago
Dockerfile 👷 Add multi-arch (arm) builds 9 months ago
LICENSE 📄 Fix license 11 months ago
Makefile 🔖 v0.8.2 6 months ago
PROJECT ClusterTunnel resource and controller! 10 months ago
README.md 📝 Documentation for configuration options 8 months ago
bundle.Dockerfile 🔖 v0.8.2 6 months ago
go.mod 🔖 v0.8.2 6 months ago
go.sum 🔖 v0.8.2 6 months ago
main.go 🎉 Set leader election reuse namespace 9 months ago


Cloudflare Operator


A Kubernetes Operator to create and manage Cloudflare Tunnels and DNS records
for (HTTP/TCP/UDP*) Service Resources

Getting Started Guide »

Report Bug · Request Feature

GitHub license GitHub forks GitHub stars GitHub issues Go Report Card

NOTE: This project is currently in Alpha

UDP*: UDP support for Cloudflare Tunnels is in Early Access


The Cloudflare Tunnels guide for deployment on Kubernetes provides a manifest which is very bare bones and does not hook into Kubernetes in any meaningful way. The operator started out as a hobby project of mine to deploy applications in my home lab and expose them to the internet via Cloudflare Tunnels without doing a lot of manual work every time a new application is deployed.


The Cloudflare Operator aims to provide a new way of dynamically deploying the cloudflared daemon on Kubernetes. Scaffolded and built using operator-sdk. Once deployed, this operator provides the following:

  • Ability to create new and use existing Tunnels for Cloudflare for Teams using Custom Resources (CR/CRD) which will:
    • Accept a Secret for Cloudflare API Tokens and Keys
    • Run a scaled (configurable) Deployment of cloudflared
    • Manage a ConfigMap for the above Deployment
    • Have Cluster and Namespace scoped Tunnels
  • A Service controller which monitors Service Resources for Annotations and do the following:
    • Update the cloudflared ConfigMap to include the new Service to be served
    • Restart the cloudflared Deployment to make the configuration change take effect
    • Add a DNS entry in Cloudflare for the specified domain to be a proxied CNAME to the referenced tunnel
    • Reverse the above when the Service is deleted using Finalizers

Bird's eye view

Here is how the operator and the Tunnel Resource fit into your deployment.

Operator Architecture

There is more detailed information on this architecture and thought process behind it in my blog post.

Getting Started

Go through the dedicated documentation on Getting Started to learn how to deploy this operator and a sample tunnel along with a service to expose.

Look into the Configuration documentation to understand various configurable parameters of this operator.

NOTE: This is NOT an official operator provided/backed by Cloudflare Inc. It utilizes their v4 API and their cloudflared to automate setting up of tunnels on Kubernetes.