Dev/talos-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
19000739aecbbae00a2d063e4ba93e0962a97187
talos-cluster/kubernetes/apps/network/cloudflare-tunnel/app/helmrelease.yaml
Laur IVAN aac7544c96 chore: initial commit 🚀
2026-02-04 16:21:02 +01:00

85 lines
2.3 KiB
YAML
Raw Blame History

---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cloudflare-tunnel
spec:
chartRef:
kind: OCIRepository
name: cloudflare-tunnel
interval: 1h
values:
controllers:
cloudflare-tunnel:
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: docker.io/cloudflare/cloudflared
tag: 2026.1.1
env:
NO_AUTOUPDATE: true
TUNNEL_METRICS: 0.0.0.0:8080
TUNNEL_POST_QUANTUM: true # disable when using http2
TUNNEL_TRANSPORT_PROTOCOL: quic # or http2
envFrom:
- secretRef:
name: cloudflare-tunnel-secret
args: ["tunnel", "run"]
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /ready
port: &port 8080
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 10m
limits:
memory: 256Mi
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 65534
runAsGroup: 65534
service:
app:
ports:
http:
port: *port
serviceMonitor:
app:
endpoints:
- port: http
configMaps:
config:
data:
config.yaml: |-
ingress:
- hostname: "*.${SECRET_DOMAIN}"
originRequest:
http2Origin: true
originServerName: external.${SECRET_DOMAIN}
service: https://envoy-external.{{ .Release.Namespace }}.svc.cluster.local:443
- service: http_status:404
persistence:
config-file:
type: configMap
identifier: config
globalMounts:
- path: /etc/cloudflared/config.yaml
subPath: config.yaml
Reference in New Issue View Git Blame Copy Permalink