4.9 KiB
# cloudflare-tunnel
Connect your resources to Cloudflare without a publicly routable IP address.
Homepage: https://github.com/plcnk/charts/tree/master/charts/cloudflare-tunnel
This chart is not maintained by the upstream project and any issues with the chart should be raised here
Source Code
Requirements
Kubernetes: >=1.22.0-0
Dependencies
| Repository | Name | Version |
|---|---|---|
| https://bjw-s-labs.github.io/helm-charts | common | 3.3.2 |
Installing the Chart
To install the chart with the release name cloudflare-tunnel
OCI (Recommended)
helm install cloudflare-tunnel oci://ghcr.io/plcnk/charts/cloudflare-tunnel
Traditional
helm repo add plcnk https://charts.plcnk.net
helm repo update
helm install cloudflare-tunnel plcnk/cloudflare-tunnel
Uninstalling the Chart
To uninstall the cloudflare-tunnel deployment
helm uninstall cloudflare-tunnel
The command removes all the Kubernetes components associated with the chart including persistent volumes and deletes the release.
Configuration
Read through the values.yaml file. It has several commented out suggested values. Other values may be used from the values.yaml from the bjw-s common library.
Specify each parameter using the --set key=value[,key=value] argument to helm install.
helm install cloudflare-tunnel \
--set env.TZ="America/New York" \
plcnk/cloudflare-tunnel
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
helm install cloudflare-tunnel plcnk/cloudflare-tunnel -f values.yaml
Custom configuration
Note
This chart only supports the remotely-managed (dashboard) version of Cloudflare Tunnel. The locally-managed (CLI) version is currently not supported.
Values
Important: When deploying an application Helm chart you can add more values from the bjw-s common library chart here
| Key | Type | Default | Description |
|---|---|---|---|
| controllers.main.containers.app.env | object | See values.yaml | Environment variables |
| controllers.main.containers.app.image.pullPolicy | string | "IfNotPresent" |
Image pull policy |
| controllers.main.containers.app.image.repository | string | "cloudflare/cloudflared" |
Image repository |
| controllers.main.containers.app.image.tag | string | "2025.4.2" |
Image tag |
| controllers.main.containers.app.securityContext.allowPrivilegeEscalation | bool | false |
Disable privilege escalations |
| controllers.main.containers.app.securityContext.capabilities | object | {"drop":["ALL"]} |
Drop all capabilities |
| controllers.main.containers.app.securityContext.readOnlyRootFilesystem | bool | true |
Mount the container's root filesystem as read-only |
| controllers.main.pod.securityContext.fsGroup | int | 65534 |
Volume binds will be granted to nobody group |
| controllers.main.pod.securityContext.runAsGroup | int | 65534 |
Run as nobody group |
| controllers.main.pod.securityContext.runAsNonRoot | bool | true |
Run container as a non-root user |
| controllers.main.pod.securityContext.runAsUser | int | 65534 |
Run as nobody user |
| controllers.main.replicas | int | 1 |
Number of desired pods |
| controllers.main.resources | object | {} |
Set the resource requests / limits for the container. |
| controllers.main.type | string | "deployment" |
Controller type |
| logLevel | string | "info" |
Set the container log level. Accepted values: debug, info, warn, error, fatal |
| metrics | object | {"enabled":false,"port":""} |
Enable Metrics Monitor under this key. |
| tunnel.existingSecret | object | {"enabled":false,"key":"","name":""} |
You can set the token as an existing secret here. Cannot coexist with tunnel.token |
| tunnel.token | string | "your-token-here" |
Set the Cloudflare Tunnel token here. Cannot coexist with tunnel.existingSecret.enabled set to true. |
Autogenerated from chart metadata using helm-docs