diff --git a/README.md b/README.md
index 163c414..1febe44 100644
--- a/README.md
+++ b/README.md
@@ -27,6 +27,7 @@ The code in this repository is provided as-is with no warranties.
| Chart | Description |
| ----- | ----------- |
+| [# cloudflare-tunnel 
](https://github.com/plcnk/charts/tree/master/charts/cloudflare-tunnel/) | Connect your resources to Cloudflare without a publicly routable IP address. |
| [# it-tools 
](https://github.com/plcnk/charts/tree/master/charts/it-tools/) | Collection of handy online tools for developers, with great UX. |
| [# moodist 
](https://github.com/plcnk/charts/tree/master/charts/moodist/) | Ambient sounds for focus and calm. |
| [# wikijs 
](https://github.com/plcnk/charts/tree/master/charts/wikijs/) | A modern, lightweight and powerful wiki app built on NodeJS. |
diff --git a/charts/cloudflare-tunnel/.helmignore b/charts/cloudflare-tunnel/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/cloudflare-tunnel/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/cloudflare-tunnel/Chart.lock b/charts/cloudflare-tunnel/Chart.lock
new file mode 100644
index 0000000..ed0213d
--- /dev/null
+++ b/charts/cloudflare-tunnel/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+ repository: https://bjw-s.github.io/helm-charts
+ version: 3.3.2
+digest: sha256:5a0f9f06aa383b7cc3070899b879401bcd4ae48b021d0a2b7f9ba39827019e24
+generated: "2024-08-20T23:20:57.06668901+02:00"
diff --git a/charts/cloudflare-tunnel/Chart.yaml b/charts/cloudflare-tunnel/Chart.yaml
new file mode 100644
index 0000000..c03624a
--- /dev/null
+++ b/charts/cloudflare-tunnel/Chart.yaml
@@ -0,0 +1,30 @@
+apiVersion: v2
+name: cloudflare-tunnel
+description: Connect your resources to Cloudflare without a publicly routable IP address.
+home: https://github.com/plcnk/charts/tree/master/charts/cloudflare-tunnel
+icon: https://raw.githubusercontent.com/plcnk/charts/master/charts/cloudflare-tunnel/icon.svg
+type: application
+version: 0.1.0
+# renovate datasource=docker depName=cloudflare/cloudflared
+appVersion: "2024.8.2"
+kubeVersion: ">=1.22.0-0"
+keywords:
+ - cloudflared
+ - cloudflare
+ - argo
+ - tunnel
+dependencies:
+ - name: common
+ repository: https://bjw-s.github.io/helm-charts
+ version: 3.3.2
+sources:
+ - https://github.com/cloudflare/cloudflared
+annotations:
+ artifacthub.io/changes: |-
+ - kind: added
+ description: Initial release
+ artifacthub.io/links: |-
+ - name: App Source
+ url: https://github.com/cloudflare/cloudflared
+ - name: Chart Source
+ url: https://github.com/plcnk/charts/tree/master/charts/cloudflare-tunnel
diff --git a/charts/cloudflare-tunnel/README.md b/charts/cloudflare-tunnel/README.md
new file mode 100644
index 0000000..3e104f3
--- /dev/null
+++ b/charts/cloudflare-tunnel/README.md
@@ -0,0 +1,109 @@
+# # cloudflare-tunnel
+
+
+
+
+
+
+
+Connect your resources to Cloudflare without a publicly routable IP address.
+
+**Homepage:**
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised
+[here](https://github.com/plcnk/charts/issues/new?assignees=plcnk&labels=bug&template=bug_report.yaml&name=cloudflare-tunnel&version=0.1.0)**
+
+## Source Code
+
+*
+
+## Requirements
+
+Kubernetes: `>=1.22.0-0`
+
+## Dependencies
+
+| Repository | Name | Version |
+|------------|------|---------|
+| | common | 3.3.2 |
+
+## Installing the Chart
+
+To install the chart with the release name `cloudflare-tunnel`
+
+### OCI (Recommended)
+
+```console
+helm install cloudflare-tunnel oci://ghcr.io/plcnk/charts/cloudflare-tunnel
+```
+
+### Traditional
+
+```console
+helm repo add plcnk https://charts.plcnk.net
+helm repo update
+helm install cloudflare-tunnel plcnk/cloudflare-tunnel
+```
+
+## Uninstalling the Chart
+
+To uninstall the `cloudflare-tunnel` deployment
+
+```console
+helm uninstall cloudflare-tunnel
+```
+
+The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
+
+## Configuration
+
+Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Other values may be used from the [values.yaml](https://github.com/bjw-s/helm-charts/tree/main/charts/library/common/values.yaml) from the [bjw-s common library](https://github.com/bjw-s/helm-charts/tree/main/charts/library/common).
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+```console
+helm install cloudflare-tunnel \
+ --set env.TZ="America/New York" \
+ plcnk/cloudflare-tunnel
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
+
+```console
+helm install cloudflare-tunnel plcnk/cloudflare-tunnel -f values.yaml
+```
+
+## Custom configuration
+
+> [!NOTE]
+> This chart only supports the **remotely-managed** (dashboard) version of Cloudflare Tunnel.
+> The **locally-managed** (CLI) version is currently **not supported**.
+
+## Values
+
+**Important**: When deploying an application Helm chart you can add more values from the bjw-s common library chart [here](https://github.com/bjw-s/helm-charts/tree/main/charts/library/common)
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| controllers.main.containers.app.env | object | See [values.yaml](./values.yaml) | Environment variables |
+| controllers.main.containers.app.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| controllers.main.containers.app.image.repository | string | `"cloudflare/cloudflared"` | Image repository |
+| controllers.main.containers.app.image.tag | string | `"2024.8.2"` | Image tag |
+| controllers.main.containers.app.securityContext.allowPrivilegeEscalation | bool | `false` | Disable privilege escalations |
+| controllers.main.containers.app.securityContext.capabilities | object | `{"drop":["ALL"]}` | Drop all capabilities |
+| controllers.main.containers.app.securityContext.readOnlyRootFilesystem | bool | `true` | Mount the container's root filesystem as read-only |
+| controllers.main.pod.securityContext.fsGroup | int | `65534` | Volume binds will be granted to `nobody` group |
+| controllers.main.pod.securityContext.runAsGroup | int | `65534` | Run as `nobody` group |
+| controllers.main.pod.securityContext.runAsNonRoot | bool | `true` | Run container as a non-root user |
+| controllers.main.pod.securityContext.runAsUser | int | `65534` | Run as `nobody` user |
+| controllers.main.replicas | int | `1` | Number of desired pods |
+| controllers.main.resources | object | `{}` | Set the resource requests / limits for the container. |
+| controllers.main.type | string | `"deployment"` | Controller type |
+| logLevel | string | `"info"` | Set the container log level. Accepted values: `debug`, `info`, `warn`, `error`, `fatal` |
+| metrics | object | `{"enabled":false,"port":""}` | Enable Metrics Monitor under this key. |
+| tunnel.existingSecret | object | `{"enabled":false,"key":"","name":""}` | You can set the token as an existing secret here. |
+| tunnel.token | string | `"your-token-here"` | Set the Cloudflare Tunnel token here. |
+
+---
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
diff --git a/charts/cloudflare-tunnel/README_CONFIG.md.gotmpl b/charts/cloudflare-tunnel/README_CONFIG.md.gotmpl
new file mode 100644
index 0000000..21aa1ef
--- /dev/null
+++ b/charts/cloudflare-tunnel/README_CONFIG.md.gotmpl
@@ -0,0 +1,15 @@
+{{- define "custom.chart.name" -}}
+# {{ .Name }}
+{{- end -}}
+
+{{- define "custom.custom.configuration.header" -}}
+## Custom configuration
+{{- end -}}
+
+{{- define "custom.custom.configuration" -}}
+{{ template "custom.custom.configuration.header" . }}
+
+> [!NOTE]
+> This chart only supports the **remotely-managed** (dashboard) version of Cloudflare Tunnel.
+> The **locally-managed** (CLI) version is currently **not supported**.
+{{- end -}}
diff --git a/charts/cloudflare-tunnel/icon.svg b/charts/cloudflare-tunnel/icon.svg
new file mode 100644
index 0000000..739274a
--- /dev/null
+++ b/charts/cloudflare-tunnel/icon.svg
@@ -0,0 +1,7 @@
+
+
\ No newline at end of file
diff --git a/charts/cloudflare-tunnel/templates/common.yaml b/charts/cloudflare-tunnel/templates/common.yaml
new file mode 100644
index 0000000..edeae92
--- /dev/null
+++ b/charts/cloudflare-tunnel/templates/common.yaml
@@ -0,0 +1,59 @@
+{{/* Append the hardcoded settings */}}
+{{- define "cloudflare-tunnel.harcodedValues" -}}
+{{- if .Values.metrics.enabled }}
+service:
+ main:
+ controller: main
+ ports:
+ metrics:
+ port: {{ .Values.metrics.port }}
+ protocol: TCP
+serviceMonitor:
+ main:
+ enabled: true
+ serviceName: {{ include "bjw-s.common.lib.chart.names.fullname" $ }}
+ endpoints:
+ - port: metrics
+ path: /metrics
+{{- end }}
+
+controllers:
+ main:
+ containers:
+ app:
+ {{- if .Values.metrics.enabled }}
+ ports:
+ - name: metrics
+ containerPort: {{ .Values.metrics.port }}
+ {{- end }}
+ env:
+ TUNNEL_TOKEN: {{ if not .Values.tunnel.existingSecret.enabled }}{{ .Values.tunnel.token }}{{ end }}
+ {{- if .Values.tunnel.existingSecret.enabled }}
+ secretKeyRef:
+ name: {{ .Values.tunnel.existingSecret.name }}
+ key: {{ .Values.tunnel.existingSecret.key }}
+ {{- end }}
+ args:
+ - tunnel
+ - --no-autoupdate
+ {{- if .Values.logLevel }}
+ - --loglevel
+ - {{ .Values.logLevel }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - --metrics
+ - "0.0.0.0:{{ .Values.metrics.port }}"
+ {{- end }}
+ - run
+ - --token
+ - $(TUNNEL_TOKEN)
+{{- end -}}
+
+{{- $tmplVars := deepCopy . -}}
+{{ include "bjw-s.common.loader.init" $tmplVars }}
+{{- $defaultValues := include "cloudflare-tunnel.harcodedValues" $tmplVars | fromYaml -}}
+{{- $_ := mustMerge .Values $defaultValues -}}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.init" . }}
+{{ include "bjw-s.common.loader.generate" . }}
diff --git a/charts/cloudflare-tunnel/values.yaml b/charts/cloudflare-tunnel/values.yaml
new file mode 100644
index 0000000..f5e47dc
--- /dev/null
+++ b/charts/cloudflare-tunnel/values.yaml
@@ -0,0 +1,76 @@
+---
+#
+# IMPORTANT NOTE
+#
+# This chart inherits from our common library chart. You can check the default values/options here:
+# https://github.com/bjw-s/helm-charts/blob/main/charts/library/common/values.yaml
+#
+
+controllers:
+ main:
+ # -- Controller type
+ type: deployment
+ # -- Number of desired pods
+ replicas: 1
+ containers:
+ app:
+ image:
+ # -- Image repository
+ repository: cloudflare/cloudflared
+ # -- Image pull policy
+ pullPolicy: IfNotPresent
+ # -- Image tag
+ tag: 2024.8.2
+
+ # -- Environment variables
+ # @default -- See [values.yaml](./values.yaml)
+ env: {}
+ # TZ: UTC
+
+ securityContext:
+ # -- Mount the container's root filesystem as read-only
+ readOnlyRootFilesystem: true
+ # -- Disable privilege escalations
+ allowPrivilegeEscalation: false
+ # -- Drop all capabilities
+ capabilities:
+ drop:
+ - ALL
+
+ pod:
+ securityContext:
+ # -- Run container as a non-root user
+ runAsNonRoot: true
+ # -- Run as `nobody` user
+ runAsUser: 65534
+ # -- Run as `nobody` group
+ runAsGroup: 65534
+ # -- Volume binds will be granted to `nobody` group
+ fsGroup: 65534
+
+ # -- Set the resource requests / limits for the container.
+ resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+tunnel:
+ # -- Set the Cloudflare Tunnel token here.
+ token: "your-token-here"
+ # -- You can set the token as an existing secret here.
+ existingSecret:
+ enabled: false
+ name: ""
+ key: ""
+
+# -- Set the container log level.
+# Accepted values: `debug`, `info`, `warn`, `error`, `fatal`
+logLevel: info
+
+# -- Enable Metrics Monitor under this key.
+metrics:
+ enabled: false
+ port: ""