feat(cloudflare): Initial release (#17)

* feat(cloudflare): Initial release * feat(cloudflare): Update README.md
2026-04-05 09:10:41 +00:00 · 2024-08-21 00:32:49 +02:00
parent 506c1dbf08
commit 316c9da542
9 changed files with 326 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -27,6 +27,7 @@ The code in this repository is provided as-is with no warranties.
 | Chart | Description |
 | ----- | ----------- |
 | [# cloudflare-tunnel <img src='https://raw.githubusercontent.com/plcnk/charts/master/charts/cloudflare-tunnel/icon.svg' alt='cloudflare-tunnel icon' width='18px' align='right' loading='lazy'>](https://github.com/plcnk/charts/tree/master/charts/cloudflare-tunnel/) | Connect your resources to Cloudflare without a publicly routable IP address. |
 | [# it-tools <img src='https://raw.githubusercontent.com/plcnk/charts/master/charts/it-tools/icon.svg' alt='it-tools icon' width='18px' align='right' loading='lazy'>](https://github.com/plcnk/charts/tree/master/charts/it-tools/) | Collection of handy online tools for developers, with great UX. |
 | [# moodist <img src='https://raw.githubusercontent.com/plcnk/charts/master/charts/moodist/icon.svg' alt='moodist icon' width='18px' align='right' loading='lazy'>](https://github.com/plcnk/charts/tree/master/charts/moodist/) | Ambient sounds for focus and calm. |
 | [# wikijs <img src='https://raw.githubusercontent.com/plcnk/charts/master/charts/wikijs/icon.svg' alt='wikijs icon' width='18px' align='right' loading='lazy'>](https://github.com/plcnk/charts/tree/master/charts/wikijs/) | A modern, lightweight and powerful wiki app built on NodeJS. |
--- a/charts/cloudflare-tunnel/.helmignore
+++ b/charts/cloudflare-tunnel/.helmignore
@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/charts/cloudflare-tunnel/Chart.lock
+++ b/charts/cloudflare-tunnel/Chart.lock
@ -0,0 +1,6 @@
 dependencies:
 - name: common
  repository: https://bjw-s.github.io/helm-charts
  version: 3.3.2
 digest: sha256:5a0f9f06aa383b7cc3070899b879401bcd4ae48b021d0a2b7f9ba39827019e24
 generated: "2024-08-20T23:20:57.06668901+02:00"
--- a/charts/cloudflare-tunnel/Chart.yaml
+++ b/charts/cloudflare-tunnel/Chart.yaml
@ -0,0 +1,30 @@
 apiVersion: v2
 name: cloudflare-tunnel
 description: Connect your resources to Cloudflare without a publicly routable IP address.
 home: https://github.com/plcnk/charts/tree/master/charts/cloudflare-tunnel
 icon: https://raw.githubusercontent.com/plcnk/charts/master/charts/cloudflare-tunnel/icon.svg
 type: application
 version: 0.1.0
 # renovate datasource=docker depName=cloudflare/cloudflared
 appVersion: "2024.8.2"
 kubeVersion: ">=1.22.0-0"
 keywords:
  - cloudflared
  - cloudflare
  - argo
  - tunnel
 dependencies:
  - name: common
    repository: https://bjw-s.github.io/helm-charts
    version: 3.3.2
 sources:
  - https://github.com/cloudflare/cloudflared
 annotations:
  artifacthub.io/changes: |-
    - kind: added
      description: Initial release
  artifacthub.io/links: |-
    - name: App Source
      url: https://github.com/cloudflare/cloudflared
    - name: Chart Source
      url: https://github.com/plcnk/charts/tree/master/charts/cloudflare-tunnel
--- a/charts/cloudflare-tunnel/README.md
+++ b/charts/cloudflare-tunnel/README.md
@ -0,0 +1,109 @@
 # # cloudflare-tunnel
 <img src="https://raw.githubusercontent.com/plcnk/charts/master/charts/cloudflare-tunnel/icon.svg" align="right" width="92" alt="cloudflare-tunnel logo">
 ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat)
 ![AppVersion: 2024.8.2](https://img.shields.io/badge/AppVersion-2024.8.2-informational?style=flat)
 Connect your resources to Cloudflare without a publicly routable IP address.
 **Homepage:** <https://github.com/plcnk/charts/tree/master/charts/cloudflare-tunnel>
 **This chart is not maintained by the upstream project and any issues with the chart should be raised
 [here](https://github.com/plcnk/charts/issues/new?assignees=plcnk&labels=bug&template=bug_report.yaml&name=cloudflare-tunnel&version=0.1.0)**
 ## Source Code
 * <https://github.com/cloudflare/cloudflared>
 ## Requirements
 Kubernetes: `>=1.22.0-0`
 ## Dependencies
 | Repository | Name | Version |
 |------------|------|---------|
 | <https://bjw-s.github.io/helm-charts> | common | 3.3.2 |
 ## Installing the Chart
 To install the chart with the release name `cloudflare-tunnel`
 ### OCI (Recommended)
 ```console
 helm install cloudflare-tunnel oci://ghcr.io/plcnk/charts/cloudflare-tunnel
 ```
 ### Traditional
 ```console
 helm repo add plcnk https://charts.plcnk.net
 helm repo update
 helm install cloudflare-tunnel plcnk/cloudflare-tunnel
 ```
 ## Uninstalling the Chart
 To uninstall the `cloudflare-tunnel` deployment
 ```console
 helm uninstall cloudflare-tunnel
 ```
 The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
 ## Configuration
 Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
 Other values may be used from the [values.yaml](https://github.com/bjw-s/helm-charts/tree/main/charts/library/common/values.yaml) from the [bjw-s common library](https://github.com/bjw-s/helm-charts/tree/main/charts/library/common).
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
 ```console
 helm install cloudflare-tunnel \
  --set env.TZ="America/New York" \
    plcnk/cloudflare-tunnel
 ```
 Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
 ```console
 helm install cloudflare-tunnel plcnk/cloudflare-tunnel -f values.yaml
 ```
 ## Custom configuration
 > [!NOTE]
 > This chart only supports the **remotely-managed** (dashboard) version of Cloudflare Tunnel.
 > The **locally-managed** (CLI) version is currently **not supported**.
 ## Values
 **Important**: When deploying an application Helm chart you can add more values from the bjw-s common library chart [here](https://github.com/bjw-s/helm-charts/tree/main/charts/library/common)
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | controllers.main.containers.app.env | object | See [values.yaml](./values.yaml) | Environment variables |
 | controllers.main.containers.app.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
 | controllers.main.containers.app.image.repository | string | `"cloudflare/cloudflared"` | Image repository |
 | controllers.main.containers.app.image.tag | string | `"2024.8.2"` | Image tag |
 | controllers.main.containers.app.securityContext.allowPrivilegeEscalation | bool | `false` | Disable privilege escalations |
 | controllers.main.containers.app.securityContext.capabilities | object | `{"drop":["ALL"]}` | Drop all capabilities |
 | controllers.main.containers.app.securityContext.readOnlyRootFilesystem | bool | `true` | Mount the container's root filesystem as read-only |
 | controllers.main.pod.securityContext.fsGroup | int | `65534` | Volume binds will be granted to `nobody` group |
 | controllers.main.pod.securityContext.runAsGroup | int | `65534` | Run as `nobody` group |
 | controllers.main.pod.securityContext.runAsNonRoot | bool | `true` | Run container as a non-root user |
 | controllers.main.pod.securityContext.runAsUser | int | `65534` | Run as `nobody` user |
 | controllers.main.replicas | int | `1` | Number of desired pods |
 | controllers.main.resources | object | `{}` | Set the resource requests / limits for the container. |
 | controllers.main.type | string | `"deployment"` | Controller type |
 | logLevel | string | `"info"` | Set the container log level.    Accepted values: `debug`, `info`, `warn`, `error`, `fatal` |
 | metrics | object | `{"enabled":false,"port":""}` | Enable Metrics Monitor under this key. |
 | tunnel.existingSecret | object | `{"enabled":false,"key":"","name":""}` | You can set the token as an existing secret here. |
 | tunnel.token | string | `"your-token-here"` | Set the Cloudflare Tunnel token here. |
 ---
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
--- a/charts/cloudflare-tunnel/README_CONFIG.md.gotmpl
+++ b/charts/cloudflare-tunnel/README_CONFIG.md.gotmpl
@ -0,0 +1,15 @@
 {{- define "custom.chart.name" -}}
 # {{ .Name }}
 {{- end -}}
 {{- define "custom.custom.configuration.header" -}}
 ## Custom configuration
 {{- end -}}
 {{- define "custom.custom.configuration" -}}
 {{ template "custom.custom.configuration.header" . }}
 > [!NOTE]
 > This chart only supports the **remotely-managed** (dashboard) version of Cloudflare Tunnel.
 > The **locally-managed** (CLI) version is currently **not supported**.
 {{- end -}}
--- a/charts/cloudflare-tunnel/icon.svg
+++ b/charts/cloudflare-tunnel/icon.svg
@ -0,0 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
 <svg xmlns="http://www.w3.org/2000/svg"
 aria-label="Cloudflare" role="img"
 viewBox="0 0 512 512"><rect
 width="512" height="512"
 rx="15%"
 fill="#ffffff"/><path fill="#f38020" d="M331 326c11-26-4-38-19-38l-148-2c-4 0-4-6 1-7l150-2c17-1 37-15 43-33 0 0 10-21 9-24a97 97 0 0 0-187-11c-38-25-78 9-69 46-48 3-65 46-60 72 0 1 1 2 3 2h274c1 0 3-1 3-3z"/><path fill="#faae40" d="M381 224c-4 0-6-1-7 1l-5 21c-5 16 3 30 20 31l32 2c4 0 4 6-1 7l-33 1c-36 4-46 39-46 39 0 2 0 3 2 3h113l3-2a81 81 0 0 0-78-103"/></svg>
--- a/charts/cloudflare-tunnel/templates/common.yaml
+++ b/charts/cloudflare-tunnel/templates/common.yaml
@ -0,0 +1,59 @@
 {{/* Append the hardcoded settings */}}
 {{- define "cloudflare-tunnel.harcodedValues" -}}
 {{- if .Values.metrics.enabled }}
 service:
  main:
    controller: main
    ports:
      metrics:
        port: {{ .Values.metrics.port }}
        protocol: TCP
 serviceMonitor:
  main:
    enabled: true
    serviceName: {{ include "bjw-s.common.lib.chart.names.fullname" $ }}
    endpoints:
      - port: metrics
        path: /metrics
 {{- end }}
 controllers:
  main:
    containers:
      app:
        {{- if .Values.metrics.enabled }}
        ports:
          - name: metrics
            containerPort: {{ .Values.metrics.port }}
        {{- end }}
        env:
          TUNNEL_TOKEN: {{ if not .Values.tunnel.existingSecret.enabled }}{{ .Values.tunnel.token }}{{ end }}
            {{- if .Values.tunnel.existingSecret.enabled }}
            secretKeyRef:
              name: {{ .Values.tunnel.existingSecret.name }}
              key: {{ .Values.tunnel.existingSecret.key }}
            {{- end }}
        args:
          - tunnel
          - --no-autoupdate
          {{- if .Values.logLevel }}
          - --loglevel
          - {{ .Values.logLevel }}
          {{- end }}
          {{- if .Values.metrics.enabled }}
          - --metrics
          - "0.0.0.0:{{ .Values.metrics.port }}"
          {{- end }}
          - run
          - --token
          - $(TUNNEL_TOKEN)
 {{- end -}}
 {{- $tmplVars := deepCopy . -}}
 {{ include "bjw-s.common.loader.init" $tmplVars }}
 {{- $defaultValues := include "cloudflare-tunnel.harcodedValues" $tmplVars | fromYaml -}}
 {{- $_ := mustMerge .Values $defaultValues -}}
 {{/* Render the templates */}}
 {{ include "bjw-s.common.loader.init" . }}
 {{ include "bjw-s.common.loader.generate" . }}
--- a/charts/cloudflare-tunnel/values.yaml
+++ b/charts/cloudflare-tunnel/values.yaml
@ -0,0 +1,76 @@
 ---
 #
 # IMPORTANT NOTE
 #
 # This chart inherits from our common library chart. You can check the default values/options here:
 # https://github.com/bjw-s/helm-charts/blob/main/charts/library/common/values.yaml
 #
 controllers:
  main:
    # -- Controller type
    type: deployment
    # -- Number of desired pods
    replicas: 1
    containers:
      app:
        image:
          # -- Image repository
          repository: cloudflare/cloudflared
          # -- Image pull policy
          pullPolicy: IfNotPresent
          # -- Image tag
          tag: 2024.8.2
        # -- Environment variables
        # @default -- See [values.yaml](./values.yaml)
        env: {}
          # TZ: UTC
        securityContext:
          # -- Mount the container's root filesystem as read-only
          readOnlyRootFilesystem: true
          # -- Disable privilege escalations
          allowPrivilegeEscalation: false
          # -- Drop all capabilities
          capabilities:
            drop:
              - ALL
    pod:
      securityContext:
        # -- Run container as a non-root user
        runAsNonRoot: true
        # -- Run as `nobody` user
        runAsUser: 65534
        # -- Run as `nobody` group
        runAsGroup: 65534
        # -- Volume binds will be granted to `nobody` group
        fsGroup: 65534
    # -- Set the resource requests / limits for the container.
    resources: {}
      # limits:
      #   cpu: 100m
      #   memory: 128Mi
      # requests:
      #   cpu: 100m
      #   memory: 128Mi
 tunnel:
  # -- Set the Cloudflare Tunnel token here.
  token: "your-token-here"
  # -- You can set the token as an existing secret here.
  existingSecret:
    enabled: false
    name: ""
    key: ""
 # -- Set the container log level.
 #    Accepted values: `debug`, `info`, `warn`, `error`, `fatal`
 logLevel: info
 # -- Enable Metrics Monitor under this key.
 metrics:
  enabled: false
  port: ""