# # cloudflare-tunnel

<img src="https://raw.githubusercontent.com/plcnk/charts/master/charts/cloudflare-tunnel/icon.svg" align="right" width="92" alt="cloudflare-tunnel logo">

![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat)
![AppVersion: 2025.4.2](https://img.shields.io/badge/AppVersion-2025.4.2-informational?style=flat)

Connect your resources to Cloudflare without a publicly routable IP address.

**Homepage:** <https://github.com/plcnk/charts/tree/master/charts/cloudflare-tunnel>

**This chart is not maintained by the upstream project and any issues with the chart should be raised
[here](https://github.com/plcnk/charts/issues/new?assignees=plcnk&labels=bug&template=bug_report.yaml&name=cloudflare-tunnel&version=0.8.1)**

## Source Code

* <https://github.com/cloudflare/cloudflared>

## Requirements

Kubernetes: `>=1.22.0-0`

## Dependencies

| Repository | Name | Version |
|------------|------|---------|
| <https://bjw-s-labs.github.io/helm-charts> | common | 3.3.2 |

## Installing the Chart

To install the chart with the release name `cloudflare-tunnel`

### OCI (Recommended)

```console
helm install cloudflare-tunnel oci://ghcr.io/plcnk/charts/cloudflare-tunnel
```

### Traditional

```console
helm repo add plcnk https://charts.plcnk.net
helm repo update
helm install cloudflare-tunnel plcnk/cloudflare-tunnel
```

## Uninstalling the Chart

To uninstall the `cloudflare-tunnel` deployment

```console
helm uninstall cloudflare-tunnel
```

The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.

## Configuration

Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
Other values may be used from the [values.yaml](https://github.com/bjw-s/helm-charts/tree/main/charts/library/common/values.yaml) from the [bjw-s common library](https://github.com/bjw-s/helm-charts/tree/main/charts/library/common).

Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.

```console
helm install cloudflare-tunnel \
  --set env.TZ="America/New York" \
    plcnk/cloudflare-tunnel
```

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.

```console
helm install cloudflare-tunnel plcnk/cloudflare-tunnel -f values.yaml
```

## Custom configuration

> [!NOTE]
> This chart only supports the **remotely-managed** (dashboard) version of Cloudflare Tunnel.
> The **locally-managed** (CLI) version is currently **not supported**.

## Values

**Important**: When deploying an application Helm chart you can add more values from the bjw-s common library chart [here](https://github.com/bjw-s/helm-charts/tree/main/charts/library/common)

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| controllers.main.containers.app.env | object | See [values.yaml](./values.yaml) | Environment variables |
| controllers.main.containers.app.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
| controllers.main.containers.app.image.repository | string | `"cloudflare/cloudflared"` | Image repository |
| controllers.main.containers.app.image.tag | string | `"2025.4.2"` | Image tag |
| controllers.main.containers.app.securityContext.allowPrivilegeEscalation | bool | `false` | Disable privilege escalations |
| controllers.main.containers.app.securityContext.capabilities | object | `{"drop":["ALL"]}` | Drop all capabilities |
| controllers.main.containers.app.securityContext.readOnlyRootFilesystem | bool | `true` | Mount the container's root filesystem as read-only |
| controllers.main.pod.securityContext.fsGroup | int | `65534` | Volume binds will be granted to `nobody` group |
| controllers.main.pod.securityContext.runAsGroup | int | `65534` | Run as `nobody` group |
| controllers.main.pod.securityContext.runAsNonRoot | bool | `true` | Run container as a non-root user |
| controllers.main.pod.securityContext.runAsUser | int | `65534` | Run as `nobody` user |
| controllers.main.replicas | int | `1` | Number of desired pods |
| controllers.main.resources | object | `{}` | Set the resource requests / limits for the container. |
| controllers.main.type | string | `"deployment"` | Controller type |
| logLevel | string | `"info"` | Set the container log level.    Accepted values: `debug`, `info`, `warn`, `error`, `fatal` |
| metrics | object | `{"enabled":false,"port":""}` | Enable Metrics Monitor under this key. |
| tunnel.existingSecret | object | `{"enabled":false,"key":"","name":""}` | You can set the token as an existing secret here.    Cannot coexist with `tunnel.token` |
| tunnel.token | string | `"your-token-here"` | Set the Cloudflare Tunnel token here.    Cannot coexist with `tunnel.existingSecret.enabled` set to `true`. |

---
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)