Skip to content

Latest commit

 

History

History
94 lines (73 loc) · 3.91 KB

guide_first_tunnel.md

File metadata and controls

94 lines (73 loc) · 3.91 KB

Your First Argo Tunnel

A guide to setting up your first argo-tunnel. If this is NOT your first argo-tunnel, skip to step 3 or refer to other guides.

mydomain.com is a place holder. Updated the value to match your Cloudflare domain.

Requirements

Step 1: Enable Argo

If it’s your first time using Argo, navigate to the Traffic tab of the Cloudflare dashboard, click the ‘Enable’ button, and follow the steps on the screen for setting up usage-based billing.

Enterprise customers who have enabled Argo will need to contact their Cloudflare representative to have Smart Routing enabled for their account as it is necessary for Argo Tunnel to work.

Step 2: Install cloudflared

cloudflared provides a mechanism to login, configure zones, and access zone credentials.

Follow these instructions to install cloudflared

Once installed, verify cloudflared has installed properly by checking the version.

cloudflared --version

Step 3: Login to your Cloudflare account

cloudflared login

If the browser fails to open automatically, copy and paste the URL into your browser’s address bar and press enter.

Once you login, you will see a list of domains associated with your account. Locate the domain you wish to connect a tunnel to and click its name in the table row. Once you select the domain, Cloudflare will issue a certificate which will be downloaded automatically by your browser. This certificate will be used to authenticate your machine to the Cloudflare edge.

Move the certificate to the .cloudflared directory on your system.

mv cert.pem ~/.cloudflared/cert.pem

The certificate and domain will be used to define an Ingress to your system.

Step 4: Deploy a Tunnel Secret

kubectl create secret generic mydomain.com --from-file="$HOME/.cloudflared/cert.pem"

Create the secret in the same namespace as your service deployment. Adjust mydomain.com to match your Cloudflare domain.

A single controller can configure tunnels for multiple domains. An Ingress definition will be used to defined tunnels to Services and link Secrets by external hostname.

Step 5: Attach a Tunnel

When the controller observes the creation of an Ingress, it verifies that the referenced service, endpoints, and secret exists and opens a tunnel between the Cloudflare receiver and the kubernetes virtual service ip.

kubectl apply -f deploy/echo.yaml

Adjust the Ingress host echo.mydomain.com to match your Cloudflare domain. Adjust the Ingress tls section to link the host with a secret.

Caveats:

  • routing by path is not supported (Ingress.spec.rules[*].host.http.paths[*].path)

This caveat will be addressed in future releases.

Step 6: Verify the Tunnel

The tunnel will be visible under DNS on the Cloudflare dashboard.

Adjust the Ingress host echo.mydomain.com to match your Cloudflare domain.