Support for non interactive authentication

[SayakMukhopadhyay]

Describe the feature you'd like
I am looking into creating a kubernetes operator for Cloudflare Tunnels and being able to have a non interactive authentication would go a long way in making a good user experience. Right now, doing cloudflared tunnel login opens up a browser window wherein a user needs to manually authenticate. There can be another mode wherein an existing token can be used to directly authenticate with Cloudflare Tunnels.

Describe alternatives you've considered
I have looked into having the user login to cloudflared in their desktop and transfering the generated json file but its not a great UX.

Additional context
None at the moment. Let me know if I can help in submitting a PR.

[DevinCarr]

Does what Nuno mentions here not serve your needs: #645 (comment)

Or using dash setup: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/#set-up-a-tunnel-remotely-dashboard-setup
This version would allow you to install like so: cloudflared tunnel run --token <TOKEN>

cloudflared tunnel login is technically only a one time operation that if paired with the ~/.cloudflared/cert.pem would allow you create tunnels programmatically in other environments without having to login. Please keep in mind that the cert.pem is not the authentication mechanism for running the tunnels, just administrating them.

Not sure if any of these options help unlock what you are attempting to achieve, but feel free to let me know.

[SayakMukhopadhyay]

Well, as a kubernetes operator, I was trying to achieve a fully declarative setup for the whole lifecycle of a tunnel, from its creation to its deletion, all programmatically in the operator. As I understand, for a tunnel creation to be achieved, I would either need to programmatically login or use an existing cert.pem. Moreover, I am trying not to use the dashboard for this as it makes the process mostly non declarative since most of the configuration is done outside the cluster.

Using a programmatic login is out of the question as it needs an interactive login session. The only option that seems to me that's left after reading the comments in #645 is to pass the cert.pem. This seems to me as a bit jank as the user needs to login on their own system and pass the generated cert. I might be nitpicking here but I was hoping for a way wherein the user generates an API token with the correct scopes and uses it directly to create tunnels.

Or does tunnel creation necessitates the presence of a certificate too?

[DevinCarr]

As I understand, for a tunnel creation to be achieved, I would either need to programmatically login or use an existing cert.pem

That is correct for cloudflared, but you should also be able to create tunnels via the Cloudflare API: https://api.cloudflare.com/#cloudflare-tunnel-create-cloudflare-tunnel. This might be able to work for what you are attempting to achieve?

[SayakMukhopadhyay]

Damn! I had forgotten that the API existed. So, what I can see from an early overview is that I can create the tunnel using the API and and API token only and then run it using the daemon once I get the tunnel token. I will try it out and update here.