A guiding to setting up subdomain tunnels.
Setup Your First Tunnel generates and installs a certificate
matching mydomain.com
and *.mydomain.com
. To configure tunnels for subdomains,
we'll need to generate additional certificates.
The guide builds on Setup Your First Tunnel.
subdomain.mydomain.com
is a place holder. Updated the value to match your Cloudflare domain.
Certificates are located under Crypto on the Cloudflare dashboard.
- Browse to Crypto.
- Click
Create Certificate
. - Select the private key type
ECDSA
. - Set domains
subdomain.mydomain.com
and*.subdomain.mydomain.com
. - Click
Next
. - Save both the
Private Key
andCertificate
to a filecert.pem
.
Save the entire contents with-in and including the section tags.
awk '/BEGIN.*TUNNEL/{mark=1}/END.*TUNNEL/{print;mark=0}mark' ~/.cloudflared/cert.pem >> cert.pem
kubectl create secret generic subdomain.mydomain.com --from-file="cert.pem"
kubectl label secret subdomain.mydomain.com "cloudflare-argo/domain=subdomain.mydomain.com"
Create the secret in the same namespace as the controller deployment. Adjust
subdomain.mydomain.com
to match your Cloudflare domain.
When the controller observes the creation of an ingress, it verifies that the referenced service, endpoints, and secret exists and opens a tunnel between the Cloudflare receiver and the kubernetes virtual service ip.
kubectl apply -f deploy/echo.yaml
Adjust the Ingress host
echo.subdomain.mydomain.com
to match your Cloudflare domain.
The tunnel will be visible under DNS on the Cloudflare dashboard.
- Browse to Cloudflare: DNS.
- Browse to
echo.subdomain.mydomain.com
.
Adjust the Ingress host
echo.subdomain.mydomain.com
to match your Cloudflare domain.