fenix-gitea-admin/iac-ansible-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-ansible-private.git synced 2025-12-17 03:34:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

cloudflare

Browse Source
This commit is contained in:
Tomás Limpinho
2025-11-12 17:18:40 +00:00
parent ebd772665b
commit 6c78b7ce39
5 changed files with 116 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/cloudflared/files/cloudflare-namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: cloudflare

49
roles/cloudflared/files/cloudflared-tunnel-deployment.yaml Normal file
View File

@ -0,0 +1,49 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: cloudflared-tunnel
namespace: cloudflare
spec:
replicas: 3
selector:
matchLabels:
app: cloudflared
template:
metadata:
labels:
app: cloudflared
spec:
securityContext:
sysctls:
# Allows ICMP traffic (ping, traceroute) to resources behind cloudflared.
- name: net.ipv4.ping_group_range
value: "65532 65532"
containers:
- image: cloudflare/cloudflared:latest
name: cloudflared
env:
# Defines an environment variable for the tunnel token.
- name: TUNNEL_TOKEN
valueFrom:
secretKeyRef:
name: tunnel-token-secret
key: token
command:
# Configures tunnel run parameters
- cloudflared
- tunnel
- --no-autoupdate
- --loglevel
- debug
- --metrics
- 0.0.0.0:2000
- run
livenessProbe:
httpGet:
# Cloudflared has a /ready endpoint which returns 200 if and only if
# it has an active connection to Cloudflare's network.
path: /ready
port: 2000
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10

8
roles/cloudflared/files/tunnel-token-secret.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: tunnel-token-secret
namespace: cloudflare
type: Opaque
data:
token: <CLOUDFLARE_TUNNEL_TOKEN>