mirror of
https://gitea.fenix-dev.com/fenix-gitea-admin/iac-ansible-private.git
synced 2025-12-16 19:27:37 +00:00
49 lines
1.4 KiB
YAML
49 lines
1.4 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cloudflared-tunnel
|
|
namespace: cloudflare
|
|
spec:
|
|
replicas: 3
|
|
selector:
|
|
matchLabels:
|
|
app: cloudflared
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: cloudflared
|
|
spec:
|
|
securityContext:
|
|
sysctls:
|
|
# Allows ICMP traffic (ping, traceroute) to resources behind cloudflared.
|
|
- name: net.ipv4.ping_group_range
|
|
value: "65532 65532"
|
|
containers:
|
|
- image: cloudflare/cloudflared:latest
|
|
name: cloudflared
|
|
env:
|
|
# Defines an environment variable for the tunnel token.
|
|
- name: TUNNEL_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: tunnel-token-secret
|
|
key: token
|
|
command:
|
|
# Configures tunnel run parameters
|
|
- cloudflared
|
|
- tunnel
|
|
- --no-autoupdate
|
|
- --loglevel
|
|
- debug
|
|
- --metrics
|
|
- 0.0.0.0:2000
|
|
- run
|
|
livenessProbe:
|
|
httpGet:
|
|
# Cloudflared has a /ready endpoint which returns 200 if and only if
|
|
# it has an active connection to Cloudflare's network.
|
|
path: /ready
|
|
port: 2000
|
|
failureThreshold: 1
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10 |