Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to properly authenticate to Cloudflare? #35

Open
matt-j-so opened this issue Jun 16, 2023 · 5 comments
Open

How to properly authenticate to Cloudflare? #35

matt-j-so opened this issue Jun 16, 2023 · 5 comments

Comments

@matt-j-so
Copy link

I'm trying to use the cloudflare-tunnel helm chart, but I'm not sure how to configure the below options properly:

cloudflare:
  # Your Cloudflare account number.
  account: ""
  # The secret for the tunnel.
  secret: ""

Could you provide instructions on how to get Cloudflare account number and secret for the tunnel ?
I can't find any documentation or example on how to use it properly.

Thanks in advance for any help :)
@bhvk0
Copy link

bhvk0 commented Jun 16, 2023

Same here, doesn't work me
I've successfully used this example - https://nyan.im/p/cloudflare-tunnel-on-kubernetes-en

@DillonN
Copy link

DillonN commented Jun 17, 2023

This worked for me

  1. Create a tunnel in the CF ZeroTrust dashboard
  2. At the end, it should give you a command to run the tunnel locally - grab the token from this command
  3. Decode the token, e.g. with echo "ey..." | base64 -d
  4. The decoded token should be a JSON object like {"a": "<account-id>", "t": "<tunnel-id>", "s": "<tunnel-secret>"}
  5. Take those three values, plus the tunnel name, and fill them in for the four corresponding cloudflare options in config.yaml

@froblesmartin
Copy link
Contributor

You could follow the tutorial documented at https://developers.cloudflare.com/cloudflare-one/tutorials/many-cfd-one-tunnel/, it does not use this Helm chart, but that is just to replace the k8s manifests it applies with this Helm chart :)

The main problem with this Helm chart is that you need to provide the secret from the values.yaml. I will most likely open a PR to allow to use of an externally managed secret (which in my case for now I will provide with sealed secrets).

@bhvk0
Copy link

bhvk0 commented Jul 5, 2023
edited
Loading

The main problem with this Helm chart is that you need to provide the secret from the values.yaml.

We use ksops for that purpose, maybe it's also a solution for you

@froblesmartin
Copy link
Contributor

The main problem with this Helm chart is that you need to provide the secret from the values.yaml.

We use ksops for that purpose, maybe it's also a solution for you

Yes, that would be a solution, but also it would be to just allow everybody to use another way to provide the secret (sealed secrets, one of the many tools that integrate with Secrets Store CSI Driver, or any other way).

For that, I have opened this PR to allow to not generate the secret with this Helm chart itself 😄

#38

@devantler devantler mentioned this issue Sep 13, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update README.md with docs on how to properly use the cloudflare tunnel.
4 participants
@DillonN @froblesmartin @matt-j-so @bhvk0