Cloudflared
Cloudflared is the tunnel client used to expose selected services outside the homelab.
It is part of infrastructure because it is shared access plumbing, not a user-facing application.
What it depends on
- External Secrets, through
gitops/clusters/lab/infrastructure-controllers.yaml - A synced Kubernetes secret named
cloudflared-secret - A Vault value at
cloudflared/tunnelwith the propertytoken
What depends on it
- Any application that you later choose to publish through a Cloudflare tunnel
Where it is activated
gitops/clusters/lab/infrastructure-controllers.yamlgitops/clusters/lab/infrastructure-configs.yamlgitops/infrastructure/configs/lab/cloudflared/kustomization.yamlgitops/infrastructure/configs/lab/cloudflared/kustomization.yamlgitops/infrastructure/configs/lab/cloudflared/externalSecret.yamlgitops/infrastructure/configs/base/cloudflared/
Current repository intent
The repository expects this flow:
- Vault stores the Cloudflare tunnel token.
- External Secrets reads that value from Vault.
- A Kubernetes secret named
cloudflared-secretis created in thecloudflarednamespace. - The Cloudflared deployment consumes that secret.
If any earlier step is missing, the Cloudflared deployment will not have the token it needs.