cloudflare:
# Your Cloudflare account number.
account: "xxxx"
# The name of the tunnel this instance will serve
tunnelName: "my-tunnel"
# The ID of the above tunnel.
tunnelId: "xxxx"
# The secret for the tunnel.
secret: ""
# If defined, no secret is created for the credentials, and instead, the secret referenced is used
secretName: "cloudflared-credentials"
# If true, turn on WARP routing for TCP
enableWarp: false
# Define ingress rules for the tunnel. See
# https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress
ingress:
# The first rule proxies traffic to the httpbin sample service named web-server at port 80
- hostname: kosumi.dev
service: http://rust-hello.default.svc.cluster.local:3000
# This rule sends traffic to the built-in hello-world HTTP server. This can help debug connectivity
# issues. If hello.example.com resolves and tunnel.example.com does not, then the problem is
# in the connection from cloudflared to your local service, not from the internet to cloudflared.
# - hostname: hello.example.com
# service: hello_world
args:
- --origincert /etc/cloudflared/certs/cert.pem # Path within the container
volumes:
- name: cloudflare-origin-certs
secret:
secretName: cloudflare-origin-certs-secret # Name of your Kubernetes Secret
volumeMounts:
- name: cloudflare-origin-certs
mountPath: /etc/cloudflared/certs # Mount point within the container
> kubectl logs -n cloudflared-tunnel my-cloudflared-cloudflare-tunnel-5795897c6-fqmfg
2025-10-21T00:10:24Z INF Starting tunnel tunnelID=8a262b38-1d79-40f7-bec1-bf0f697550e0
2025-10-21T00:10:24Z INF Version 2024.8.3
2025-10-21T00:10:24Z INF GOOS: linux, GOVersion: go1.22.2-devel-cf, GoArch: amd64
2025-10-21T00:10:24Z INF Settings: map[config:/etc/cloudflared/config/config.yaml cred-file:/etc/cloudflared/creds/credentials.json credentials-file:/etc/cloudflared/creds/credentials.json metrics:0.0.0.0:2000 no-autoupdate:true]
2025-10-21T00:10:24Z INF Generated Connector ID: a55e49ee-bb02-4646-88ee-aa1f618d0b06
2025-10-21T00:10:25Z ERR update check failed error="Get \"https://update.argotunnel.com?arch=amd64&clientVersion=2024.8.3&os=linux\": tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match update.argotunnel.com"
2025-10-21T00:10:26Z INF Initial protocol quic
2025-10-21T00:10:26Z INF ICMP proxy will use 10.42.0.30 as source for IPv4
2025-10-21T00:10:26Z INF ICMP proxy will use fe80::e41c:89ff:fe8d:6825 in zone eth0 as source for IPv6
2025-10-21T00:10:26Z INF Starting metrics server on [::]:2000/metrics
2025/10/21 00:10:26 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details.
2025-10-21T00:10:27Z INF Registered tunnel connection connIndex=0 connection=c48239f9-4793-44b5-af0f-2c09c32a4116 event=0 ip=198.41.192.167 location=atl06 protocol=quic
2025-10-21T00:10:28Z INF Registered tunnel connection connIndex=1 connection=88dfde43-f341-46eb-884f-b9291d3f4fd6 event=0 ip=198.41.200.43 location=iad12 protocol=quic
2025-10-21T00:10:28Z INF Registered tunnel connection connIndex=2 connection=25509111-0014-4025-9c69-91babcb7b595 event=0 ip=198.41.200.63 location=atl08 protocol=quic
2025-10-21T00:10:29Z INF Registered tunnel connection connIndex=3 connection=de0998c0-b36f-4bd4-96f4-07215e6d2918 event=0 ip=198.41.192.37 location=atl01 protocol=quic
2025-10-21T00:10:45Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 192.168.1.1:3000: connect: connection refused" connIndex=2 event=1 ingressRule=0 originService=http://rust-hello.default.svc.cluster.local:3000
2025-10-21T00:10:45Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 192.168.1.1:3000: connect: connection refused" connIndex=2 dest=https://kosumi.dev/ event=0 ip=198.41.200.63 type=http
