cloudflared-mirror

History

Mahendra Singh Rathore af04ee52f1 feat: add native Kubernetes service discovery and auto-ingress (#1607 ) Implements native Kubernetes API integration for cloudflared, enabling automatic discovery and exposure of annotated Kubernetes services through Cloudflare Tunnel without manual ingress configuration. ## New k8s/ package - Lightweight REST client (no client-go dependency) supporting both in-cluster service account auth and kubeconfig-based auth - Annotation-based service discovery: - cloudflared.cloudflare.com/tunnel: "true" (required) - cloudflared.cloudflare.com/hostname (override generated hostname) - cloudflared.cloudflare.com/port (select specific service port) - cloudflared.cloudflare.com/scheme (http/https) - cloudflared.cloudflare.com/path (path regex for ingress rule) - cloudflared.cloudflare.com/no-tls-verify (disable TLS verify) - cloudflared.cloudflare.com/origin-server-name (SNI override) - Ingress rule generation from discovered services with merge/dedup - Periodic watcher with configurable resync interval for runtime updates ## CLI subcommands (cloudflared tunnel kubernetes) - discover: one-shot service discovery (table/json/yaml output) - watch: continuous watching with live updates - generate-config: output mergeable ingress YAML ## Config file support kubernetes: enabled: true baseDomain: example.com namespace: default exposeAPIServer: true apiServerHostname: k8s.example.com ## Integration - Startup: discovered services merged into ingress rules at tunnel start - Runtime: watcher updates orchestrator config on service changes - Optional Kubernetes API server exposure through the tunnel Closes #1607	2026-03-07 19:09:55 +00:00
..
cloudflared	feat: add native Kubernetes service discovery and auto-ingress (#1607 )	2026-03-07 19:09:55 +00:00

Mahendra Singh Rathore af04ee52f1 feat: add native Kubernetes service discovery and auto-ingress (#1607 )

Implements native Kubernetes API integration for cloudflared, enabling
automatic discovery and exposure of annotated Kubernetes services through
Cloudflare Tunnel without manual ingress configuration.

## New k8s/ package
- Lightweight REST client (no client-go dependency) supporting both
  in-cluster service account auth and kubeconfig-based auth
- Annotation-based service discovery:
  - cloudflared.cloudflare.com/tunnel: "true" (required)
  - cloudflared.cloudflare.com/hostname (override generated hostname)
  - cloudflared.cloudflare.com/port (select specific service port)
  - cloudflared.cloudflare.com/scheme (http/https)
  - cloudflared.cloudflare.com/path (path regex for ingress rule)
  - cloudflared.cloudflare.com/no-tls-verify (disable TLS verify)
  - cloudflared.cloudflare.com/origin-server-name (SNI override)
- Ingress rule generation from discovered services with merge/dedup
- Periodic watcher with configurable resync interval for runtime updates

## CLI subcommands (cloudflared tunnel kubernetes)
- discover: one-shot service discovery (table/json/yaml output)
- watch: continuous watching with live updates
- generate-config: output mergeable ingress YAML

## Config file support
  kubernetes:
    enabled: true
    baseDomain: example.com
    namespace: default
    exposeAPIServer: true
    apiServerHostname: k8s.example.com

## Integration
- Startup: discovered services merged into ingress rules at tunnel start
- Runtime: watcher updates orchestrator config on service changes
- Optional Kubernetes API server exposure through the tunnel

Closes #1607

2026-03-07 19:09:55 +00:00

cloudflared

feat: add native Kubernetes service discovery and auto-ingress (#1607 )

2026-03-07 19:09:55 +00:00