af04ee52f1
Implements native Kubernetes API integration for cloudflared, enabling
automatic discovery and exposure of annotated Kubernetes services through
Cloudflare Tunnel without manual ingress configuration.
## New k8s/ package
- Lightweight REST client (no client-go dependency) supporting both
in-cluster service account auth and kubeconfig-based auth
- Annotation-based service discovery:
- cloudflared.cloudflare.com/tunnel: "true" (required)
- cloudflared.cloudflare.com/hostname (override generated hostname)
- cloudflared.cloudflare.com/port (select specific service port)
- cloudflared.cloudflare.com/scheme (http/https)
- cloudflared.cloudflare.com/path (path regex for ingress rule)
- cloudflared.cloudflare.com/no-tls-verify (disable TLS verify)
- cloudflared.cloudflare.com/origin-server-name (SNI override)
- Ingress rule generation from discovered services with merge/dedup
- Periodic watcher with configurable resync interval for runtime updates
## CLI subcommands (cloudflared tunnel kubernetes)
- discover: one-shot service discovery (table/json/yaml output)
- watch: continuous watching with live updates
- generate-config: output mergeable ingress YAML
## Config file support
kubernetes:
enabled: true
baseDomain: example.com
namespace: default
exposeAPIServer: true
apiServerHostname: k8s.example.com
## Integration
- Startup: discovered services merged into ingress rules at tunnel start
- Runtime: watcher updates orchestrator config on service changes
- Optional Kubernetes API server exposure through the tunnel
Closes #1607
|
||
|---|---|---|
| .. | ||
| access | ||
| cliutil | ||
| flags | ||
| management | ||
| proxydns | ||
| tail | ||
| tunnel | ||
| updater | ||
| app_forward_service.go | ||
| app_service.go | ||
| common_service.go | ||
| generic_service.go | ||
| linux_service.go | ||
| macos_service.go | ||
| main.go | ||
| service_template.go | ||
| windows_service.go | ||