I am happily deploying a Cloudflared Tunnel on Kubernetes with YAML that looks like this. This deploys the Tunnel itself just fine - however, updating a Cloudflared tunnel also requires updating Cloudflare's DNS records so that the domain name will point to the tunnel, and I'm looking for a way to automate that.
The cloudflared tool can do this when provided with the right arguments (cloudflared tunnel route dns <tunnelID> <hostname>) which suggests that I could carry out this pre-deployment step with an initContainer, if I could parse the tunnel's config YAML and convert the list of domain names into commands. However, the cloudflare/cloudflared image does not appear to have any shell available, so I can't do something like grep '^- hostname: ' config.yaml | perl -pe 's/- hostname: //' | xargs -I {} cloudflared tunnel route dns <name> {}':
$ docker run --entrypoint /bin/sh cloudflare/cloudflared
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/bin/sh": stat /bin/sh: no such file or directory: unknown.
$ docker run cloudflare/cloudflared /bin/sh
[ the /bin/sh argument appears to be ignored - the image continues with its usual behaviour]
This is particularly confusing, as docker inspect cloudflare/cloudflared | jq '.[0].ContainerConfig.Cmd' refers to /bin/sh.
I can see two paths forward here:
- Find a way to access
/bin/sh(and associated tools;grep,xargs, etc.) from thecloudflare/cloudflaredimage - Find a way to update the tunnel's DNS records outside the context of the
cloudflaredtool (I suspect I could use this API, but using thecloudflaredtool would be a lot neater)
Thanks to Cloudycelt for recommending that I build my own image to carry out this task as an
initContainer. I've described the process here.I'm leaving this question open in case there's a better option that I've missed. I've also opened an Issue on the cloudflared repo asking if this is a feature that should be added.