Tool to automatically update the DNS entries corresponding with a Cloudflared tunnel when the tunnel is updated with a k8s deployment.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jack Jackson 3bcc3cffb0 Add README 1 month ago
.drone.yml Add drone config 1 month ago
Dockerfile First commit 1 month ago Add README 1 month ago Enable options for certificate and domain 1 month ago


This is a tool to allow updating Cloudflare Tunnels - both adding a service to the tunnel, and updating the DNS entries for the external name of that service - in a single deployment. Add it to a Kubernetes deployment as follows:

- name: dns-setter
  image: <location of image>
  command: [ "/bin/bash", "-c", "--" ]
  args: [ "./ --config <path_to_config> --cert <path_to_cert> --domain <your root domain>"]

with Volume Mounts that provide the config and certificates.

More detail

Cloudflare Tunnels allow you to make services accessible to the external Internet without directly exposing your ports, by forwarding requests via a locally-running daemon which connects to (and is protected by) Cloudflare's global infrastructure.

Unfortunately, the process of exposing a new service requires two steps:

  1. The mapping between "external addressable name" and "internal service" is added to the Cloudflare Tunnel configuration.
  2. A DNS entry for the external addressable name (pointing to the tunnel's UUID-based name) is published.

If the DNS entries are provided by Cloudflare's own DNS servers, Step 2 can be achieved by using the Cloudflare Tunnel tool: cloudflared tunnel route dns <tunnel_name> <domain_name>. However, executing this for all the sites defined in the Cloudflared config file would require some parsing, and the cloudflare/cloudflared image does not support installing tools like yq.

This tool parses the Cloudflared config file and uses the cloudflared tool to update DNS records for all configured names, meaning that a single deployment can carry out both update steps.


  • Extend my Drone pipeline to push a pre-built image to DockerHub for broader usability.
  • Use Cloudflare API to determine which records have already been set to prevent unnecessary no-op updates.