From 3bcc3cffb0d8dda1c02ae33162e5bef8630d7e22 Mon Sep 17 00:00:00 2001 From: Jack Jackson Date: Mon, 22 Aug 2022 15:59:27 -0700 Subject: [PATCH] Add README --- README.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..27ef4a4 --- /dev/null +++ b/README.md @@ -0,0 +1,30 @@ +## Overview + +This is a tool to allow updating [Cloudflare Tunnels](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/) - both adding a service to the tunnel, and updating the DNS entries for the external name of that service - in a single deployment. Add it to a Kubernetes deployment as follows: + +``` +initContainers: +- name: dns-setter + image: + command: [ "/bin/bash", "-c", "--" ] + args: [ "./dns_update.sh --config --cert --domain "] +``` + +with Volume Mounts that provide the config and certificates. + +## More detail + +[Cloudflare Tunnels](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/) allow you to make services accessible to the external Internet without directly exposing your ports, by forwarding requests via a locally-running daemon which connects to (and is protected by) Cloudflare's global infrastructure. + +Unfortunately, the process of exposing a new service requires two steps: +1. The mapping between "external addressable name" and "internal service" is added to the Cloudflare Tunnel configuration. +2. A DNS entry for the external addressable name (pointing to the tunnel's UUID-based name) is published. + +If the DNS entries are provided by Cloudflare's own DNS servers, Step 2 can be achieved by using the Cloudflare Tunnel tool: `cloudflared tunnel route dns `. However, executing this for all the sites defined in the Cloudflared config file would require some parsing, and the `cloudflare/cloudflared` [image](https://hub.docker.com/r/cloudflare/cloudflared) does not support installing tools like [yq](https://github.com/mikefarah/yq). + +This tool parses the Cloudflared config file and uses the `cloudflared` tool to update DNS records for all configured names, meaning that a single deployment can carry out both update steps. + +## TODOs + +* Extend my [Drone pipeline](https://gitea.scubbo.org/scubbo/cloudflaredtunneldns/src/branch/main/.drone.yml) to push a pre-built image to DockerHub for broader usability. +* Use [Cloudflare API](https://api.cloudflare.com/#dns-records-for-a-zone-properties) to determine which records have already been set to prevent unnecessary no-op updates. \ No newline at end of file