## Overview

This is a tool to allow updating [Cloudflare Tunnels](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/) - both adding a service to the tunnel, and updating the DNS entries for the external name of that service - in a single deployment. Add it to a Kubernetes deployment as follows:

```
initContainers:
- name: dns-setter
  image: <location of image>
  command: [ "/bin/bash", "-c", "--" ]
  args: [ "./dns_update.sh --config <path_to_config> --cert <path_to_cert> --domain <your root domain>"]
```

with Volume Mounts that provide the config and certificates.

## More detail

[Cloudflare Tunnels](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/) allow you to make services accessible to the external Internet without directly exposing your ports, by forwarding requests via a locally-running daemon which connects to (and is protected by) Cloudflare's global infrastructure.

Unfortunately, the process of exposing a new service requires two steps:
1. The mapping between "external addressable name" and "internal service" is added to the Cloudflare Tunnel configuration.
2. A DNS entry for the external addressable name (pointing to the tunnel's UUID-based name) is published.

If the DNS entries are provided by Cloudflare's own DNS servers, Step 2 can be achieved by using the Cloudflare Tunnel tool: `cloudflared tunnel route dns <tunnel_name> <domain_name>`. However, executing this for all the sites defined in the Cloudflared config file would require some parsing, and the `cloudflare/cloudflared` [image](https://hub.docker.com/r/cloudflare/cloudflared) does not support installing tools like [yq](https://github.com/mikefarah/yq).

This tool parses the Cloudflared config file and uses the `cloudflared` tool to update DNS records for all configured names, meaning that a single deployment can carry out both update steps.

## TODOs

* Extend my [Drone pipeline](https://gitea.scubbo.org/scubbo/cloudflaredtunneldns/src/branch/main/.drone.yml) to push a pre-built image to DockerHub for broader usability.
* Use [Cloudflare API](https://api.cloudflare.com/#dns-records-for-a-zone-properties) to determine which records have already been set to prevent unnecessary no-op updates.