feat: auto create records for Cloudflare Tunnels as well

README.md

@@ -91,6 +91,7 @@ Distributed under the GPLv3 License. See `LICENSE` for more information.
 - [Run the same Cloudflare Tunnel across many `cloudflared` processes](https://developers.cloudflare.com/cloudflare-one/tutorials/many-cfd-one-tunnel)
 - [MAC address environment variable in GRUB config](https://askubuntu.com/questions/1272400/how-do-i-automate-network-installation-of-many-ubuntu-18-04-systems-with-efi-and)
 - [Official k3s systemd service file](https://github.com/k3s-io/k3s/blob/master/k3s.service)
+- [Official Cloudflare Tunnel examples](https://github.com/cloudflare/argo-tunnel-examples)
 
 ## Stargazers over time
 

apps/blog/ingress.yaml

@@ -4,7 +4,8 @@ metadata:
   name: blog
   annotations:
     cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    external-dns.alpha.kubernetes.io/exclude: 'true'
+    external-dns.alpha.kubernetes.io/target: "homelab-tunnel.khuedoan.com"
+    external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
 spec:
   ingressClassName: nginx
   rules:

external/cloudflare.tf

@@ -39,20 +39,6 @@ resource "cloudflare_argo_tunnel" "homelab" {
   secret     = base64encode(random_password.tunnel_secret.result)
 }
 
-resource "cloudflare_record" "tunnels" {
-  for_each = toset([
-    "blog",
-    "git"
-  ])
-
-  zone_id = data.cloudflare_zone.khuedoan_com.id
-  type    = "CNAME"
-  name    = each.key
-  value   = "${cloudflare_argo_tunnel.homelab.id}.cfargotunnel.com"
-  proxied = true
-  ttl     = 1 # Auto
-}
-
 resource "kubernetes_namespace" "namespaces" {
   for_each = toset([
     "cert-manager",
@@ -102,6 +88,16 @@ resource "cloudflare_api_token" "external_dns" {
   }
 }
 
+# Not proxied, not accessible. Just a record for auto-created CNAMEs by external-dns.
+resource "cloudflare_record" "tunnel" {
+  zone_id = data.cloudflare_zone.khuedoan_com.id
+  type    = "CNAME"
+  name    = "homelab-tunnel"
+  value   = "${cloudflare_argo_tunnel.homelab.id}.cfargotunnel.com"
+  proxied = false
+  ttl     = 1 # Auto
+}
+
 resource "kubernetes_secret" "external_dns_token" {
   metadata {
     name = "cloudflare-api-token"

platform/gitea/values.yaml

@@ -4,7 +4,8 @@ gitea:
     className: nginx
     annotations:
       cert-manager.io/cluster-issuer: "letsencrypt-prod"
-      external-dns.alpha.kubernetes.io/exclude: 'true'
+      external-dns.alpha.kubernetes.io/target: "homelab-tunnel.khuedoan.com"
+      external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
     hosts:
       - host: &host git.khuedoan.com
         paths: