Cloudflare Tunnel
Cloudflare Tunnel securely connects resources to Cloudflare without a public IP. A lightweight daemon (cloudflared) creates outbound-only connections to Cloudflare, allowing safe access to services like HTTP, SSH, remote desktops, and other protocols.
More info: https://github.com/cloudflare/cloudflared/
Installation
Cloudflared system extension can be installed by customising boot assets or after installation with the installer
You can use the following schematic file:
# cloudflared-ext.yaml
customization:
systemExtensions:
officialExtensions:
- siderolabs/cloudflared
Check documentation for install:
- https://www.talos.dev/latest/talos-guides/configuration/system-extensions/
- https://www.talos.dev/latest/talos-guides/install/boot-assets/
Usage
Configure the extension via ExtensionServiceConfig document.
# cloudflared-config.yaml
---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: cloudflared
environment:
- TUNNEL_TOKEN=<your_token>
- TUNNEL_METRICS=localhost:2000
- TUNNEL_EDGE_IP_VERSION=auto # if your node is only configured for IPv6
Then apply the patch to your node's MachineConfigs
talosctl patch mc -p @cloudflared-config.yaml
You will then be able to verify that it is in place with the following command
talosctl get extensionserviceconfigs
NODE NAMESPACE TYPE ID VERSION
mynode runtime ExtensionServiceConfig cloudflared 1
Configuration
See all run parameters here (use environment variables): https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/