Skip to content

Commit

Permalink
Add: cert tunnel secret as env to container
Browse files Browse the repository at this point in the history
  • Loading branch information
Leo310 committed Nov 5, 2022
1 parent 52be80b commit 5ade3f3
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 9 deletions.
17 changes: 10 additions & 7 deletions applications/cloudflared/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,12 @@ spec:
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10
env:
- name: TUNNEL_ORIGIN_CERT
valueFrom:
secretKeyRef:
name: tunnel-credentials
key: origin-cert
volumeMounts:
- name: config
mountPath: /etc/cloudflared/config
Expand All @@ -40,18 +46,15 @@ spec:
# to run the tunnel. cloudflared will read this file from its local filesystem,
# and it'll be stored in a k8s secret.
- name: creds
mountPath: /etc/cloudflared/creds
mountPath: /etc/cloudflared
readOnly: true
volumes:
- name: creds
secret:
# By default, the credentials file will be created under ~/.cloudflared/<tunnel ID>.json
# when you run `cloudflared tunnel create`. You can move it into a secret by using:
# ```sh
# kubectl create secret generic tunnel-credentials \
# --from-file=credentials.json=/Users/yourusername/.cloudflared/<tunnel ID>.json
# ```
secretName: tunnel-credentials
items:
- key: credentials.json
path: cert
# Create a config.yaml file from the ConfigMap below.
- name: config
configMap:
Expand Down
5 changes: 3 additions & 2 deletions tooling/create_environment.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ ENV_VARS=( \
["CF_API_TOKEN"]="Cloudflare access api token to update dns records"
["CF_CA_API_KEY"]="Cloudflare access ca key to get cert.pem for encrpyted tunnel"
["CF_TUNNEL_CREDS"]="Cloudflare access creds to create tunnel"
["CF_TUNNEL_ORIGIN_CERT"]="Cloudflare tunnel certificate"
["DO_INLETS_TOKEN"]="Digitalocean access token to create inlets server droplet"
["MYSQL_SECRET"]="Mysql Database secret"
)
Expand Down Expand Up @@ -75,8 +76,8 @@ function main() {

secret_name="tunnel-credentials"
dest_directory="${TOP_LEVEL_DIR}/applications/cloudflared/tunnel-credentials.yaml"
env_secrets=('CF_TUNNEL_CREDS')
dest_secrets=('credentials.json')
env_secrets=('CF_TUNNEL_CREDS' 'CF_TUNNEL_ORIGIN_CERT')
dest_secrets=('credentials.json' 'origin-cert')
create_secret $secret_name $dest_directory "${env_secrets[@]}" "${dest_secrets[@]}"

secret_name="mysql"
Expand Down
1 change: 1 addition & 0 deletions tooling/secret-templates/tunnel-credentials-secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@ metadata:
argocd.argoproj.io/secret-type: repository
stringData:
credentials.json: CF_TUNNEL_CREDS
origin-cert: CF_TUNNEL_ORIGIN_CERT

0 comments on commit 5ade3f3

Please sign in to comment.