diff --git a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2 index 303d95e26e5..9adcd2399ca 100644 --- a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2 +++ b/bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2 @@ -44,11 +44,13 @@ spec: secretKeyRef: name: cloudflared-secret key: TUNNEL_ID + #% if bootstrap_cloudflare.tunnel.token %# TUNNEL_TOKEN: valueFrom: secretKeyRef: name: cloudflared-secret key: TUNNEL_TOKEN + #% endif %# args: - tunnel - --config diff --git a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2 index cf97b857b36..0d32339dfcc 100644 --- a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2 +++ b/bootstrap/templates/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2 @@ -5,7 +5,9 @@ metadata: name: cloudflared-secret stringData: TUNNEL_ID: "#{ bootstrap_cloudflare.tunnel.id }#" + #% if bootstrap_cloudflare.tunnel.token %# TUNNEL_TOKEN: "#{ bootstrap_cloudflare.tunnel.token }#" + #% endif %# credentials.json: | { "AccountTag": "#{ bootstrap_cloudflare.tunnel.account_id }#", diff --git a/config.sample.yaml b/config.sample.yaml index bc4948e60cf..ce0189e5588 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -206,7 +206,7 @@ bootstrap_cloudflare: account_id: "" # (Required: CLI) Cloudflared Tunnel Secret: (cat ~/.cloudflared/*.json | jq -r .TunnelSecret) secret: "" - # (Required: Dashboard) Cloudflared Tunnel Token + # (Optional: Dashboard) Cloudflared Tunnel Token managed via the Cloudflare dashboard, Dashboard take higher priority over locally managed tunnel token: "" # (Required) Provide WAN access to the cluster ingresses for external ingress classes # The Load balancer IP for external ingress, choose an available IP