From 7ddc64e0e168203ec508c5d1bed1c103192161f6 Mon Sep 17 00:00:00 2001
From: AjayKumar4 <n.uajaykumar@gmail.com>
Date: Wed, 10 Apr 2024 19:26:20 +0100
Subject: [PATCH 1/2] update Cloudflare dashboard token as optional

---
 .../kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2 | 2 ++
 config.sample.yaml                                              | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2
index cf97b857b36..0d32339dfcc 100644
--- a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2
+++ b/bootstrap/templates/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2
@@ -5,7 +5,9 @@ metadata:
   name: cloudflared-secret
 stringData:
   TUNNEL_ID: "#{ bootstrap_cloudflare.tunnel.id }#"
+  #% if bootstrap_cloudflare.tunnel.token %#
   TUNNEL_TOKEN: "#{ bootstrap_cloudflare.tunnel.token }#"
+  #% endif %#
   credentials.json: |
     {
       "AccountTag": "#{ bootstrap_cloudflare.tunnel.account_id }#",
diff --git a/config.sample.yaml b/config.sample.yaml
index bc4948e60cf..ce0189e5588 100644
--- a/config.sample.yaml
+++ b/config.sample.yaml
@@ -206,7 +206,7 @@ bootstrap_cloudflare:
     account_id: ""
     # (Required: CLI) Cloudflared Tunnel Secret: (cat ~/.cloudflared/*.json | jq -r .TunnelSecret)
     secret: ""
-    # (Required: Dashboard) Cloudflared Tunnel Token
+    # (Optional: Dashboard) Cloudflared Tunnel Token managed via the Cloudflare dashboard, Dashboard take higher priority over locally managed tunnel
     token: ""
     # (Required) Provide WAN access to the cluster ingresses for external ingress classes
     # The Load balancer IP for external ingress, choose an available IP

From d708f607eac4e4b742318de5b268c26a192c0566 Mon Sep 17 00:00:00 2001
From: Devin Buhl <onedr0p@users.noreply.github.com>
Date: Wed, 10 Apr 2024 15:08:05 -0400
Subject: [PATCH 2/2] Update helmrelease.yaml.j2

---
 .../kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2
index 303d95e26e5..9adcd2399ca 100644
--- a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2
+++ b/bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2
@@ -44,11 +44,13 @@ spec:
                   secretKeyRef:
                     name: cloudflared-secret
                     key: TUNNEL_ID
+              #% if bootstrap_cloudflare.tunnel.token %#
               TUNNEL_TOKEN:
                 valueFrom:
                   secretKeyRef:
                     name: cloudflared-secret
                     key: TUNNEL_TOKEN
+              #% endif %#
             args:
               - tunnel
               - --config