kubernetes/manifests/cloudflared/cloudflared-configmap.yaml from hongbo-miao/hongbomiao.com

kubernetes/manifests/cloudflared/cloudflared-configmap.yaml
Summary

Maintainability

Test Coverage

Issues
# https://github.com/cloudflare/argo-tunnel-examples/blob/master/named-tunnel-k8s/cloudflared.yaml

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: cloudflared
  namespace: hm-cloudflared
  labels:
    app.kubernetes.io/name: cloudflared
data:
  config.yaml: |
    # Name of the tunnel you want to run
    tunnel: hm-tunnel
    credentials-file: /etc/cloudflared/creds/credentials.json

    # Serves the metrics server under /metrics and the readiness server under /ready
    metrics: 0.0.0.0:2000

    # Autoupdates applied in a k8s pod will be lost when the pod is removed or restarted, so
    # autoupdate doesn't make sense in Kubernetes. However, outside of Kubernetes, we strongly
    # recommend using autoupdate.
    no-autoupdate: true

    # The `ingress` block tells cloudflared which local service to route incoming
    # requests to. For more about ingress rules, see
    # https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/ingress
    #
    # Remember, these rules route traffic from cloudflared to a local service. To route traffic
    # from the internet to cloudflared, run `cloudflared tunnel route dns <tunnel> <hostname>`.
    # E.g. `cloudflared tunnel route dns example-tunnel tunnel.example.com`.
    ingress:

    # The first rule proxies traffic to the httpbin sample Service defined in app.yaml
    # Elastic
    - hostname: elasticsearch.hongbomiao.com
      service: https://hm-elasticsearch-es-http.hm-elastic.svc:9200
      originRequest:
        noTLSVerify: true
    # Grafana
    - hostname: grafana.hongbomiao.com
      service: http://grafana.hm-grafana.svc:80
    # InfluxDB
    - hostname: influxdb.hongbomiao.com
      service: http://influxdb.hm-influxdb.svc:8086
    # Kibana
    - hostname: kibana.hongbomiao.com
      service: https://hm-kibana-kb-http.hm-elastic.svc:5601
      originRequest:
        noTLSVerify: true
    # Kubeflow
    - hostname: kubeflow.hongbomiao.com
      service: http://ml-pipeline-ui.kubeflow.svc:80
    # Loki Write
    - hostname: loki-write.hongbomiao.com
      service: http://loki-write.hm-loki.svc:3100
    # MLflow
    - hostname: mlflow.hongbomiao.com
      service: http://mlflow.hm-mlflow.svc:5000
    # Metabase
    - hostname: metabase.hongbomiao.com
      service: http://metabase.hm-metabase.svc:80
    # pgAdmin
    - hostname: pgadmin.hongbomiao.com
      service: http://pgadmin-pgadmin4.hm-pgadmin.svc:80
    # Prefect
    - hostname: prefect.hongbomiao.com
      service: http://prefect-server.hm-prefect.svc:4200
    # Rasa
    - hostname: rasa.hongbomiao.com
      service: http://web-service.hm.svc:80
    # Ray
    - hostname: ray.hongbomiao.com
      service: http://ray-cluster-kuberay-head-svc.hm-ray.svc:8265
    # Spark
    - hostname: spark.hongbomiao.com
      service: http://spark-master-svc.hm-spark.svc:80

    # This rule sends traffic to the built-in hello-world HTTP server. This can help debug connectivity
    # issues. If hello.example.com resolves and tunnel.example.com does not, then the problem is
    # in the connection from cloudflared to your local service, not from the internet to cloudflared.
    - hostname: hello.example.com
      service: hello_world

    # This rule matches any traffic which didn't match a previous rule, and responds with HTTP 404.
    - service: http_status:404