Configuration¶
This section covers all configuration options for the Cloudflare Tunnel Gateway Controller.
Overview¶
The controller can be configured at multiple levels:
- Controller Options - CLI flags and environment variables
- Helm Values - Deployment configuration via Helm chart
- GatewayClassConfig - Cloudflare API credentials and tunnel UUID
Sections¶
-
Controller Options
CLI flags, environment variables, and runtime configuration.
-
Helm Values
Complete reference for Helm chart configuration values.
-
GatewayClassConfig
Custom Resource for tunnel credentials and tunnel identity (Cloudflare API token + Tunnel UUID).
-
L7 Proxy Configuration
Helm values for the L7 reverse proxy: replicas, resources, health probes, networking, and security contexts.
Configuration Flow¶
flowchart LR
subgraph Kubernetes
GCC[GatewayClassConfig]
SEC[Secrets]
end
subgraph Controller
RES[ConfigResolver]
CONFIG[ResolvedConfig]
CTRL[Controllers]
end
GCC --> RES
SEC --> RES
RES --> CONFIG
CONFIG --> CTRLQuick Reference¶
| Configuration | Source | Purpose |
|---|---|---|
--controller-name | CLI flag | GatewayClass spec.controllerName this instance binds to |
--proxy-endpoints | CLI flag | Proxy config-API URLs (required; the chart wires this to the proxy headless Service) |
tunnelID | GatewayClassConfig | Cloudflare Tunnel UUID |
accountId | GatewayClassConfig | Optional account ID override (auto-detected otherwise) |
cloudflareCredentialsSecretRef | GatewayClassConfig | API token Secret reference |
proxy.tunnelTokenSecretRef | Helm values | Tunnel token Secret reference (consumed by the proxy pod) |