Helm Chart Reference¶

The Cloudflare Tunnel Gateway Controller is distributed as a Helm chart.

Installation¶

helm install cloudflare-tunnel-gateway-controller \
  oci://ghcr.io/lexfrei/cloudflare-tunnel-gateway-controller/chart \
  --namespace cloudflare-tunnel-system \
  --create-namespace \
  --values values.yaml

Chart Information¶

Field	Value
Chart Name	`cloudflare-tunnel-gateway-controller`
Repository	`oci://ghcr.io/lexfrei/cloudflare-tunnel-gateway-controller/chart`
Source	GitHub

Values Reference¶

For the complete and up-to-date list of all configuration values, see the Helm Chart README.

The README is auto-generated by helm-docs from the chart's values.yaml and Chart.yaml files.

Quick Reference¶

Essential Values¶

# Tunnel configuration
config:
  tunnelID: "550e8400-e29b-41d4-a716-446655440000"  # Required
  apiToken: "your-api-token"                         # Or use existingSecrets
  tunnelToken: "your-tunnel-token"                   # Required for cloudflared

Using Existing Secrets¶

config:
  tunnelID: "550e8400-e29b-41d4-a716-446655440000"
  existingSecrets:
    apiToken:
      name: cloudflare-credentials
      key: api-token
    tunnelToken:
      name: cloudflare-tunnel-token
      key: tunnel-token

High Availability¶

controller:
  replicas: 2
  leaderElection:
    enabled: true

cloudflared:
  replicas: 2

podDisruptionBudget:
  enabled: true
  minAvailable: 1

Monitoring¶

serviceMonitor:
  enabled: true
  interval: 30s
  labels:
    release: prometheus

AmneziaWG Sidecar¶

cloudflared:
  awg:
    enabled: true
    secretName: awg-config

Example Values Files¶

The chart includes example values files in the examples/ directory:

File	Description
`basic-values.yaml`	Minimal configuration
`ha-values.yaml`	High availability setup
`external-secrets-values.yaml`	External Secrets Operator integration
`awg-values.yaml`	AmneziaWG sidecar configuration

Upgrading¶

helm upgrade cloudflare-tunnel-gateway-controller \
  oci://ghcr.io/lexfrei/cloudflare-tunnel-gateway-controller/chart \
  --namespace cloudflare-tunnel-system \
  --values values.yaml

Version Pinning¶

Pin to specific versions in production:

helm upgrade cloudflare-tunnel-gateway-controller \
  oci://ghcr.io/lexfrei/cloudflare-tunnel-gateway-controller/chart \
  --version 0.8.0 \
  --namespace cloudflare-tunnel-system \
  --values values.yaml

Uninstalling¶

helm uninstall cloudflare-tunnel-gateway-controller \
  --namespace cloudflare-tunnel-system

Cleanup

Uninstalling the Helm release removes the controller and cloudflared pods. The tunnel configuration in Cloudflare will remain. To fully clean up, delete the tunnel from the Cloudflare dashboard.

CRDs¶

The chart installs the GatewayClassConfig CRD. Gateway API CRDs must be installed separately:

kubectl apply --filename https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.0/standard-install.yaml

Dependencies¶

The controller uses the cloudflare-tunnel Helm chart to deploy cloudflared when cloudflared.enabled: true.

Helm Chart Testing¶

Test the chart locally:

# Lint
helm lint charts/cloudflare-tunnel-gateway-controller

# Template
helm template test charts/cloudflare-tunnel-gateway-controller \
  --values charts/cloudflare-tunnel-gateway-controller/examples/basic-values.yaml

# Unit tests
helm unittest charts/cloudflare-tunnel-gateway-controller