be Groovie

About

Ben Bangert is a San Francisco Bay Area programmer, best known for his open-source work creating and contributing to Python libraries such as Pylons, Beaker, and Routes.
He currently works at Mozilla.

Categories

Argo Tunnel in Kubernetes

Note

Part [1 2 3] of a series of more. I don’t know how much more yet as this is primarily written to document my setup so I can refer to it later when I wonder why/how I did something.

To get the Argo Tunnel working in Kubernetes, we need to first install helm on the computer we run kubectl from. I use a debian based system for this, so these commands are the appropriate ones for a recent debian that has snap.

Install helm:

$ sudo snap install helm --classic

Configure a service account with cluster-admin role by sticking this into a rbac-config.yaml file:

apiVersion: v1
kind: ServiceAccount
metadata:
    name: tiller
    namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
    name: tiller
roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: cluster-admin
subjects:
- kind: ServiceAccount
    name: tiller
    namespace: kube-system

Apply the configuration to the cluster:

$ kubectl create -f rbac-config.yaml

Initialize helm:

$ helm init --service-account tiller --history-max 200

Now we’re ready to add the cloudflared ingress controller:

$ helm repo add cloudflare https://cloudflare.github.io/helm-charts
$ helm repo update
$ helm install --name anydomain --namespace default \
    --set rbac.create=true \
    --set controller.ingressClass=argo-tunnel \
    --set controller.logLevel=6 \
    cloudflare/argo-tunnel

Install cloudflared from here.

Then run cloudflared login and put the cert in ~/.cloudflared/cert.pm.

Create a secret for this domain:

$ kubectl create secret generic DOMAIN --from-file="$HOME/.cloudflared/cert.pem"

The rest of the Argo instructions for an Ingress definition should all work fine now.