Argo Tunnel in Kubernetes

To get the Argo Tunnel working in Kubernetes, we need to first install helm on the computer we run kubectl from. I use a debian based system for this, so these commands are the appropriate ones for a recent debian that has snap.

Install helm:

sudo snap install helm --classic

Configure a service account with cluster-admin role by sticking this into a rbac-config.yaml file:

apiVersion: v1
kind: ServiceAccount
metadata:
    name: tiller
    namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
    name: tiller
roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: cluster-admin
subjects:
- kind: ServiceAccount
    name: tiller
    namespace: kube-system

Apply the configuration to the cluster:

kubectl create -f rbac-config.yaml

Initialize helm:

helm init --service-account tiller --history-max 200

Now we're ready to add the cloudflared ingress controller:

$ helm repo add cloudflare https://cloudflare.github.io/helm-charts
$ helm repo update
$ helm install --name anydomain --namespace default \
    --set rbac.create=true \
    --set controller.ingressClass=argo-tunnel \
    --set controller.logLevel=6 \
    cloudflare/argo-tunnel

Install cloudflared from here.

Then run cloudflared login and put the cert in ~/.cloudflared/cert.pm.

Create a secret for this domain:

kubectl create secret generic DOMAIN --from-file="$HOME/.cloudflared/cert.pem"

The rest of the Argo instructions for an Ingress definition should all work fine now.