Features from ParamountCommerce

charts/cloudflare-tunnel-remote/templates/deployment.yaml

@@ -51,6 +51,6 @@ spec:
             # it has an active connection to the edge.
             path: /ready
             port: 2000
-          failureThreshold: 1
+          failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
           initialDelaySeconds: 10
           periodSeconds: 10

charts/cloudflare-tunnel-remote/values.yaml

@@ -60,3 +60,6 @@ tolerations: []
 
 # Default affinity is to spread out over nodes; use this to override.
 affinity: {}
+
+livenessProbe:
+  failureThreshold: 1

charts/cloudflare-tunnel/templates/configmap.yaml

@@ -14,6 +14,8 @@ data:
       enabled: {{ .Values.cloudflare.enableWarp }}
     # Serves the metrics server under /metrics and the readiness server under /ready
     metrics: 0.0.0.0:2000
+    # Specifies the protocol used to establish a connection between cloudflared and the Cloudflare global network
+    protocol: {{ default "auto" .Values.cloudflare.protocol }}
     # Autoupdates applied in a k8s pod will be lost when the pod is removed or restarted, so
     # autoupdate doesn't make sense in Kubernetes. However, outside of Kubernetes, we strongly
     # recommend using autoupdate.
@@ -25,5 +27,3 @@ data:
       {{- with .Values.cloudflare.ingress }}
       {{- toYaml . | nindent 6 }}
       {{- end }}
-      # This rule matches any traffic which didn't match a previous rule, and responds with HTTP 404.
-      - service: http_status:404

charts/cloudflare-tunnel/templates/deployment.yaml

@@ -52,7 +52,7 @@ spec:
               # it has an active connection to the edge.
               path: /ready
               port: 2000
-            failureThreshold: 1
+            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
             initialDelaySeconds: 10
             periodSeconds: 10
           volumeMounts:
@@ -103,3 +103,7 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/cloudflare-tunnel/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "cloudflare-tunnel.fullname" . }}
+  labels:
+    {{- include "cloudflare-tunnel.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: 2000
+      targetPort: 2000
+      protocol: TCP
+      name: metrics
+  selector:
+    {{- include "cloudflare-tunnel.selectorLabels" . | nindent 4 }}

charts/cloudflare-tunnel/templates/servicemonitor.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "cloudflare-tunnel.fullname" . }}
+  labels:
+    {{- include "cloudflare-tunnel.labels" . | nindent 4 }}
+    {{- with .Values.serviceMonitor.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  jobLabel: {{ template "cloudflare-tunnel.fullname" . }}
+  endpoints:
+  - port: metrics
+    {{- if .Values.serviceMonitor.interval }}
+    interval: {{ .Values.serviceMonitor.interval }}
+    {{- end }}
+    {{- if .Values.serviceMonitor.scrapeTimeout }}
+    scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }}
+    {{- end }}
+    {{- if .Values.serviceMonitor.metricRelabelings }}
+    metricRelabelings:
+    {{ toYaml .Values.serviceMonitor.metricRelabelings | indent 4 }}
+    {{- end }}
+    {{- if .Values.serviceMonitor.relabelings }}
+    relabelings:
+    {{ toYaml .Values.serviceMonitor.relabelings | indent 4 }}
+    {{- end }}
+    {{- if .Values.serviceMonitor.honorLabels }}
+    honorLabels: true
+    {{- end }}
+  selector:
+    matchLabels:
+      {{- include "cloudflare-tunnel.selectorLabels" . | nindent 6 }}
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+{{- end }}

charts/cloudflare-tunnel/values.yaml

@@ -12,6 +12,9 @@ cloudflare:
   secret: ""
   # If defined, no secret is created for the credentials, and instead, the secret referenced is used
   secretName: null
+  # Specifies the protocol used to establish a connection between cloudflared and the Cloudflare global network. Available values are auto, http2, h2mux, and quic. (default: auto)
+  # https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/local-management/arguments/
+  protocol: ""
   # If true, turn on WARP routing for TCP
   enableWarp: false
   # Define ingress rules for the tunnel. See
@@ -78,5 +81,25 @@ nodeSelector: {}
 
 tolerations: []
 
+topologySpreadConstraints: []
+
 # Default affinity is to spread out over nodes; use this to override.
 affinity: {}
+
+livenessProbe:
+  failureThreshold: 1
+
+serviceMonitor:
+  # -- Enable this if you're using https://github.com/coreos/prometheus-operator
+  enabled: false
+  # -- Interval at which endpoints should be scraped.
+  interval: 30s
+  # -- Add custom labels to the ServiceMonitor resource
+  additionalLabels: {}
+    # prometheus: kube-prometheus
+  # -- Chooses the metric’s labels on collisions with target labels.
+  honorLabels: false
+  # -- Path to scrape metrics
+  path: /metrics
+  # -- Timeout for scrape metrics request
+  scrapeTimeout: 10s