# strrl/cloudflare-tunnel-ingress-controller

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/strrl-cloudflare-tunnel-ingress-controller).**

1,152 stars · 86 forks · Go · MIT

## Links

- GitHub: https://github.com/STRRL/cloudflare-tunnel-ingress-controller
- Homepage: https://tunnel.strrl.dev
- awesome-repositories: https://awesome-repositories.com/repository/strrl-cloudflare-tunnel-ingress-controller.md

## Topics

`cloudflare` `cloudflare-tunnel` `ingress` `ingress-controller` `kubernetes` `selfhosted`

## Description

This project is a Kubernetes controller that automates the management of public-facing network resources and secure ingress connectivity. It functions by observing custom resource definitions to reconcile the desired state of network traffic with the actual configuration of internal services.

The controller manages network connectivity by establishing secure outbound tunnels, which eliminates the requirement for traditional inbound firewall ports or port forwarding. It integrates directly with external cloud management interfaces to automate the lifecycle of these tunnels and synchronize domain records, ensuring that internal services remain reachable from the internet.

The system provides comprehensive traffic management and operational visibility by tracking configuration changes and system performance through standard logging and metrics interfaces. It supports zero-trust access patterns by maintaining secure connections from within the cluster to an external gateway.

## Tags

### Security & Cryptography

- [Cloudflare Tunnels](https://awesome-repositories.com/f/security-cryptography/secure-remote-connectivity-tools/secure-tunneling/cloudflare-tunnels.md) — Automates the lifecycle of secure outbound tunnels to edge networks, eliminating the need for public IP addresses or port forwarding.
- [Zero Trust Access](https://awesome-repositories.com/f/security-cryptography/zero-trust-access.md) — Enables secure access to private services through outbound tunnels, supporting zero-trust connectivity patterns.

### DevOps & Infrastructure

- [Declarative Infrastructure Reconciliation](https://awesome-repositories.com/f/devops-infrastructure/declarative-infrastructure-reconciliation.md) — Continuously monitors and enforces the desired network state by reconciling cluster resource definitions with external infrastructure.
- [Ingress Controllers](https://awesome-repositories.com/f/devops-infrastructure/ingress-controllers.md) — Acts as a network traffic manager that maps cluster services to public domains without opening inbound firewall ports.
- [Kubernetes Controllers](https://awesome-repositories.com/f/devops-infrastructure/kubernetes-controllers.md) — Implements a control loop that observes cluster resource states and reconciles them to maintain network connectivity.
- [Automated DNS Record Synchronization](https://awesome-repositories.com/f/devops-infrastructure/automated-dns-record-synchronization.md) — Automatically synchronizes cluster resource states with external DNS provider records to keep services reachable.
- [Declarative Infrastructure Provisioning](https://awesome-repositories.com/f/devops-infrastructure/cloud-infrastructure-deployment/managed-infrastructure-deployment/infrastructure-deployment-provisioning/declarative-infrastructure-provisioning.md) — Automates the creation and updates of cloud network resources using declarative configuration files during the deployment lifecycle.
- [Kubernetes Application Exposers](https://awesome-repositories.com/f/devops-infrastructure/public-service-exposers/container-service-exposers/kubernetes-application-exposers.md) — Exposes internal cluster services to the public web securely without requiring inbound firewall ports.

### Networking & Communication

- [Connection Lifecycle Managers](https://awesome-repositories.com/f/networking-communication/network-reliability-diagnostics/connection-session-management/connection-management/connection-lifecycle-managers.md) — Automates the lifecycle of network tunnels and domain records to ensure persistent service reachability. ([source](https://tunnel.strrl.dev/))
- [Multiplexed](https://awesome-repositories.com/f/networking-communication/reverse-tunnels/multiplexed.md) — Multiplexes multiple network connections over a single secure outbound tunnel to bypass inbound firewall restrictions.
- [Traffic Tunneling](https://awesome-repositories.com/f/networking-communication/traffic-tunneling.md) — Directs incoming requests to internal services via secure outbound tunnels, bypassing traditional inbound network exposure. ([source](https://tunnel.strrl.dev/))
