Cloudflare Tunnel @ Kubernetes: Traffic routing/load balancing
Hello, I’ve been deploying some stuff with Cloudflare Tunnel on k8s lately.
The topology is like this:
Cloudflare Tunnel → Traefik (As IngressController) → Services.
Because this is Kubernetes, it makes sense that I spawn multiple replicas of Cloudflare Tunnels, which works without issues. And incoming traffic is also somewhat load balanced between the replicas.
My question is:
How does Cloudflare load balances these replicas
Do Cloudflare Load Balancing works here? If yes, what benefit would I get?
Please note that the tunnel replicas uses one TunnelID. My current setup is just having a DNS CNAME Record to <tunnelid>.cfargotunnel.com.
Thanks.
2 Replies
Hey I don't have an answer for your question but out of curiosity, do you use any kid of operators to deploy your Cloudflare Tunnel ? 🙂
like https://github.com/beezlabs-org/cloudflare-tunnel-operator, https://github.com/BojanZelic/cloudflare-zero-trust-operator or https://github.com/adyanth/cloudflare-operator?
GitHub
GitHub - BojanZelic/cloudflare-zero-trust-operator: K8s operator fo...
K8s operator for configuring Cloudflare Zero Trust :cloud: :zap: :closed_lock_with_key: - GitHub - BojanZelic/cloudflare-zero-trust-operator: K8s operator for configuring Cloudflare Zero Trust :zap...
GitHub
GitHub - adyanth/cloudflare-operator: A Kubernetes Operator to crea...
A Kubernetes Operator to create and manage Cloudflare Tunnels and DNS records for (HTTP/TCP/UDP*) Service Resources - GitHub - adyanth/cloudflare-operator: A Kubernetes Operator to create and man...
From https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/deploy-tunnels/deploy-cloudflared-replicas/
By design, replicas do not offer any level of traffic steering (random, hash, or round-robin). Instead, when a request arrives to Cloudflare, it will be forwarded to the replica that is geographically closest. If that distance calculation is unsuccessful or the connection fails, we will retry others, but there is no guarantee about which connection is chosen.If you want to use load balancers then you want to use different tunnels with the same config
In this model, more than one tunnel is required with identical configurations. The DNS record (UUID.cfargotunnel.com) for each Cloudflare Tunnel can be used at the origin within the Load Balancer. You can then define traffic steering policies to determine how traffic should be routed to each tunnel.