You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I ended up configuring a series of TunnelBindings in an undocumented fashion and while it works, there was a funny issue that cropped up.
Use Case:
I wanted to use the disableDNSUpdates: true feature in the tunnelRef and a Proxied Wildcard in my cluster - but to also let the operator create the initial tunnel instead of bringing my own.
When the config ended up in this configuration, the first ingress would always match because of the wildcard, and the tunnel would respond with a 404. It wasn't until I renamed the TunnelBinding objects that I received a different layout of the config.
I was thinking there could be a feature to allow for the optional ignoring of a TunnelBinding. Or perhaps a priority number? Some sort of feature so that we could better order the resulting config.
The text was updated successfully, but these errors were encountered:
Oh interesting. The wildcard is added by the fallback_target on the tunnel rather than the binding. The sort order was necessary so as to not unnecessarily update the deployment just due to the order in which k8s decides to return the bindings.
I had not considered the edge case of adding a wildcard in the binding, which does cause issues. By design, the wildcard only comes in the end when using fallback_target. In that case, I think it would be ideal to use the sort order for non wildcards, and then sort the wildcards with longest matching first, and also officially allow overriding the fallback_target with a tunnel binding. Thanks!
I ended up configuring a series of
TunnelBindings
in an undocumented fashion and while it works, there was a funny issue that cropped up.Use Case:
I wanted to use the
disableDNSUpdates: true
feature in thetunnelRef
and a Proxied Wildcard in my cluster - but to also let the operator create the initial tunnel instead of bringing my own.When configured in this manner, I would get a good Cloudflare config yaml, albeit with a funky entry for "wildcard"
When I repeated this configuration, but with slightly different
name
values, I noticed a different behavior:When the config ended up in this configuration, the first ingress would always match because of the wildcard, and the tunnel would respond with a 404. It wasn't until I renamed the TunnelBinding objects that I received a different layout of the config.
I suspect that TunnelBindings are returned alphabetically by name in
getRelevantTunnelBindings
and the loop here https://github.com/adyanth/cloudflare-operator/blob/main/controllers/tunnelbinding_controller.go#L561.I was thinking there could be a feature to allow for the optional ignoring of a TunnelBinding. Or perhaps a priority number? Some sort of feature so that we could better order the resulting config.
The text was updated successfully, but these errors were encountered: