Cloudflare DevelopersCD
Cloudflare Developers2mo ago
manjax

How to access K8 API via Cloudflare Tunnel

  • I have a cloudflare deployment running in a k8s.
    • From another machine where I have kubectl and the config file from the k8s installed, I want to run kubectl get nodes .
    • I have created a Cloudflare tunnel with a public host name which points to the cloudflared in that k8s using TCP. I have also updated the host name in the kubeconfig file but the kubectl from another machine gives either Unable to connect to the server: tls: failed to verify certificate: x509: certificate signed by unknown authority or if I run kubectl --insecure-skip-tls-verify get nodes it gives 
      E1029 23:04:07.790684    1290 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: unexpected end of JSON input"
error: unexpected end of JSON input

      I think this is because the cloudflare terminates the TLS and uses its own certs to contact the origin server. Is there a way to preseve the client certs, since k8s api will need that cert to authenticate?
image.png
Was this page helpful?