guide_subdomain_tunnel.md

Argo Tunnels for Subdomains

A guiding to setting up subdomain tunnels.

Setup Your First Tunnel generates and installs a certificate matching mydomain.com and *.mydomain.com. To configure tunnels for subdomains, we'll need to generate additional certificates.

The guide builds on Setup Your First Tunnel.

subdomain.mydomain.com is a place holder. Updated the value to match your Cloudflare domain.

Step 1: Create a Subdomain Certificate

Certificates are located under Crypto on the Cloudflare dashboard.

• Browse to Crypto.
• Click Create Certificate.
• Select the private key type ECDSA.
• Set domains subdomain.mydomain.com and *.subdomain.mydomain.com.
• Click Next.
• Save both the Private Key and Certificate to a file cert.pem.

Save the entire contents with-in and including the section tags.

Step 2: Append the Tunnel Token

awk '/BEGIN.*TUNNEL/{mark=1}/END.*TUNNEL/{print;mark=0}mark' ~/.cloudflared/cert.pem >> cert.pem

Step 3: Deploy the Tunnel Secret

kubectl create secret generic subdomain.mydomain.com --from-file="cert.pem"

Create the secret in the same namespace as the service deployment. Adjust subdomain.mydomain.com to match your Cloudflare domain.

Step 4: Attach a Tunnel

When the controller observes the creation of an ingress, it verifies that the referenced service, endpoints, and secret exists and opens a tunnel between the Cloudflare receiver and the kubernetes virtual service ip.

kubectl apply -f deploy/echo.yaml

Adjust the Ingress host echo.subdomain.mydomain.com to match your Cloudflare domain.

Step 5: Verify the Tunnel

The tunnel will be visible under DNS on the Cloudflare dashboard.

• Browse to Cloudflare: DNS.
• Browse to echo.subdomain.mydomain.com.

Adjust the Ingress host echo.subdomain.mydomain.com to match your Cloudflare domain.