Cloudflare Connector
The Cloudflare connector (cloudflared) advertises your cluster private
subnet as a Cloudflare Zero Trust CIDR route.
This lets Cloudflare WARP users reach MetalLB private VIPs and other private services on that subnet without exposing them to the public internet.
Features available
- Install from Cluster > Gateway or Cluster > Add-ons
- Use a managed Cloudflare Tunnel or provide an existing tunnel ID
- Route the cluster private subnet through Cloudflare Zero Trust
- Pair with MetalLB private VIPs and private Gateway classes
- API token used during install or update and not persisted by Edka
How it fits in Edka
Install the connector after you enable cluster private networking and set a private subnet for the cluster.
During install, provide:
- your Cloudflare Account ID
- a Cloudflare API token
- optionally, an existing Cloudflare Tunnel ID and tunnel name
Edka can create and manage the tunnel for you, or reuse the tunnel you already own. The connector routes the subnet itself, so you still use Gateway and Domains for hostname binding and TLS management.
For the full routing model, see Private Networking with MetalLB and Cloudflare. For the step-by-step traffic guide, see Cloudflare Zero Trust Private Access.
Deploy Cloudflare Connector
Cloudflare Connector
Networking
Advertise your cluster private subnet through Cloudflare Zero Trust. Edka installs the cloudflared connector to reach internal services over a Tunnel.