Cloudflare Tunnel Integration Update.

Change Summary

This commit introduces a new module for managing a Cloudflare Tunnel within the infrastructure-as-code (IaC) setup. It includes the creation of Terraform configuration files to define resources and providers necessary for deploying and managing the Cloudflare Tunnel. Additionally, it modifies existing ingress configurations to use the Cloudflare Tunnel instead of Traefik.

Technical Details

• New Files Created:
  • IaC/_envcommon/cloudflare-tunnel.hcl: Includes common configurations and providers for the Cloudflare Tunnel.
  • IaC/_envcommon/locks/cloudflare-tunnel.terraform.lock.hcl: Lock file for Terraform providers.
  • IaC/modules/cloudflare-tunnel/init.tf: Initializes required providers and locals.
  • IaC/modules/cloudflare-tunnel/main.tf: Defines Kubernetes namespace and ArgoCD application for the Cloudflare Tunnel.
  • IaC/modules/cloudflare-tunnel/secrets.tf: Manages AWS SSM parameters and Kubernetes secrets for the Cloudflare Tunnel.
  • IaC/production/homelab/cloudflare-tunnel/.terraform.lock.hcl: Production lock file for Terraform providers.
  • IaC/production/homelab/cloudflare-tunnel/terragrunt.hcl: Terragrunt configuration file.
• Modified Files:
  • IaC/modules/open-webui/ingress.tf: Updates ingress configurations to use the Cloudflare Tunnel instead of Traefik.

Key Learnings & Insights

• Modularization: The changes demonstrate a best practice of modularizing infrastructure code. By creating a dedicated module for the Cloudflare Tunnel, the codebase becomes more maintainable and reusable.
• Secret Management: The use of AWS SSM parameters and Kubernetes ExternalSecrets showcases a secure approach to managing sensitive data.
• Provider Versioning: Explicitly specifying provider versions ensures consistency and reduces the risk of breaking changes due to updates.

Impact Assessment

• Performance: The switch from Traefik to the Cloudflare Tunnel may impact performance, depending on the specific use case and configuration. Cloudflare’s global network could offer benefits in terms of latency and security.
• Security: Using Cloudflare Tunnel enhances security by leveraging Cloudflare’s DDoS protection and other security features.
• Maintainability: The modular approach and clear separation of concerns make the codebase easier to maintain and extend.

Developer Notes

• Gotchas: Ensure that the AWS SSM parameters are correctly configured with the actual secret values before deployment.
• Edge Cases: Monitor the Cloudflare Tunnel for any rate limiting or other constraints imposed by Cloudflare’s service.
• Future Improvements: Consider automating the update of AWS SSM parameter values to avoid manual intervention.