Cloudflared is a lightweight proxy client for securely connecting applications to Cloudflare’s network. It powers Cloudflare Tunnel, allowing services to be exposed without opening ports or configuring firewall rules. cloudflared routes traffic through Cloudflare’s global network, enhancing security with DDoS protection, authentication, and encrypted connections. It supports HTTP, TCP, and QUIC, making it ideal for self-hosted services, remote access, and zero-trust networking.
cloudflared from bjw-s-labs/helm/app-template is more popular with 60 repositories.
Install with:
helm repo add bjw-s https://bjw-s-labs.github.io/helm-charts/
helm install cloudflared bjw-s/app-template -f values.yamlSee examples from other people.
| Name | Repo | Stars | Version | Timestamp |
|---|---|---|---|---|
| cloudflared | tyriis/home-ops | 75 | 4.4.0 | 6 hours ago |
| cloudflared | JJGadgets/Biohazard | 78 | 1.5.1 | 5 days ago |
| cloudflared | samip5/k8s-cluster | 142 | 3.7.3 | 6 months ago |
See the most popular values for this chart:
| Key | Types |
|---|---|
persistence.config.name (15) cloudflared-configmap | string |
persistence.config.type (15) configMap | string |
persistence.config.globalMounts[].path (8) /etc/cloudflared/config/config.yaml | string |
| string | |
| boolean | |
| boolean | |
persistence.config.mountPath (3) /etc/cloudflared/config/config.yaml | string |
| boolean | |
persistence.config.subPath (3) config.yaml | string |
persistence.config.advancedMounts.cloudflared.cloudflared[].path (2) /etc/cloudflared/config.yaml | string |
| boolean | |
| string | |
persistence.config.advancedMounts.cloudflared.app[].path (1) /etc/cloudflared/config.yaml | string |
| boolean | |
| string | |
persistence.config.advancedMounts.main.main[].path (1) /etc/cloudflared/config/config.yaml | string |
| boolean | |
| string | |
persistence.creds.name (8) cloudflared-secret | string |
| string | |
persistence.creds.globalMounts[].path (5) /etc/cloudflared/creds/credentials.json | string |
persistence.creds.globalMounts[].subPath (5) credentials.json | string |
| boolean | |
| boolean | |
persistence.creds.mountPath (2) /etc/cloudflared/creds/credentials.json | string |
| boolean | |
persistence.creds.subPath (2) credentials.json | string |
persistence.creds.advancedMounts.main.main[].path (1) /etc/cloudflared/creds/credentials.json | string |
| boolean | |
persistence.creds.advancedMounts.main.main[].subPath (1) credentials.json | string |
persistence.credentials.name (5) cloudflared-cred | string |
| string | |
persistence.credentials.advancedMounts.cloudflared.cloudflared[].path (2) /etc/cloudflared/cred.json | string |
| boolean | |
| string | |
persistence.credentials.advancedMounts.cloudflared.app[].path (1) /etc/cloudflared/1d1865c6-c0dd-4236-8d7d-79722940886f.json | string |
| boolean | |
persistence.credentials.advancedMounts.cloudflared.app[].subPath (1) 1d1865c6-c0dd-4236-8d7d-79722940886f.json | string |
| boolean | |
persistence.credentials.globalMounts[].path (1) /etc/cloudflared/${TUNNEL_ID}.json | string |
| boolean | |
persistence.credentials.globalMounts[].subPath (1) credentials.json | string |
persistence.credentials.mountPath (1) /etc/cloudflared/credentials.json | string |
| boolean | |
persistence.credentials.subPath (1) credentials.json | string |
| number | |
controllers.cloudflared.containers.app.args[] (9) - tunnel | string |
controllers.cloudflared.containers.app.image.repository (9) docker.io/cloudflare/cloudflared | string |
controllers.cloudflared.containers.app.image.tag (9) 2025.10.0@sha256:396cd2e6f021275ad09969a1b4f1a7e62ca5349fde62781ce082bb2c18105c70 | string |
| boolean | |
| boolean | |
| number | |
| string | |
| number | |
| number | |
| number | |
| number | |
| boolean | |
| boolean | |
| number | |
| string | |
| number | |
| number | |
| number | |
| number | |
| boolean | |
| boolean | |
| number | |
| string | |
| number | |
| number | |
| string | |
| string | |
| string | |
| string, boolean | |
| string | |
| string | |
| boolean | |
| boolean | |
controllers.cloudflared.containers.app.env.TUNNEL_CRED_FILE (5) /etc/cloudflared/creds/credentials.json | string |
| string | |
| string | |
| boolean | |
| string | |
| boolean | |
controllers.cloudflared.containers.app.envFrom[].secretRef.name (3) cloudflared-secret | string |
| number | |
| string | |
| string | |
controllers.cloudflared.containers.cloudflared.args[] (2) - tunnel | string |
| string | |
| string | |
controllers.cloudflared.containers.cloudflared.env.CONFIG_SECRETNAME (2) universal-image-pull-secret | string |
| string | |
controllers.cloudflared.containers.cloudflared.env.TZ (2) America/New_York | string |
controllers.cloudflared.containers.cloudflared.image.repository (2) cloudflare/cloudflared | string |
controllers.cloudflared.containers.cloudflared.image.tag (2) 2025.10.0-amd64 | string |
| boolean | |
| boolean | |
| boolean | |
| string | |
| string | |
| string | |
| string | |
controllers.cloudflared.strategy (8) RollingUpdate | string |
| number | |
| boolean | |
| number | |
| string | |
| string | |
| number | |
controllers.cloudflared.pod.topologySpreadConstraints[].topologyKey (2) kubernetes.io/hostname | string |
| string | |
controllers.cloudflared.type (2) daemonset | string |
| string | |
controllers.main.containers.main.args[] (1) - tunnel | string |
| string | |
controllers.main.containers.main.env.TUNNEL_CRED_FILE (1) /etc/cloudflared/creds/credentials.json | string |
| string | |
| string | |
| string | |
| string | |
controllers.main.containers.main.image.repository (1) docker.io/cloudflare/cloudflared | string |
| string | |
| boolean | |
| boolean | |
| number | |
| string | |
| number | |
| number | |
| number | |
| number | |
| boolean | |
| boolean | |
| number | |
| string | |
| number | |
| number | |
| number | |
| number | |
| boolean | |
| string | |
| string | |
| string | |
| number | |
controllers.main.strategy (1) RollingUpdate | string |
service.app.controller (9) cloudflared | string |
| number | |
| number | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
serviceMonitor.app.serviceName (6) cloudflared | string |
| boolean | |
| boolean | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| number | |
| boolean | |
| number | |
| string | |
| string | |
| number | |
defaultPodOptions.topologySpreadConstraints[].topologyKey (1) kubernetes.io/hostname | string |
| string | |
args[] (3) - tunnel | string |
image.repository (3) docker.io/cloudflare/cloudflared | string |
image.tag (3) 2025.10.1 | string |
configMaps.config.data."config.yaml" (2) tunnel: "${SECRET_CLOUDFLARE_TUNNEL_ID}"
credentials-file: /etc/cloudflared/credentials.json
no-autoupdate: true
ingress:
- hostname: "cftest.${DNS_SHORT}"
service: hello_world
- hostname: "*"
path: "^/metrics"
service: http://default-backend.ingress.svc.cluster.local:80
- hostname: "${APP_DNS_FLUX_WEBHOOK}"
service: "http://webhook-receiver.flux-system.svc.cluster.local:80"
- hostname: "social.jjgadgets.tech"
service: http://gotosocial.gotosocial.svc.cluster.local:80
#originRequest:
# originServerName: "social.jjgadgets.tech"
- hostname: "${APP_DNS_PIPED_BACKEND}"
path: "^/webhooks"
service: http://piped-backend.piped.svc.cluster.local:8080
- hostname: "${APP_DNS_HEADSCALE}"
service: https://headscale.headscale.svc.cluster.local.:8080
originRequest:
originServerName: "${APP_DNS_HEADSCALE}"
- hostname: "*.${DNS_SHORT}"
service: https://nginx-external-controller.ingress.svc.cluster.local:443
originRequest:
originServerName: "ingress.${DNS_SHORT}"
- hostname: "${DNS_SHORT}"
service: https://nginx-public-controller.ingress.svc.cluster.local:443
originRequest:
originServerName: "${DNS_SHORT}"
- hostname: "${APP_DNS_AUTHENTIK}"
service: https://nginx-external-controller.ingress.svc.cluster.local:443
originRequest:
originServerName: "${APP_DNS_AUTHENTIK}"
- hostname: "*.${DNS_MAIN}"
service: https://nginx-public-controller.ingress.svc.cluster.local:443
originRequest:
originServerName: "ingress.${DNS_MAIN}"
- service: http://default-backend.ingress.svc.cluster.local:80
| string |
| boolean | |
| string | |
| number | |
controller.strategy (2) RollingUpdate | string |
controller.type (1) daemonset | string |
| string | |
env.TUNNEL_CRED_FILE (2) /etc/cloudflared/creds/credentials.json | string |
| string | |
env.TUNNEL_ID.valueFrom.secretKeyRef.name (2) cloudflared-secret | string |
env.TUNNEL_METRICS (2) 0.0.0.0:8080 | string |
| boolean | |
| string | |
| boolean | |
| boolean | |
| number | |
| string | |
| string | |
| number | |
| number | |
| number | |
| boolean | |
| boolean | |
| number | |
| string | |
| string | |
| number | |
| number | |
| number | |
| boolean | |
| string | |
| string | |
| string | |
| boolean | |
| string | |
| string | |
| string |