We were following the best practices for using terraform to setup argo tunnels listed in this blog post. We were hoping to automatically provision an Argo Tunnel as well as adding internal routes all through terraform.
When running the
cloudflared tunnel route ip command in our metadata startup script, we noticed that it was expecting a user-level certificate as we’re getting the following error:
# cloudflared tunnel route ip list 2022-01-24T04:54:39Z INF Cannot determine default origin certificate path. No file cert.pem in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared] originCertPath= 2022-01-24T04:54:39Z ERR You need to specify the origin certificate path with --origincert option, or set TUNNEL_ORIGIN_CERT environment variable. See https://developers.cloudflare.com/argo-tunnel/reference/arguments/ for more information. originCertPath= error while creating backend client: Error locating origin cert: client didn't specify origincert path when running from terminal
Is there a best practice for creating an ip route inline in an automatic provisioning process?