EDIT: To future visitors: Before anyting else, make sure you have the Cloudflare Proxy enabled for the CNAME record that points to your tunnel. Otherwise it will not work!!
Check out alberts answer below for more details!
1. The name of the domain about which you’re posting, your interest; visitor, owner, vendor, etc.
-
We are hosting k8s/GKE on GCP.
-
I just want to get the hello_world app to run for now.
-
Cloudflared has been set up according to the tutorial (
https://developers.cloudflare.com/cloudflare-one/tutorials/many-cfd-one-tunnel/) and is running successfully in debug mode with no errors just a warning:
-
The tunnel shows a healthy in the dashboard,
-
CNAME record has been added,
-
Nameservers are set to CF
In another thread from '21(https://community.cloudflare.com/t/argo-tunnel-problem-could-not-resolve-host-uuid-cfargotunnel-com/327739/6) someone suggested Railgun being activated could be the cause but the setting seems to be no longer existing.
here’s the k8s yaml:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cloudflared
spec:
selector:
matchLabels:
app: cloudflared
replicas: 1 # You could also consider elastic scaling for this deployment
template:
metadata:
labels:
app: cloudflared
spec:
containers:
- name: cloudflared
image: cloudflare/cloudflared:2023.2.1
args:
- tunnel
- --config
- /etc/cloudflared/config/config.yaml
- --loglevel
- debug
- run
livenessProbe:
httpGet:
path: /ready
port: 2000
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10
volumeMounts:
- name: config
mountPath: /etc/cloudflared/config
readOnly: true
- name: creds
mountPath: /etc/cloudflared/creds
readOnly: true
resources:
requests:
cpu: 20m
memory: 50Mi
limits:
cpu: 100m
memory: 250Mi
volumes:
- name: creds
secret:
secretName: cloudflared-tunnel-credentials
- name: config
configMap:
name: cloudflared
items:
- key: config.yaml
path: config.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: cloudflared
data:
config.yaml: |
tunnel: steiger-dev-tools
credentials-file: /etc/cloudflared/creds/credentials.json
metrics: 0.0.0.0:2000
no-autoupdate: true
ingress:
- hostname: tunnel.steiger.team
service: hello_world
- service: http_status:404
2. Expected results & actual results? What did you expect to happen and what is actually happening?
I was expecting to be able to access the hello_world example app by opening the CNAME record in the browser but it fails to connect entirely.
Running nc -zv <my.domain> 80 (or 443 or 45857 - the port of the hello world app according to the logs) all return Protocol not available
3. Steps you’ve take to fix it. What CommunityTips, ExpertTips, videos, directions, instructions, and advice you’ve followed to try & fix the issue?
- I followed the tutorial precisely
- I searched the net and this forum for answers but to no avail
- I tried
nslookup for the <uuid>.cfargotunnel.comdomain which did not return a result, butdigdid - I changed my local DNS server to 1.1.1.1 just to be sure
- I tried to netcat the domains (see above)
- I turned on debug logging on cloudflared to see if sth comes up
- to see if anything is listening at all I did an
nmap -6Pn <uuid>.cfargotunnel.comwhich returned
Starting Nmap 7.92 ( https://nmap.org ) at 2023-02-16 10:49 CET
Nmap scan report for cd3d9dc5-47f6-46a4-ac64-935ba5d97a50.cfargotunnel.com (fd10:aec2:5dae::)
Host is up.
All 1000 scanned ports on cd3d9dc5-47f6-46a4-ac64-935ba5d97a50.cfargotunnel.com (fd10:aec2:5dae::) are in ignored states.
Not shown: 1000 filtered tcp ports (no-response)
Nmap done: 1 IP address (1 host up) scanned in 403.18 seconds
4. Screen shot of the problem.
please see above
5. Specific error message & error code/number you’re seeing.
please see above
6. If you contact Cloudflare Customer Support, please share the ticket number, we’ll share details from your Community post with Support.
I did not contact support
Any help would be greatly appreciated as I’m at my wits end. Thanks!
the