Situation: I am using the Cloudflare Tunnel to load-balance a RESTful HTTP server running in Docker containers deployed across several geographically-distributed servers. This service requires 100% uptime across frequent updates.

Problem: I am using a rolling upgrade deployment pattern where new versions of a container are run parallel to old versions and new TCP connections are routed to the new container, leaving the old container to slowly starve until it can be killed. The key word here is “TCP connections.” For performance, Cloudflare Tunnel keeps reusing the same TCP connection, which is problematic because it means the old outdated container will never starve and can never be killed. Note that stopping the old tunnel abruptly is a no-go because that would terminate in-progress HTTP requests to my service.

Question 1: Is there a recommended/encouraged solution to achieve rolling updates with Cloudflare Tunnel running inside a Docker container?

If there is not a recommended/encouraged solution, then I have my own idea but am unsure how to achieve it, yielding Quesiton 2:

Question 2: If Question 1 is “no”, then how do I tell the Cloudflare Tunnel daemon to stop accepting new HTTP requests? And, how do I check/monitor for when the Cloudflare Tunnel daemon is completely drained out?

Many thanks, everyone. I wasn’t able to find any information in the Cloudflare docs about rolling upgrades, so any information/references you could provide would help me a lot.

The only way I’m aware of to drain requests is using Cloudflare’s lodbalancers, so you could create nn origins served by tunnels and drain connections using the LB feature and then update/restart.

Thank you so much for helping steer me on the right track. This is exactly what I was looking for.

Note that cloudflared also has this property: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/arguments/#grace-period

When cloudflared receives a signal to stop, it will stop receiving new connections from Cloudflare edge, and it will (at most) that grace-period time for existing connections to exit. If they do not, then it abruptly ends those by the end of the grace period.

This fits the bill perfectly. I didn’t see this part of the fine print. Thank you so much for bringing this to my attention.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.