Skip to content

💡Native Kubernetes API / Service Registration Support for Cloudflare Tunnel #1607

New issue
New issue
Open
#1608
Open
💡Native Kubernetes API / Service Registration Support for Cloudflare Tunnel#1607
#1608
Labels
Priority: NormalMinor issue impacting one or more usersType: Feature RequestA big idea that would be split into smaller pieces
@emamihe

Description

@emamihe
emamihe
opened on Mar 6, 2026

Describe the feature you’d like
I would like cloudflared to support native Kubernetes API or service registration so that private Kubernetes endpoints can be accessed securely through Cloudflare Tunnel without manual configuration.

Currently, if a Kubernetes cluster is running in a private network (for example, a private VPC or internal datacenter), exposing the Kubernetes API or internal services through cloudflared requires manually defining ingress rules or specific service endpoints.

It would be very useful if cloudflared could support a Kubernetes-aware integration that allows it to automatically register and expose Kubernetes API endpoints or services through the tunnel. For example:
• Detect Kubernetes clusters or services from within the network
• Automatically register the Kubernetes API endpoint with the tunnel
• Allow secure kubectl access through the Cloudflare tunnel
• Potentially integrate with Kubernetes authentication mechanisms

This would simplify access to private Kubernetes clusters without exposing them to the public internet or maintaining custom networking setups.

Describe alternatives you’ve considered
Currently, the main alternatives are:
1. Manual ingress configuration in cloudflared
Configure the Kubernetes API or services manually in the tunnel configuration file and route them through the tunnel.
This works but becomes harder to manage across multiple clusters or environments.
2. Running cloudflared as a sidecar or deployment in Kubernetes
This allows exposing services but still requires manual configuration of each endpoint.
3. VPN or private networking solutions
Tools like WireGuard, Tailscale, or private VPC peering can provide access to Kubernetes APIs, but they introduce additional networking layers that Cloudflare Tunnel could potentially replace.
4. Cloudflare Access for kubectl
This can protect access to the Kubernetes API but still requires manual tunnel setup and configuration.

Additional context
A Kubernetes-native integration (for example, a cloudflared Kubernetes operator or automatic service discovery) would make Cloudflare Tunnel significantly easier to use for private Kubernetes clusters.

Possible ideas could include:
• Automatic Kubernetes API discovery
• Kubernetes CRDs to manage tunnel exposure
• Native support for exposing Kubernetes services via tunnel
• Automatic generation of kubectl endpoints through Cloudflare Access

This would make Cloudflare Tunnel much more powerful for Kubernetes-based infrastructures where clusters are intentionally kept private.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Priority: NormalMinor issue impacting one or more usersType: Feature RequestA big idea that would be split into smaller pieces

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions