revise overview

ranbel · ranbel · commit 571cb50b4a06 · 2025-06-13T15:57:27.000-04:00
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/kubernetes.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/kubernetes.mdx
@@ -7,22 +7,39 @@ sidebar:
 
 [Kubernetes](https://kubernetes.io/) is a container orchestration tool that helps deploy applications onto physical or virtual machines, scale the deployment to meet traffic demands, and push updates without downtime. The Kubernetes cluster, or environment, where the application instances are running is connected internally through a private network. You can install the `cloudflared` daemon inside of the Kubernetes cluster in order to connect applications inside of the cluster to Cloudflare.
 
+This tutorial will cover how to expose a Kubernetes service to the public Internet using `cloudflared`. For the purposes of this example, we will deploy a basic web application alongside `cloudflared` in Google Kubernetes Engine (GKE). The same principles apply to any other Kubernetes environment (such as `minikube`, `kubeadm`, or a cloud-based Kubernetes service) where `cloudflared` can connect to Cloudflare's network.
+
+## Architecture
+
 ![placeholder](~/assets/images/cloudflare-one/connections/connect-apps/handshake.jpg)
 
-As shown in the diagram, we recommend setting up `cloudflared` as an adjacent deployment to the application deployments. Having a separate deployment for `cloudflared` allows you to scale `cloudflared` up or down independently of the application. When incoming traffic increases, Kubernetes can spin up [multiple replicas](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/) of `cloudflared` running the same Cloudflare Tunnel. Each `cloudflared` replica / pod can reach all Kubernetes services in the cluster -- there is no need to build a dedicated tunnel for each service.
+As shown in the diagram, we recommend setting up `cloudflared` as an adjacent deployment to the application deployments. Having a separate Kubernetes deployment for `cloudflared` allows you to scale `cloudflared` independently of the application. In the `cloudflared` deployment, you can spin up [multiple replicas](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/) running the same Cloudflare Tunnel -- there is no need to build a dedicated tunnel for each pod. Each `cloudflared` replica / pod can reach all Kubernetes services in the cluster.
 
-Once the cluster is connected to Cloudflare, you can configure Cloudflare Zero Trust to control how `cloudflared` will proxy traffic to services within the cluster. For example, you may wish to publish certain Kubernetes application to the Internet and restrict other applications to internal WARP client users.
+:::note
+We do not recommend using `cloudflared` in autoscaling setups because downscaling (removing replicas) will break any existing user connections to that replica. Additionally, `cloudflared` does not load balance across replicas; replicas are strictly for high availability. To load balance traffic to your nodes, you can use [Cloudflare Load Balancer](/load-balancing/private-network/) or a third-party load balancer.
+:::
 
-This tutorial will cover how to expose a Kubernetes service to the public Internet using `cloudflared`. For the purposes of this example, we will deploy a basic web application alongside `cloudflared` in Google Kubernetes Engine (GKE). The same principles apply to any other Kubernetes environment (such as `minikube`, `kubeadm`, or a cloud-based Kubernetes service) where `cloudflared` can connect to Cloudflare's network.
+Once the cluster is connected to Cloudflare, you can configure Cloudflare Tunnel routes to control how `cloudflared` will proxy traffic to services within the cluster. For example, you may wish to publish certain Kubernetes application to the Internet and restrict other applications to internal WARP client users.
+
+## Prerequisites
+
+## 1. Create a GKE cluster
+
+
+- Install the [gcloud CLI](https://cloud.google.com/sdk/docs/install) and [kubectl CLI](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl).
+- In the GCP console create a new Kubernetes cluster.
+- In order to connect to the cluster, select the three dots and then connect from the drop down.
+- Copy the command that appears and paste it into your local terminal.
+
+
+## Set up the web app
 
 ## Create a tunnel
 
 Applications must be packaged into a containerized image, such as a Docker image, before you can run it in Kubernetes. Kubernetes uses the image to spin up multiple instances of the application.
 
 ## Store the tunnel token
 
-## Set up the web app
-
 ## Install and run the tunnel
 
 ## Verify tunnel status
@@ -33,16 +50,6 @@ Applications must be packaged into a containerized image, such as a Docker image
 
 
 
-## Creating the Kubernetes Cluster
-
-This guide will use a Google managed Kubernetes GKE.
-To get started, perform the following steps:
-
-- Install the [gcloud CLI](https://cloud.google.com/sdk/docs/install) and [kubectl CLI](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl).
-- In the GCP console create a new Kubernetes cluster.
-- In order to connect to the cluster, select the three dots and then connect from the drop down.
-- Copy the command that appears and paste it into your local terminal.
-
 ## Creating the Pods
 
 A pod is the basic deployable object that Kubernetes creates. It represents an instance of a running process in the cluster. The following .yml file ( httpbin-app.yml) will create a pod that contains the httpbin application. It will create two replicas so as to prevent any downtime. The application will be accessible inside the cluster at web-service:80.
