From 909e8459e337aca9218518800fa89e4211bae547 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Wed, 16 Apr 2025 22:55:22 -0400 Subject: [PATCH 1/6] create tunnel using Terraform --- .../get-started/create-remote-tunnel-api.mdx | 44 +-------- .../connect-private-network/cloudflared.mdx | 95 ++++++++++++++++++- .../tunnel/install-and-run-tunnel.mdx | 50 ++++++++++ 3 files changed, 145 insertions(+), 44 deletions(-) create mode 100644 src/content/partials/cloudflare-one/tunnel/install-and-run-tunnel.mdx diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel-api.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel-api.mdx index 31224cab5a3ed31..86217418da00911 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel-api.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel-api.mdx @@ -142,49 +142,7 @@ To configure Zero Trust policies and connect as a user, refer to [Connect privat Install `cloudflared` on your server and run the tunnel using the `token` value obtained in [2. Create a tunnel](#2-create-a-tunnel). You can also get the tunnel token using the [Cloudflare Tunnel token](/api/resources/zero_trust/subresources/tunnels/subresources/cloudflared/subresources/token/methods/get/) endpoint. - - -1. [Download and install](https://pkg.cloudflare.com/index.html) `cloudflared`. - -2. Run the following command: - - ```sh - sudo cloudflared service install - ``` - - - -1. [Download and install](/cloudflare-one/connections/connect-networks/downloads/#windows) `cloudflared`. - -2. Open Command Prompt as administrator. - -3. Run the following command: - - ```txt - cloudflared.exe service install - ``` - - - -1. [Download and install](/cloudflare-one/connections/connect-networks/downloads/#macos) `cloudflared`. - -2. Run the following command: - - ```sh - sudo cloudflared service install - ``` - - - -1. Open a terminal window. - -2. Run the following command: - - ```sh - docker run cloudflare/cloudflared:latest tunnel --no-autoupdate run --token - ``` - - + ## 5. Verify tunnel status diff --git a/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx b/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx index bac9206fcc7e33c..28b776bba8c04ba 100644 --- a/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx +++ b/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx @@ -6,7 +6,7 @@ sidebar: --- -import { Render } from "~/components" +import { Render, Tabs, TabItem, Details } from "~/components" Cloudflare Tunnel is an outbound-only daemon service that can run on nearly any host machine and proxies local traffic once validated from the Cloudflare network. User traffic initiated from the WARP endpoint client onramps to Cloudflare, passes down your Cloudflare Tunnel connections, and terminates automatically in your local network. Traffic reaching your internal applications or services will carry the local source IP address of the host machine running the `cloudflared` daemon. @@ -14,12 +14,105 @@ Cloudflare Tunnel is an outbound-only daemon service that can run on nearly any To connect your private network: + + + + 9. In the **Private Networks** tab, enter the CIDR of your private network (for example, `10.0.0.0/8`). 10. Select **Save tunnel**. + + + +1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token): + - `Cloudflare Tunnel Write` + +2. Generate a secret for the tunnel using Terraform's [`random` provider](https://registry.terraform.io/providers/hashicorp/random/latest/docs): + + ```tf + resource "random_bytes" "tunnel_secret" { + length = 64 + } + ``` + +3. Create a tunnel using the [`cloudflare_zero_trust_tunnel_cloudflare`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_tunnel_cloudflared) resource. + + ```tf + resource "cloudflare_zero_trust_tunnel_cloudflared" "example_tunnel" { + account_id = var.cloudflare_account_id + name = "Example tunnel" + tunnel_secret = random_bytes.tunnel_secret.base64 + config_src = "cloudflare" + } + ``` + +4. Route the CIDR of your private network through the tunnel using the [`cloudflare_zero_trust_tunnel_cloudflared_route`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_tunnel_cloudflared_route) resource: + + ```tf + resource "cloudflare_zero_trust_tunnel_cloudflared_route" "example_tunnel_route" { + account_id = var.cloudflare_account_id + tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.example_tunnel.id + network = "10.0.0.0/8" + comment = "Example tunnel route" + } + ``` + +5. Get the [token](/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions/) used to run the tunnel: + + ```tf + data "cloudflare_zero_trust_tunnel_cloudflared_token" "tunnel_token" { + account_id = var.cloudflare_account_id + tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.example_tunnel.id + } + ``` + + If your host machine is not managed in Terraform or you want to install the tunnel manually, you can output the token value to the CLI. +
+ 1. Output the tunnel token to the Terraform state file: + ```tf + output "tunnel_token" { + value = data.cloudflare_zero_trust_tunnel_cloudflared_token.tunnel_token.token + sensitive = true + } + ``` + 2. Apply the configuration: + ```sh + terraform apply + ``` + 3. Read the tunnel token: + ```sh + terraform output -raw tunnel_token + ``` + ```sh output + eyJhIj... + ``` + +
+ + Alternatively, pass `data.cloudflare_zero_trust_tunnel_cloudflared_token.tunnel_token.token` directly into your host's Terraform configuration or store the token in your secret management tool. + +
+ ```tf + resource "vault_generic_secret" "tunnel_token" { + path = "kv/cloudflare/tunnel_token" + + data_json = jsonencode({ + "TUNNEL_TOKEN" = data.cloudflare_zero_trust_tunnel_cloudflared_token.tunnel_token.token + }) + } + ``` +
+ +6. Install `cloudflared` on a host machine in your private network and run the tunnel: + + + + + + All internal applications and services in this IP range are now connected to Cloudflare. :::note diff --git a/src/content/partials/cloudflare-one/tunnel/install-and-run-tunnel.mdx b/src/content/partials/cloudflare-one/tunnel/install-and-run-tunnel.mdx new file mode 100644 index 000000000000000..a6946c361002dc3 --- /dev/null +++ b/src/content/partials/cloudflare-one/tunnel/install-and-run-tunnel.mdx @@ -0,0 +1,50 @@ +--- +{} + +--- + +import { Tabs, TabItem } from "~/components"; + + + +1. [Download and install](https://pkg.cloudflare.com/index.html) `cloudflared`. + +2. Run the following command: + + ```sh + sudo cloudflared service install + ``` + + + +1. [Download and install](/cloudflare-one/connections/connect-networks/downloads/#windows) `cloudflared`. + +2. Open Command Prompt as administrator. + +3. Run the following command: + + ```txt + cloudflared.exe service install + ``` + + + +1. [Download and install](/cloudflare-one/connections/connect-networks/downloads/#macos) `cloudflared`. + +2. Open a terminal window and run the following command: + + ```sh + sudo cloudflared service install + ``` + + + +1. Open a terminal window. + +2. Run the following command: + + ```sh + docker run cloudflare/cloudflared:latest tunnel --no-autoupdate run --token + ``` + + \ No newline at end of file From e0b1e59e3862968153e6e7a3e3a5c3ba28ef41bd Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Wed, 16 Apr 2025 23:09:29 -0400 Subject: [PATCH 2/6] fix components --- .../connect-networks/get-started/create-remote-tunnel-api.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel-api.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel-api.mdx index 86217418da00911..7f07697ce9e311c 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel-api.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel-api.mdx @@ -5,7 +5,7 @@ sidebar: order: 2 --- -import { Tabs, TabItem } from "~/components"; +import { Render } from "~/components"; Follow this guide to set up a Cloudflare Tunnel using the API. From 18a0c3d6a7bdfe682ac7ffbf29d0e40c4d28f7aa Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Fri, 18 Apr 2025 17:49:00 -0400 Subject: [PATCH 3/6] move tunnel token steps to partial --- .../remote-tunnel-permissions.mdx | 7 +++ .../connect-private-network/cloudflared.mdx | 47 +---------------- .../terraform/get-tunnel-token.mdx | 50 +++++++++++++++++++ 3 files changed, 59 insertions(+), 45 deletions(-) create mode 100644 src/content/partials/cloudflare-one/terraform/get-tunnel-token.mdx diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions.mdx index a94b5d28e07ba95..35150010feaba53 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions.mdx @@ -35,6 +35,13 @@ Make a `GET` request to the [Cloudflare Tunnel token](/api/resources/zero_trust/ ``` + + + + + + + ## Rotate a token without service disruption diff --git a/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx b/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx index 28b776bba8c04ba..940b23be1c657d0 100644 --- a/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx +++ b/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx @@ -6,7 +6,7 @@ sidebar: --- -import { Render, Tabs, TabItem, Details } from "~/components" +import { Render, Tabs, TabItem } from "~/components" Cloudflare Tunnel is an outbound-only daemon service that can run on nearly any host machine and proxies local traffic once validated from the Cloudflare network. User traffic initiated from the WARP endpoint client onramps to Cloudflare, passes down your Cloudflare Tunnel connections, and terminates automatically in your local network. Traffic reaching your internal applications or services will carry the local source IP address of the host machine running the `cloudflared` daemon. @@ -61,50 +61,7 @@ To connect your private network: ``` 5. Get the [token](/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions/) used to run the tunnel: - - ```tf - data "cloudflare_zero_trust_tunnel_cloudflared_token" "tunnel_token" { - account_id = var.cloudflare_account_id - tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.example_tunnel.id - } - ``` - - If your host machine is not managed in Terraform or you want to install the tunnel manually, you can output the token value to the CLI. -
- 1. Output the tunnel token to the Terraform state file: - ```tf - output "tunnel_token" { - value = data.cloudflare_zero_trust_tunnel_cloudflared_token.tunnel_token.token - sensitive = true - } - ``` - 2. Apply the configuration: - ```sh - terraform apply - ``` - 3. Read the tunnel token: - ```sh - terraform output -raw tunnel_token - ``` - ```sh output - eyJhIj... - ``` - -
- - Alternatively, pass `data.cloudflare_zero_trust_tunnel_cloudflared_token.tunnel_token.token` directly into your host's Terraform configuration or store the token in your secret management tool. - -
- ```tf - resource "vault_generic_secret" "tunnel_token" { - path = "kv/cloudflare/tunnel_token" - - data_json = jsonencode({ - "TUNNEL_TOKEN" = data.cloudflare_zero_trust_tunnel_cloudflared_token.tunnel_token.token - }) - } - ``` -
+ 6. Install `cloudflared` on a host machine in your private network and run the tunnel: diff --git a/src/content/partials/cloudflare-one/terraform/get-tunnel-token.mdx b/src/content/partials/cloudflare-one/terraform/get-tunnel-token.mdx new file mode 100644 index 000000000000000..ce792ad1678487f --- /dev/null +++ b/src/content/partials/cloudflare-one/terraform/get-tunnel-token.mdx @@ -0,0 +1,50 @@ +--- +{} + +--- + +import { Details } from "~/components" + + ```tf + data "cloudflare_zero_trust_tunnel_cloudflared_token" "tunnel_token" { + account_id = var.cloudflare_account_id + tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.example_tunnel.id + } + ``` + + If your host machine is not managed in Terraform or you want to install the tunnel manually, you can output the token value to the CLI. +
+ 1. Output the tunnel token to the Terraform state file: + ```tf + output "tunnel_token" { + value = data.cloudflare_zero_trust_tunnel_cloudflared_token.tunnel_token.token + sensitive = true + } + ``` +2. Apply the configuration: + ```sh + terraform apply + ``` +3. Read the tunnel token: + ```sh + terraform output -raw tunnel_token + ``` + ```sh output + eyJhIj... + ``` + +
+ + Alternatively, pass `data.cloudflare_zero_trust_tunnel_cloudflared_token.tunnel_token.token` directly into your host's Terraform configuration or store the token in your secret management tool. + +
+ ```tf + resource "vault_generic_secret" "tunnel_token" { + path = "kv/cloudflare/tunnel_token" + + data_json = jsonencode({ + "TUNNEL_TOKEN" = data.cloudflare_zero_trust_tunnel_cloudflared_token.tunnel_token.token + }) + } + ``` +
From 51728a960de86eb83b822ce0713e5daf42b8c236 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Fri, 18 Apr 2025 18:07:10 -0400 Subject: [PATCH 4/6] configure virtual networks --- .../remote-tunnel-permissions.mdx | 2 +- .../cloudflared/tunnel-virtual-networks.mdx | 92 ++++++++++++++++--- 2 files changed, 82 insertions(+), 12 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions.mdx index 35150010feaba53..5a44a4cfd206284 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions.mdx @@ -9,7 +9,7 @@ import { TabItem, Tabs, Render } from "~/components"; A remotely-managed tunnel only requires the tunnel token to run. Anyone with access to the token will be able to run the tunnel. -## View the tunnel token +## Get the tunnel token To get the token for a remotely-managed tunnel: diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks.mdx index e39ef7ebcc16567..2f42739929920dc 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks.mdx @@ -46,7 +46,7 @@ Here are a few scenarios where virtual networks may prove useful: The following example demonstrates how to add two overlapping IP routes to Cloudflare (`10.128.0.1/32` staging and `10.128.0.1/32` production). - + To route overlapping IPs over virtual networks: 1. First, create two unique virtual networks: @@ -67,10 +67,81 @@ The following example demonstrates how to add two overlapping IP routes to Cloud We now have two overlapping IP addresses routed over `staging-vnet` and `production-vnet` respectively. You can use the Cloudflare WARP client to [switch between virtual networks](#connect-to-a-virtual-network). - + - - To route overlapping IPs over virtual networks: + + To route overlapping IPs over virtual networks: + 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token): + - `Cloudflare Tunnel Write` + + 2. Create two unique virtual networks: + ```tf + resource "cloudflare_zero_trust_tunnel_cloudflared_virtual_network" "staging_vnet" { + account_id = var.cloudflare_account_id + name = "staging-vnet" + comment = "Staging virtual network" + is_default = false + } + + resource "cloudflare_zero_trust_tunnel_cloudflared_virtual_network" "production_vnet" { + account_id = var.cloudflare_account_id + name = "production-vnet" + comment = "Production virtual network" + is_default = false + } + ``` + + 3. Create a Cloudflare Tunnel for each private network: + ```tf + resource "random_bytes" "staging_tunnel_secret" { + length = 64 + } + + resource "cloudflare_zero_trust_tunnel_cloudflared" "staging_tunnel" { + account_id = var.cloudflare_account_id + name = "Staging tunnel" + tunnel_secret = random_bytes.staging_tunnel_secret.base64 + config_src = "cloudflare" + } + + resource "random_bytes" "production_tunnel_secret" { + length = 64 + } + + resource "cloudflare_zero_trust_tunnel_cloudflared" "production_tunnel" { + account_id = var.cloudflare_account_id + name = "Production tunnel" + tunnel_secret = random_bytes.production_tunnel_secret.base64 + config_src = "cloudflare" + } + ``` + + 4. Route `10.128.0.1/32` through `Staging tunnel` and assign it to `staging-vnet`. Route `10.128.0.1/32` through `Production tunnel` and assign it to `production-vnet`. + + ```tf + resource "cloudflare_zero_trust_tunnel_cloudflared_route" "staging_tunnel_route" { + account_id = var.cloudflare_account_id + tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.staging_tunnel.id + network = "10.128.0.1/32" + comment = "Staging tunnel route" + virtual_network_id = cloudflare_zero_trust_tunnel_cloudflared_virtual_network.staging_vnet.id + } + + resource "cloudflare_zero_trust_tunnel_cloudflared_route" "production_tunnel_route" { + account_id = var.cloudflare_account_id + tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.production_tunnel.id + network = "10.128.0.1/32" + comment = "Production tunnel route" + virtual_network_id = cloudflare_zero_trust_tunnel_cloudflared_virtual_network.production_vnet.id + } + ``` + 5. [Get the token](/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions/#get-the-tunnel-token) for each tunnel. + + 6. Using the tunnel tokens, run `Staging tunnel` in your staging environment and run `Production tunnel` in your production environment. Refer to [Install and run the tunnel](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel-api/#4-install-and-run-the-tunnel). + + + + To route overlapping IPs over virtual networks for [locally-managed tunnels](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/): 1. Create a tunnel for each private network: @@ -113,10 +184,9 @@ The following example demonstrates how to add two overlapping IP routes to Cloud cloudflared tunnel vnet list ``` - {/* Commenting out notes within tabs for now :::note[Default virtual network] All accounts come pre-configured with a virtual network named `default`. You can choose a new default by typing `cloudflared tunnel vnet update --default `. - ::: */} + ::: 4. Configure your tunnels with the IP/CIDR range of your private networks, and assign the tunnels to their respective virtual networks. @@ -162,7 +232,7 @@ The following example demonstrates how to add two overlapping IP routes to Cloud ## Delete a virtual network - + To delete a virtual network: 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Networks** > **Tunnels** and ensure that no IP routes are assigned to the virtual network you are trying to delete. If your virtual network is in use, delete the route or reassign it to a different virtual network. @@ -175,10 +245,10 @@ The following example demonstrates how to add two overlapping IP routes to Cloud You can optionally delete the tunnel associated with your virtual network. - + - - To delete a virtual network: + + To delete a virtual network for [locally-managed tunnels](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/): 1. Delete all IP routes in the virtual network. For example, @@ -200,7 +270,7 @@ The following example demonstrates how to add two overlapping IP routes to Cloud You can verify that the virtual network was successfully deleted by typing `cloudflared tunnel vnet list`. - + ## Connect to a virtual network From d603c3a52ee92d90c07bb561161f57426cf44e1c Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Mon, 21 Apr 2025 15:22:09 -0400 Subject: [PATCH 5/6] no longer need to input tunnel_secret in v5 --- .../connect-networks/deployment-guides/ansible.mdx | 5 ----- .../connect-networks/deployment-guides/terraform.mdx | 5 ----- .../cloudflared/tunnel-virtual-networks.mdx | 10 ---------- .../connect-private-network/cloudflared.mdx | 11 +---------- .../cloudflare-one/terraform/providers-v5.mdx | 3 --- 5 files changed, 1 insertion(+), 33 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/ansible.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/ansible.mdx index 4befcab7a328300..4c8e50e32b3981c 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/ansible.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/ansible.mdx @@ -90,16 +90,11 @@ The following configuration will modify settings in your Cloudflare account. ```tf - # Generates a 32-byte secret for the tunnel. - resource "random_bytes" "tunnel_secret" { - byte_length = 32 - } # Creates a new remotely-managed tunnel for the GCP VM. resource "cloudflare_zero_trust_tunnel_cloudflared" "gcp_tunnel" { account_id = var.cloudflare_account_id name = "Ansible GCP tunnel" - tunnel_secret = random_bytes.tunnel_secret.base64 } # Reads the token used to run the tunnel on the server. diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/terraform.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/terraform.mdx index 7c84db7ea7877f3..cc6b62efb4081e7 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/terraform.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/terraform.mdx @@ -133,16 +133,11 @@ The following configuration will modify settings in your Cloudflare account. ```tf - # Generates a 32-byte secret for the tunnel. - resource "random_bytes" "tunnel_secret" { - byte_length = 32 - } # Creates a new remotely-managed tunnel for the GCP VM. resource "cloudflare_zero_trust_tunnel_cloudflared" "gcp_tunnel" { account_id = var.cloudflare_account_id name = "Terraform GCP tunnel" - tunnel_secret = random_bytes.tunnel_secret.base64 } # Reads the token used to run the tunnel on the server. diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks.mdx index 2f42739929920dc..d0fd5414cb44bc9 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks.mdx @@ -93,25 +93,15 @@ The following example demonstrates how to add two overlapping IP routes to Cloud 3. Create a Cloudflare Tunnel for each private network: ```tf - resource "random_bytes" "staging_tunnel_secret" { - length = 64 - } - resource "cloudflare_zero_trust_tunnel_cloudflared" "staging_tunnel" { account_id = var.cloudflare_account_id name = "Staging tunnel" - tunnel_secret = random_bytes.staging_tunnel_secret.base64 config_src = "cloudflare" } - resource "random_bytes" "production_tunnel_secret" { - length = 64 - } - resource "cloudflare_zero_trust_tunnel_cloudflared" "production_tunnel" { account_id = var.cloudflare_account_id name = "Production tunnel" - tunnel_secret = random_bytes.production_tunnel_secret.base64 config_src = "cloudflare" } ``` diff --git a/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx b/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx index 940b23be1c657d0..7b9db8bbfd047ab 100644 --- a/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx +++ b/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx @@ -30,21 +30,12 @@ To connect your private network: 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token): - `Cloudflare Tunnel Write` -2. Generate a secret for the tunnel using Terraform's [`random` provider](https://registry.terraform.io/providers/hashicorp/random/latest/docs): - - ```tf - resource "random_bytes" "tunnel_secret" { - length = 64 - } - ``` - -3. Create a tunnel using the [`cloudflare_zero_trust_tunnel_cloudflare`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_tunnel_cloudflared) resource. +2. Create a tunnel using the [`cloudflare_zero_trust_tunnel_cloudflare`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_tunnel_cloudflared) resource. ```tf resource "cloudflare_zero_trust_tunnel_cloudflared" "example_tunnel" { account_id = var.cloudflare_account_id name = "Example tunnel" - tunnel_secret = random_bytes.tunnel_secret.base64 config_src = "cloudflare" } ``` diff --git a/src/content/partials/cloudflare-one/terraform/providers-v5.mdx b/src/content/partials/cloudflare-one/terraform/providers-v5.mdx index d8b23438f286a5b..81d52b2e82d2814 100644 --- a/src/content/partials/cloudflare-one/terraform/providers-v5.mdx +++ b/src/content/partials/cloudflare-one/terraform/providers-v5.mdx @@ -12,9 +12,6 @@ terraform { google = { source = "hashicorp/google" } - random = { - source = "hashicorp/random" - } } required_version = ">= 1.2" } From 7853a04567761412a6ed816a4e0978af53adc1c8 Mon Sep 17 00:00:00 2001 From: ranbel <101146722+ranbel@users.noreply.github.com> Date: Tue, 22 Apr 2025 11:09:01 -0400 Subject: [PATCH 6/6] Apply suggestions from code review Co-authored-by: marciocloudflare <83226960+marciocloudflare@users.noreply.github.com> --- .../replace-vpn/connect-private-network/cloudflared.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx b/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx index 7b9db8bbfd047ab..948b6e68733db2b 100644 --- a/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx +++ b/src/content/docs/learning-paths/replace-vpn/connect-private-network/cloudflared.mdx @@ -40,7 +40,7 @@ To connect your private network: } ``` -4. Route the CIDR of your private network through the tunnel using the [`cloudflare_zero_trust_tunnel_cloudflared_route`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_tunnel_cloudflared_route) resource: +3. Route the CIDR of your private network through the tunnel using the [`cloudflare_zero_trust_tunnel_cloudflared_route`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_tunnel_cloudflared_route) resource: ```tf resource "cloudflare_zero_trust_tunnel_cloudflared_route" "example_tunnel_route" { @@ -51,10 +51,10 @@ To connect your private network: } ``` -5. Get the [token](/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions/) used to run the tunnel: +4. Get the [token](/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions/) used to run the tunnel: -6. Install `cloudflared` on a host machine in your private network and run the tunnel: +5. Install `cloudflared` on a host machine in your private network and run the tunnel: