viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cloudflared: disable in-place autoupdate (--no-autoupdate)

Browse source 
Viktor asked to root-cause the frequent t3 code disconnects and rule
infra in or out. The tunnel pods ran bare 'cloudflared tunnel run':
every Cloudflare release made the binary self-update and exit (code 11),
restarting all 3 pods and severing every WebSocket riding the tunnel —
one of the confirmed infra-side drop causes (pods cycled 2026-06-09
20:55/21:00 and 2026-06-10 02:31). Updates belong to pod image rollouts,
not in-place binary swaps.
This commit is contained in:
Viktor Barzin 2026-06-10 21:00:05 +00:00
parent ac6f19dd3b
commit d5fdc7ffe9
2 changed files with 8 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/architecture/networking.md
View file

@ -351,7 +351,7 @@ Containerd on all K8s nodes uses `hosts.toml` to redirect pulls to the local cac
| CrowdSec | `stacks/platform/` (sub-module) | Helm release, LAPI + bouncer |
| Authentik | `stacks/authentik/` | Helm release, ingress, OIDC configs |
| MetalLB | `stacks/platform/` (sub-module) | Helm release, IPAddressPool |
| Cloudflared | `stacks/cloudflared/` | Deployment (3 replicas), tunnel config |
| Cloudflared | `stacks/cloudflared/` | Deployment (3 replicas), tunnel config; runs `--no-autoupdate` (in-place self-updates exited the pods and severed all tunnel WebSockets, 2026-06-09/10) |
| ingress_factory | `modules/ingress_factory/` | IngressRoute + middleware chain |
### Key Configuration Files