Add cloudflared tunnel ready command

[firecow]

This would make it possible to have a Docker image without wget and curl, and still make docker healthchecking in docker possible

closes #1126

[firecow]

@jlaffaye I there anything I can do to fast-track the PR somehow ?

[firecow]

@felipelima-circle

Am I to understand that the /healthcheck "just" returns the string "ok"?
It makes no checking that the tunnels are actually healthy?

If that is a correct assumption, I would much rather use /ready

It at least checks that ready connections are above 0

I've renamed the sub command to cloudflared tunnel ready to avoid confusion about what this command actually does.

[felipelima-circle]

@firecow That makes sense. 👍🏻

[CodaBool]

A merge of master into your branch may be in order because I was getting an error about "UDP Buffer Sizes" that forced me to merge in master. Which resolved it. But past that this seems to work fine on a quick test.

I stood up a separate service at port 8081 to make a cloudflare tunnel with. Then wrote a docker healthcheck into a docker-compose.yml. Which had my local IP there:

healthcheck:
  test: tunnel --metrics 192.168.0.15:8081 ready || exit 1

Which worked great. The timeout was a little high at 30 seconds but it's fine.

[firecow]

A merge of master into your branch may be in order because I was getting an error about "UDP Buffer Sizes" that forced me to merge in master. Which resolved it. But past that this seems to work fine on a quick test.

I stood up a separate service at port 8081 to make a cloudflare tunnel with. Then wrote a docker healthcheck into a docker-compose.yml. Which had my local IP there:

healthcheck:
  test: tunnel --metrics 192.168.0.15:8081 ready || exit 1

Which worked great. The timeout was a little high at 30 seconds but it's fine.

Master has been merged.

[kamaradski]

I'm really waiting for this, as in AWS ECS I can also not get the workaround #1126 working at all. If something breaks our tunnels are currently just hanging. not ideal.

[firecow]

@DevinCarr or @jcsf One of you guys, wanna give this PR some ❤️ ?

[firecow]

@chungthuang, @DevinCarr and @jcsf I've synced the fork

[huyz]

Can anyone push this further along?

[huyz]

What would be the use case of the old /heathcheck endpoint, if any?

[huyz]

Is there a docker image for this, while we wait for an official merge?

[firecow]

@huyz I've just synced the fork. But we need some maintainer or developer to approve the test runs, and eventually merge the change into master.

[firecow]

~/workspace/firecow-cloudflared-fork$ make cloudflared && ./cloudflared tunnel --metrics 127.0.0.1:40026 ready; echo $?
GOOS=linux GOARCH=amd64  go build -mod=vendor  -ldflags='-X "main.Version=c39f0ae3" -X "main.BuildTime=2024-11-14-1739 UTC" ' github.com/cloudflare/cloudflared/cmd/cloudflared
Get "http://127.0.0.1:40026/ready": dial tcp 127.0.0.1:40026: connect: connection refused
1
~/workspace/firecow-cloudflared-fork$ make cloudflared && ./cloudflared tunnel --metrics 127.0.0.1:40027 ready; echo $?
GOOS=linux GOARCH=amd64  go build -mod=vendor  -ldflags='-X "main.Version=c39f0ae3" -X "main.BuildTime=2024-11-14-1739 UTC" ' github.com/cloudflare/cloudflared/cmd/cloudflared
0

Just leaving this here for reference.

It seems like the feature is doing what it is supposed to do.

[huyz]

For a noob, can someone give the exact syntax to put in docker-compose.yml to make this healthcheck work out of the box?

[IngmarStein]

@huyz here's what I use:

    environment:
      - TUNNEL_TOKEN=${TUNNEL_TOKEN}
      - TUNNEL_METRICS=0.0.0.0:60123
    healthcheck:
      test: ["CMD", "cloudflared", "tunnel", "--metrics", "localhost:60123", "ready"]
      interval: 30s
      timeout: 30s
      retries: 3

[Letgamer]

As this feature is now merged I propose to add the Healthcheck directly into the Dockerfile so that it works automatically and doesn't have to be configured in a docker-compose.yaml file.
@firecow Maybe this is not possible because of the --metrics requirement?