How to create a Cloudflare Tunnel you can check the Local K3s publish to WWW with Cloudflared tunnel guide. Point it to https://localhost:6443
Create a ServiceAccount token
yaml
1apiVersion: v12kind: ServiceAccount3metadata:4 name: codeforge-sa5 namespace: codelearn6---7apiVersion: rbac.authorization.k8s.io/v18kind: Role9metadata:10 name: codeforge-cs-manager11 namespace: codelearn12rules:13 - apiGroups: [""]14 resources: ["pods", "services", "persistentvolumeclaims"]15 verbs: ["get", "list", "watch", "create", "delete"]16 - apiGroups: [""]17 resources: ["pods/status"]18 verbs: ["get"]19 - apiGroups: ["networking.k8s.io"]20 resources: ["ingresses"]21 verbs: ["get", "list", "create", "delete"]22---23apiVersion: rbac.authorization.k8s.io/v124kind: RoleBinding25metadata:26 name: codeforge-cs-manager-binding27 namespace: codelearn28subjects:29 - kind: ServiceAccount30 name: codeforge-sa31 namespace: codelearn32roleRef:33 kind: Role34 name: codeforge-cs-manager35 apiGroup: rbac.authorization.k8s.ioNow create a long-lived token for the ServiceAccount:
bash
1kubectl -n codelearn create token codeforge-sa --duration=8760hAlternative — non-expiring Secret-bound token (if your cluster supports it):
bash
1apiVersion: v12kind: Secret3metadata:4 name: codeforge-sa-token5 namespace: codelearn6 annotations:7 kubernetes.io/service-account.name: codeforge-sa8type: kubernetes.io/service-account-tokenApply the manifest and get the token value:
bash
1kubectl apply -f - <<EOF2apiVersion: v13kind: Secret4metadata:5 name: codeforge-sa-token6 namespace: codelearn7 annotations:8 kubernetes.io/service-account.name: codeforge-sa9type: kubernetes.io/service-account-token10EOF11
12kubectl -n codelearn get secret codeforge-sa-token -o jsonpath='{.data.token}' | base64 -dVerify API access through the tunnel
bash
1curl -s -H "Authorization: Bearer <TOKEN>" \2 https://k8s.tkweb.site/api/v1/namespaces/codelearn/pods | head -20