chute

Chute

A Kubernetes operator that exposes cluster services to the internet via Cloudflare Tunnels with Cloudflare Access email OTP authentication.

Apply a ChuteInstance and the operator creates the tunnel, DNS record, Access app, and deploys cloudflared — all protected behind email-based one-time PIN login.

How It Works

Internet → Cloudflare Edge → Tunnel → cloudflared pod → K8s Service
                ↑                          (runs in-cluster)
        Access gate (email OTP)

1. You create a ChuteConfig with your Cloudflare credentials
2. You create a ChuteInstance pointing at a Kubernetes Service
3. The operator provisions everything in Cloudflare and deploys cloudflared
4. Your service is live at hostname.yourdomain.com, protected by email OTP

Deleting the ChuteInstance tears down all Cloudflare resources automatically.

Quick Example

apiVersion: chutes.troubleshat.com/v1alpha1
kind: ChuteInstance
metadata:
  name: my-app
spec:
  configRef: default
  hostname: myapp
  service:
    name: my-service
    port: 8080
  access:
    allowedEmails:
      - you@example.com
    sessionDuration: "24h"

This creates myapp.example.com, protected by email OTP — only you@example.com can access it.

Next Steps

• Getting Started — install the operator and expose your first service
• CRD Reference — full field reference for ChuteConfig and ChuteInstance
• Architecture — how the operator works under the hood
• Development — build, test, and contribute