Direct IP
Point your domain’s DNS at your worker nodes. Full control over routing and TLS.
Cloudflare Tunnel
Route through Cloudflare’s network. No public IPs or firewall rules needed.
Comparison
| Direct IP | Cloudflare Tunnel | Preview Domains | |
|---|---|---|---|
| Public IP required | Yes | No | No |
| DNS setup | You manage A records | You set a CNAME | Automatic |
| TLS | Bring your own | Cloudflare Edge | Automatic |
| Best for | Full control, existing infrastructure | Production custom domains without public IPs | Development, demos, quick sharing |
| Traffic path | DNS → Worker node → App | DNS → Cloudflare Edge → Tunnel → App | DNS → Cloudflare Edge → Tunnel → App |
How routing works
All three options use resources on the cluster. When you expose a hostname, an HTTPRoute is created that defines the routing rule. A controller on the cluster detects the route and configures the appropriate gateway — whether that’s a Cloudflare Tunnel or a direct IP gateway like Cilium. Because routing is defined through standard Kubernetes resources, it works with GitOps tools like Flux and ArgoCD, custom Helm charts, andkubectl apply.
For apps deployed from Docker images or GitHub repositories, CNAP automates the routing setup — toggle Expose externally on a port, enter a hostname, and the generic application chart creates the HTTPRoute for you. Apps deployed from custom Helm charts can create HTTPRoutes through the chart’s own values.
Related topics
- Generic application chart → — How CNAP packages and deploys applications
- Import a cluster → — Connect your existing Kubernetes cluster
- Regions → — Organize clusters for customer selection