Cloudflare WARP in a container. SOCKS5/HTTP proxy on port 1080.
ghcr.io/anthaathi/warp-client:latest — multi-arch (linux/amd64, linux/arm64).
Rebuilt nightly at 18:00 UTC via GitHub Actions to stay on the latest cloudflare-warp package.
docker run -d --name warp \
--cap-add NET_ADMIN --cap-add SYS_ADMIN \
--device /dev/net/tun \
-p 1080:1080 \
-v warp-data:/var/lib/cloudflare-warp \
ghcr.io/anthaathi/warp-client:latestTest:
curl --socks5 127.0.0.1:1080 https://cloudflare.com/cdn-cgi/trace | grep warp=
# warp=on| var | default | note |
|---|---|---|
WARP_SLEEP |
2 |
seconds to wait for warp-svc before CLI calls |
WARP_LICENSE_KEY |
— | WARP+ license (optional) |
WARP_FAMILIES_MODE |
off |
off / malware / full |
WARP_PROXY_PORT |
1080 |
SOCKS5/HTTP port |
Minimal Deployment:
apiVersion: apps/v1
kind: Deployment
metadata: { name: warp }
spec:
replicas: 1
selector: { matchLabels: { app: warp } }
template:
metadata: { labels: { app: warp } }
spec:
containers:
- name: warp
image: ghcr.io/anthaathi/warp-client:latest
ports: [{ containerPort: 1080 }]
securityContext:
capabilities: { add: ["NET_ADMIN", "SYS_ADMIN"] }
volumeMounts:
- { name: data, mountPath: /var/lib/cloudflare-warp }
volumes:
- name: data
persistentVolumeClaim: { claimName: warp-data }
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata: { name: warp-data }
spec:
accessModes: ["ReadWriteOnce"]
resources: { requests: { storage: 128Mi } }
---
apiVersion: v1
kind: Service
metadata: { name: warp }
spec:
selector: { app: warp }
ports: [{ port: 1080, targetPort: 1080 }]If pod fails with open tun → enable /dev/net/tun device (e.g. smarter-device-manager) or run privileged: true.