That's really neat. I also had a similar need to dynamically manage DNS Record and decided to create a Kubernetes operator instead to manage it (https://github.com/pier-oliviert/phonebook).

I do like your approach, it's really refreshing. I'd probably want to split the API keys from the rest of the config files.

Great work!

Please explain to me why one would go this route instead of using cloud-flare tunnel, which are way more secure, by not exposing you to the outside?

Cloudflare provides a CLI that is officially supported: https://linuxcommandlibrary.com/man/flarectl

Not sure why they only distribute it as part of their go library but you can execute it by itself.