cloudflare-ingress-controller icon indicating copy to clipboard operation
cloudflare-ingress-controller copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

Only serve traffic via Cloudflare access

Open tonyxiao opened this issue 7 years ago • 2 comments
trafficstars

Rather than trying to define access policies within argo config itself (https://github.com/cloudflare/cloudflare-ingress-controller/issues/32), would it be possible to at least say that hey this particular service can only be accessed through Cloudflare access, and reject all unauthenticated traffic?

I imagine it's possible to set up a reverse proxy in between argo and the service being served and perform JWT verification (https://developers.cloudflare.com/access/setting-up-access/validate-jwt-tokens/), however that's a bunch of extra work.

tonyxiao avatar Nov 02 '18 21:11 tonyxiao

@tonyxiao feels like a dup or belongs under #32?

mattalberts avatar Nov 02 '18 22:11 mattalberts

@mattalberts i saw #32 and it seems to suggest a greater scope where access policies can be defined via argo config. This issue represents a much smaller scope one of ensuring traffic is going through access, rather than defining the policies. Does that distinction make sense?

tonyxiao avatar Nov 03 '18 06:11 tonyxiao