Using Cloudflare

You can use Cloudflare for your TLS certificate and the access control of anya.

How to make it more secure

It is strongly recommended to protect your cluster against requests which could bypass the Cloudflare proxy. This can be done by simply using curl: curl --silent --verbose --resolve<your-ip-address> --insecure

You can secure your setup with these options:

IP Whitelisting

JWT Validation

Cloudflare offers the possibility to validate a provided JWT token with a key. Every request will send a JWT token and the receiving application needs to verify the validity of it. So it will be necessary to build a gateway for this. There is also a possibility to use annotations of the nginx plus for this.

Argo Tunnel

Cloudflare provides the possibility to tunnel all requests to the cluster. To make this work, you will need to install a specific cloudflare ingress controller.