cloudflare-access-controller

module
v2.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2022 License: Apache-2.0

README

Deploy to docker hub

Cloudflare Access Controller

Cloudflare Access Controller synchronizes Kubernetes Ingress with Cloudflare Access

Prerequisites
Kubernetes Version Cloudflare Access Controller Version
> = 1.22 > = 2.1.0
<= 1.21 2.0.0
Deploy
kubectl apply -f deploy/cloudflare-access-controller.yaml

Access Policy is created with the name cac-policy-{#number}. Policy without start cac-policy- is ignored, so it can be configured by adding or changing it directly in your Cloudflare Dashboard.

Configuration guide

Image is available here: ghcr.io/dingggu/cloudflare-access-controller:latest

Execute with the following command:

./cloudflare-access-controller \
-z cloudflare.zone.name \
-c identifier.cluster.name

or figure out with

./cloudflare-access-controller -h
Ingress Annotations
annotations:
  access.cloudflare.com/application-sub-domain: 'subdomain' # required, if set '', will applied domain
  access.cloudflare.com/application-path: '/path-url' # if not set, default '/'
  access.cloudflare.com/session-duration: 30m, 6h, 12h, 24h, 168h, 730h # if not set, default 24h 
  access.cloudflare.com/policies: |
    "[]"
  # https://api.cloudflare.com/#access-policy-create-access-policy
Policy Examples
  • Allow login account email ends with ggu.la and mah.ye and IP address require 123.123.123.123/32
[{"decision":"allow","include":[{"email_domain":{"domain":"ggu.la"}},{"email_domain":{"domain":"google.com"}}],"require":[{"ip":{"ip":"123.123.123.123/32"}}]}]
  • Bypass IP Address 123.123.123.123/32 and Denied IP Address 192.168.0.1/32
[{"decision":"bypass","require":[{"ip":{"ip":"123.123.123.123/32"}}]},{"decision":"deny","require":[{"ip":{"ip":"192.168.0.1/32"}}]}]
Other Tips

Cloudflare is recommended, as it is more secure when used with Argo tunnels.

If not use with Argo tunnel, Access must be proxied (a.k.a orange cloud enabled). ExternalDNS makes it easy to manage Cloudflare's DNS with Kubernetes. It is strongly recommend using it with that.

Directories

Path Synopsis
controllers
providers
store
types

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.