Murakami
Reputation: 3760
Cloudflare Zero Trust kubectl connection - private cluster
I'm following this article in order to secure kubectl connection with Cloudflare Zero Trust (using cloudflared daemon):
https://developers.cloudflare.com/cloudflare-one/tutorials/kubectl/
My cluster is private EKS cluster in private subnets. Now, how would you typically set this flow up. Would cloudflared be seated in worker nodes? Or should there be a bastion host in front of the cluster (with NAT gateway)?
Here (in the article) I can see service attribute. It seems to be pointing to kubernetes API. But what is the address inside the EKS? Is it what I see as API server endpoint in my EKS dashboard?
tunnel: 6ff42ae2-765d-4adf-8112-31c55c1551ef
credentials-file: /root/.cloudflared/6ff42ae2-765d-4adf-8112-31c55c1551ef.json
ingress:
- hostname: azure.widgetcorp.tech
service: tcp://kubernetes.docker.internal:6443
originRequest:
proxyType: socks
- service: http_status:404
Many thanks for helping!
Upvotes: 3
Views: 433
Answers (0)
Related Questions
- Connection from private cluster pods to another private clusters master
- Accessing pods through ClusterIP
- Making kubectl private in AWS-EKS cluster
- ClusterIssuer with Cloudflare based DNS solver
- Kubeadm init/join using public IP
- Kubernetes - exposing cluster to external access with cloudflare proxy
- using k8s go-client locally to connect to cluster
- How to connect kubectl to a cluster in Google Cloud?
- Local kubeadm K8S access to private gcr.io
- Unable to kubectl connect my kubernetes cluster