Best practice for accessing private server?

We have a cluster of servers with only internal network connectivity, except one of them that has both internal and external IPs.

What is the best practice to configure and use Access to access services on the private servers? (like ssh, mysql, etc)

Teams with Tunnels / Warp is probably a good idea for your use-case. There’s some tutorials here that might help:

https://developers.cloudflare.com/cloudflare-one/tutorials/zero-trust-network-access

https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel