My scenario is that I have a web based application running in several Azure Kubernetes deployments in several regions and want to add some firewall protection. Once configured users should be able to keep accessing the system via https://dev.mycompany.com, https://europe.mycompany.com, etc.
For this is the one plan enough or would I need a separate plan per deployment? I assume I would also need to add the argo addon cost per deployment for connectivity to AKS. Is there any other addon I would need to include?
For https currently I am provisioning certificates via lets-encrypt. From what I understand provisioning, etc on cloudflare would now be done automatically with no extra cost. Is that correct?
For setup of our deployments I understand there might be a few tickboxes in the web UI then we would just need to install and configure argo in a pod on each cluster and set our cnames to point to the cloudflare cname? Are there other complexities I am missing?
For our scenario the only difference I see between pro and business is the 100% uptime SLA. Is there anything else I should consider?
I notice differences to caching in the plans, I assume it is possible to add firewall without cdn/caching. We would not want caching of our web application request/responses?
I am also considering using ‘azure web application firewall’ which is a part of ‘application gateway’. I understand cloudflare has additional DDOS protection but are there any other key differences with respect to security I should consider?