Cloudflare With Kubernetes/Ingress


We currently use Cloudflare as our authoritative DNS for our zones. We run our apps in Kubernetes using Google GKE and they are all fronted by ingress-nginx - this essentially means that all of our applications create an Ingress object in Kubernetes. We use external-dns to automatically create records in our Cloudflare DNS zones - these are all created as proxied records.

Is there anything else we should be looking into in terms of proper origin protect? We don’t currently run cloudflared as a sidecar in any of our applications, but we’ve often heard of the usefulness of cloudflared with Argo Tunnel.

What we’re really looking for is whether or not the Kubernetes Ingress -> proxied Cloudflare DNS record approach is secure. We want to avoid exposing origin IP addresses whenever possible.


1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.