Hi everyone 
,
I wanted to introduce the Cloudflare Zero Trust Operator for Kubernetes;
https://github.com/BojanZelic/cloudflare-zero-trust-operator
This is a project I’ve been working on for the past month that allows you to configure Cloudflare Zero Trust rules straight from Kubernetes by creating and applying declarative yaml;
Resources can be created in Kubernetes and then the operator will reconcile them via the Cloudflare api;
You simply install the operator and create some new Kubernetes manifests;
example:
apiVersion: cloudflare.zelic.io/v1alpha1
kind: CloudflareAccessApplication
metadata:
name: domain-example
namespace: default
spec:
name: my application
domain: domain.example.com
policies:
- name: Allow testemail1
decision: allow
include:
- emails:
- [email protected]
This would then go and create the resource for you inside of your Cloudflare backend;
Currently in a very early alpha, but it supports:
- CloudflareAccessGroups
- CloudflareAccessApplications
- CloudflareServiceToken
Benefits:
- Teams can manage their own Cloudflare Application rules
- Operators will reconcile the actual resource constantly to ensure that it matches what we expect;
Installation can be done easily via helm or customize;
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://github.com/BojanZelic/cloudflare-zero-trust-operator//config/default?ref=0.1.7
secretGenerator:
- name: cloudflare-creds
behavior: replace
literals:
- CLOUDFLARE_API_KEY=""
- CLOUDFLARE_API_EMAIL=""
- CLOUDFLARE_ACCOUNT_ID=""
- CLOUDFLARE_API_TOKEN=""
See for additional instructions:
https://github.com/BojanZelic/cloudflare-zero-trust-operator#install
How does this compare w/Terraform?
- We can manage the whole lifecycle of an application with Kubernetes instead of additional complexity with Terraform;
- If you have an application running in kubernetes, it makes sense to manage the configuration in Kubernetes
- You don’t have to set up separate runners, CI/CD pipelines, or infrastructure related to terraform
Contributions welcome!