Need help setting up cloudflare to aws eks via kubectl

I am a noob in using cloudflare and trying to set it up so that can restrict who can access AWS EKS via kubectl and want to control everything via cloudflare.
I tried putting a dns entry(want to control it via access policies) for the kubernetes api endpoint into cloudflare and then updating .kube/config file to point to the dns entry. But getting an error as ‘Unable to connect to the server: x509: certificate signed by unknown authority’.

Any experts out there who could help would be really appreciated.

Cloudflare does URL-based restrictions using Firewall Rules and/or Access. But in order for to be truly restricted, you also need to configure your instance to block any connections not coming through Cloudflare IP addresses:


Hi @sdayman, thank you so much for the response. I agree have to restrict the cloudflare outbound IP’s but I believe that is just the first step on restricting the EKS api access from public to private and only allow cloudflare outbound IPs. I am trying to figure out which way to move from here onwards now.

This topic was automatically closed after 30 days. New replies are no longer allowed.