Enhancement: TLS Upstream #11
Comments
|
Does it mean the controller doesn't support the HTTPS scheme yet? If the target pod is running on 443/8443 since it provides HTTPS service. |
|
It could support the HTTPS upstream with trusted certificates now, but it does not support the self-signed certificate or customized CA yet. 🤔 |
|
I'm deploying Kubernetes-Dashboard based with https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml It specified |
|
Yes! That's a self-signed certificate. 🤣 So I think it's kind of a common requirement; I will take a look and release a new version later. After I completed it, I would ping you here, and then you could take another try. ❤️ |
|
Hi @yeqown, v0.0.7 is released, you could upgrade the ingress controller by $ kubectl -n kubernetes-dashboard \
create ingress dashboard-via-cf-tunnel \
--rule="<your-domain>/*=kubernetes-dashboard:443"\
--class cloudflare-tunnel \
--annotation "cloudflare-tunnel-ingress-controller.strrl.dev/backend-protocol=https" \
--annotation "cloudflare-tunnel-ingress-controller.strrl.dev/proxy-ssl-verify=off"
|
|
so efficient you are |
It works in my k8s cluster, and helps a lot🤖 |
|
Love the work you are doing.. Is it possible to expose the Kubernetes API server with this, protected by Cloudflare Access? |
Do you mean just expose Kubernetes API as-is by cloudfalre tunnel? Or integrating with Cloudflare Zero Trust to management users, like using kubectl with oidc with cloudflare zero trust users? |
|
The latter. "Integrating with Cloudflare Zero Trust to management users, like using kubectl with oidc with cloudflare zero trust users". I have a keycloak instance running on a k8s cluster exposed with cloudflare tunnels. That's been pretty stable. Want to be able to access the Kubernetes API from outside my local network but securely. |
The text was updated successfully, but these errors were encountered: