Our great sponsors
-
external-dns
Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
I can then set annotations on the Ingress resource to tell external-dns to flip the proxy switch on the DNS record in Cloudflare:
Not sure this is a "best practice", but it lets me keep control of the Ingress resources inside their YAML configs. I've also layered Vouch Proxy into the ingress configurations to require SSO/MFA auth to access the resources behind the Ingress. Cloudflare has the ability to do this, but I found it cumbersome to keep track of the configs outside the K8s cluster.
Related posts
- Has anyone been able to set up dockerized CrowdSec in front of dockerized NPM using official images only?
- I'm looking for an SSO server/reverse proxy with features I'm not sure exist
- Any Idea Where Should I Start? Newbie Here
- AWS EKS front end authentication with Okta?
- Is there something like Keycloak or Authelia that supports both forward auth and identity providers?