mattalberts
commented
5 years ago @tonyxiao feels like a dup or belongs under #32?
Open tonyxiao opened 5 years ago
mattalberts
commented
5 years ago @tonyxiao feels like a dup or belongs under #32?
tonyxiao
commented
5 years ago @mattalberts i saw #32 and it seems to suggest a greater scope where access policies can be defined via argo config. This issue represents a much smaller scope one of ensuring traffic is going through access, rather than defining the policies. Does that distinction make sense?
Rather than trying to define access policies within argo config itself (https://github.com/cloudflare/cloudflare-ingress-controller/issues/32), would it be possible to at least say that hey this particular service can only be accessed through Cloudflare access, and reject all unauthenticated traffic?
I imagine it's possible to set up a reverse proxy in between argo and the service being served and perform JWT verification (https://developers.cloudflare.com/access/setting-up-access/validate-jwt-tokens/), however that's a bunch of extra work.