Introduction
Recently, I changed my access method to my home network using Cloudflare Tunnel. This article will introduce that method.
Old Configuration
Previously, I accessed each service on my home cluster using VPN connections. The following is a diagram of that configuration.
New Configuration
By using Cloudflare Tunnel, I eliminated the need for VPN connections and made it possible to access my home network without direct external exposure.
Pros/Cons
- Pros
- No need to expose servers/home networks externally
- Can benefit from Cloudflare CDN (security, IPv6 support, etc.)
- Can restrict access to specific domains or paths
- Can access services from external sources (compared to old configuration)
- No need to set up a VPN server (compared to old configuration)
- Cons
- No need to transfer, but need to manage the Apex Domain by Clouflare
Changes in k8s Cluster Configuration
Several changes were required for the new configuration.
- Add
- cloudflared ... necessary to tunnel access from Cloudflare
- Eliminate
- MetalLB ... not necessary because cloudflared directly accesses each Service
- Nginx Ingress ... same as above
The following article was useful in setting up Cloudflare Tunnel for a home cluster.
zenn.dev
Restricting Access to Specific Domains or Paths
It is possible to restrict access to specific domains or paths, thus improving security.
For example, consider setting up WordPress in a Kubernetes cluster to be accessible from external sources.
In this case, it is possible to only authenticate with Cloudflare Zero Trust for paths starting with /wp-login or /wp-admin, without requiring authentication for normal requests.
Conclusion
This article introduced the change in access method to my home network using Cloudflare Tunnel. This new configuration has benefits such as improved security and IPv6 support. Additionally, it is possible to configure it with security in mind by restricting access to specific domains or paths.
Home k8s manifests
Repository for the home kubernetes cluster.
This repository manages the manifests of the home kubernetes cluster.
Setup Argo CD
helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd argo/argo-cd --create-namespace --namespace argocd
kubectl -n argocd port-forward deploy/argocd-server 8080:8080
argocd login \
--insecure \
--grpc-web \
--username admin \
--password "$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)" \
localhost:8080
argocd app create argocd-config \
--insecure \
--grpc-web \
--repo https://github.com/corrupt952/home-apps.git \
--path argocd-config/base \
--dest-namespace argocd \
--dest-server https://kubernetes.default.svc \
--sync-policy automated \
--auto-prune \
--revision main
Top comments (0)