With Cloudflare Tunnel's Ingress Rules, we can use a single tunnel to proxy traffic to a number of local services. These concepts should be the same regardless of where you host your applications such as an onprem location to a multi-cloud solution. The technical bits of this will cover how to set up an automated Named Tunnel that will proxy traffic to a Google compute instance (GCP) which is my backend for this example. Let's see what setting that up looks like. Using Terraform we can deploy Cloudflare resources, origin resources, and configure our server all with one tool. The overarching concepts here should translate quite nicely. This is not to say that this same functionality cannot be re-created by making use of the API endpoint with a tool of your choice. While there are numerous Infrastructure as Code tools out there, Terraform has an actively maintained Cloudflare provider. I can then go take my pup on an adventure while my environment kicks off. Most importantly, the spin up of an environment securely tied into Cloudflare can be achieved with some Terraform config and then by running terraform apply. Putting automation around tunnels allows teams to incorporate them into their existing CI/CD (continuous improvement/continuous development) pipelines. In a world where IPs are increasingly ephemeral, tunnels allow for a modern approach to tying your application(s) into Cloudflare. Tunnels also allow traffic to connect securely into Cloudflare's edge for only the particular account they are affiliated with. The ability to dynamically generate a tunnel and tie it into a back end application(s) brings several benefits to users including: putting more of their Cloudflare config in code, auto-scaling resources, dynamically spinning up resources such as bastion servers for secure logins, and saving time from avoiding manually generating/maintaining tunnels. That dream is now a reality and my dog could not be happier. Tooling should be easy to deploy and robust to use. It has been a dream of mine since joining Cloudflare to write a Cloudflare Tunnel as code, along with my instance/application, and deploy it while I go walk my dog. json file for the origin side tunnel credentials instead of (or with) the cert.pem file. With the jump to Named Tunnels and a supported API endpoint Cloudflare users can automate this manual process. This would open a browser to their Cloudflare account so they could download a cert.pem file to authenticate their tunnel against Cloudflare's edge with their account. A user needed to download the binary for their OS, install/compile it, and then run the command cloudflared tunnel login. Historically, the biggest limitation to using Cloudflare Tunnel at scale was that the process to create a tunnel was manual. Thanks to recent developments with our Terraform provider and the advent of Named Tunnels it's never been easier to spin up. With Cloudflare Tunnel, teams can expose anything to the world, from internal subnets to containers, in a secure and fast way. Cloudflare Tunnel allows you to connect applications securely and quickly to Cloudflare's edge.
0 Comments
Leave a Reply. |