Managing multi-tenants DNS Subdomain with scoped security
The scenario we are faced with and the solution we are asking about.
- we deploy apps in kubernetes that are expose via ingress
- we want to use ingress-nginx to create the ingress, external-dns to create dns records for the app, and cert-manager to create ssl certs tls communication
- this pattern involves using a token to be stored as a kuberenetes secret
- the kuberenetes cluster is accessible by that clients they are assigned to
- we don't want to use the same token in each clients cluster for security reasons.
- we want to instead give each client a subdomain for their apps url, and each of their clusters have a unique token that is scoped to their subdomain. that way, a client would only be able to access a token that has access only to their subdomain.
- we deploy apps in kubernetes that are expose via ingress
- we want to use ingress-nginx to create the ingress, external-dns to create dns records for the app, and cert-manager to create ssl certs tls communication
- this pattern involves using a token to be stored as a kuberenetes secret
- the kuberenetes cluster is accessible by that clients they are assigned to
- we don't want to use the same token in each clients cluster for security reasons.
- we want to instead give each client a subdomain for their apps url, and each of their clusters have a unique token that is scoped to their subdomain. that way, a client would only be able to access a token that has access only to their subdomain.
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
85,042Members
Resources
Similar Threads
Was this page helpful?
