Replies: 1 comment
-
|
There isn’t (at least currently) a step-by-step official tutorial specifically for “Cloudflare-fronted OpenShell gateways with authentication” beyond the architecture notes you already referenced. That said, the architecture in How this is generally expected to be set upAt a high level, the setup usually looks like: What you typically need on CloudflareYou would normally configure three things: 1. Cloudflare Access (authentication layer)This is the part that replaces “gateway authentication”:
This handles who is allowed to reach OpenShell at all. 2. Cloudflare Tunnel (recommended instead of public ingress)Instead of exposing the gateway publicly:
This avoids exposing Kubernetes ingress directly. 3. Optional: Service tokens for machine-to-machine accessFor programmatic access (CLI, agents, CI):
This is usually how non-browser clients authenticate. What OpenShell expects (based on architecture doc)From the OpenShell side, the gateway generally assumes:
So Cloudflare becomes the identity + perimeter security layer, while OpenShell focuses on sandbox orchestration. Common missing pieces (where people usually get stuck)
Is there an official guide?As of now, the repo only provides:
So what you’re trying to do is valid, but it’s currently in the category of “reference architecture, not turnkey guide.” RecommendationIf you’re implementing this, the cleanest pattern is:
And avoid duplicating auth logic inside the gateway unless explicitly required. If this answer helped or pointed you in the right direction, I'd appreciate it if you could mark it as the accepted answer so it's easier for others with the same issue to find. Also, if you found my contribution useful, I'd appreciate it if you could check out my GitHub profile, follow me, and star any repositories you find interesting. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi, is there a tutorial/ guide on setting up a cloudflare fronted openshell gateways with authentication? I have read this architecture document https://github.com/NVIDIA/OpenShell/blob/main/architecture/gateway-security.md but it's not very clear what needs to be set up on cloudflare.
Rgds
Oide
Beta Was this translation helpful? Give feedback.
All reactions