I have a
NodeJS application with
express.js as a backend framework deployed on cloud using Kubernetes. The K8s runs on top of an Ubuntu template. The application deployed in Kubernetes is of
NodePort. This means the app uses the external IP address of the K8s nodes. In my case, it's currently using an external IP address of one of the master nodes.
I then assigned a DNS hostname for the application using Cloudflare Tunnel (aka Argo Tunnel). It works perfectly fine as I can access the application from outside the K8s cluster with the DNS hostname that was resolved. However, I can also access the application directly from
Here is a snippet from
config.yml file used in creating Cloudflare tunnel:
- hostname: myapp.test.io
- service: http_status:404
My concern here is, how to deny or block direct IP access to the application as I do not wish to reveal the IP address and make life hard for myself from the security standpoint?
Does this have to be configured from within Cloudflare or K8s cluster is also my doubt. Any feedbacks and suggestion would be appreciated.