Cloudflare setup
Aucert uses Cloudflare for DNS, secure access (Zero Trust), and edge routing. No public IPs are exposed on Azure.
Architecture
Internet → Cloudflare Edge → Cloudflare Tunnel (outbound) → AKS Ingress → Service
The Cloudflare Tunnel runs as a pod inside AKS, establishing an outbound-only connection to Cloudflare's edge. No inbound ports are opened on the Azure VNet.
DNS (aucert.dev)
| Hostname | Target | Status |
|---|---|---|
| plane.aucert.dev | ns:internal-platform | Active |
| astra.aucert.dev | ns:internal-platform | Active |
| docs.aucert.dev | Cloudflare Pages (internal docs) | Planned |
| docs-preview.aucert.dev | Cloudflare Pages (public docs) | Planned |
| grafana.aucert.dev | ns:internal-platform | Planned |
Cloudflare Access
All *.aucert.dev hostnames are behind Cloudflare Access:
- Auth method: Google OAuth
- Allowed:
@aucert.aiemail domain only - Session duration: 24 hours
What's next
- Azure topology — Full Azure resource inventory
- Secrets management — How credentials are stored