Kubectl with Cloudflare Zero Trust

Cloudflare uses Kubernetes extensively for engineering tasks such as API backend, batch processing, and CI/CD pipelines. However, the large surface area exposed by Kubernetes poses security risks. To address this issue, Cloudflare employs its Zero Trust solution to secure access to Kubernetes clusters while enabling kubectl without proxies. The company initially used VPNs for network access but switched to Cloudflare Tunnels and eventually moved on to using the private network routing feature of Cloudflare Zero Trust. This approach allows engineers to access the Kubernetes APIs securely without needing to set up cloudflared tunnels or configure kubectl and other Kubernetes ecosystem tools to use tunnels.