Preview Environment Access
Last updated
Was this helpful?
Last updated
Was this helpful?
At the moment we do not have a productized access limitation story for Preview Environments, however there are multiple methods which this can be achieved.
By default Preview Environments are publicly accessible. While they are not easily discoverable, there are methods by which valid URLs can be determined. If you are required to enable strict access control, we highly recommend utilizing one of the solutions below.
Ingress within a Preview cluster are controlled using the Kuberentes . This means that any annotations supported by the ingress are supported within Preview, including basic authentication.
Documentation for nginx basic-auth can be found .
You can utilize a VPN, and then use the Ingress annotation to provide access to only that VPN CIDR block.
If you are running a self-hosted cluster, you can use an Identity Aware Proxy to manage access to all, or a subset, of your namespaces.
If you are running a self-hosted cluster, you can use an oauth2_proxy installation to manage authentication. An example of this set up is described in this . When this is configured, specific ingresses can be secured through the use of ingress annotations.
There are other Identity Aware Proxy solutions, one of which you may already be using. We have a list below of known options. If you require assistance integrating one of these with your Preview Environments, please let us know and we'd be happy to help.
(if using GKE)