Accessing and Using CloudFlare
Users that have been provisioned can access Cloudflare directly at
https://dash.cloudflare.com.
Instructions for Access Provisioning
Section titled “Instructions for Access Provisioning”-
We have transitioned to Lumos for the following Cloudflare accounts
- Gitlab
- Runway
- Gitlab Dedicated Production
- Gitlab Dedicated Non-production
-
Access requests should now be self-served, requests are raised on a per account level, for example if somebody wanted to access both GitLab and Runway accounts they will have to raise two Lumos requests.
-
Make sure to add relevant issue and context in the comment section while raising the request to give the approver enough context
-
Lumos access request is a two step approval process, you would first need approval of your manager, and then based on the account you are requesting access for, there will be a set of approvers as follows
- Gitlab : Network and Incident Management Team
- Runway : Runway team
- Gitlab Dedicated Production :
@denhams , @nitinduttsharma and @o-lluch - Gitlab Dedicated Non-production :
@denhams , @nitinduttsharma and @o-lluch
-
Approvers can choose to cancel a Lumos request with an appropriate reason.
Deprovisioning
Section titled “Deprovisioning”- Deprovisioning via Lumos is not available at the moment , an AR with IT would need to be raised for this usecase
- Please do not remove Cloudflare members manually from user groups in Cloudflare UI
Access to Gitlab Dedicated FedRAMP Cloudflare accounts
Section titled “Access to Gitlab Dedicated FedRAMP Cloudflare accounts”Access to Gitlab Dedicated FedRAMP sandbox Cloudflare account is still managed manually (soon to be transitioned to Lumos)
Provisioning Steps:
- Add user to
okta-cloudflare-usersgoogle group - Create an MR in Dedicated Cloudflare Organization Access to Gitlab Dedicated FedRAMP Cloudflare account is provisioned via a separate onboarding issue.
Configuration
Section titled “Configuration”Creating or Editing Custom Rules
Section titled “Creating or Editing Custom Rules”Managing Traffic (blocks, allowlists and abuse mitigation)
Section titled “Managing Traffic (blocks, allowlists and abuse mitigation)”Managing Workers
Section titled “Managing Workers”Getting support from Cloudflare
Section titled “Getting support from Cloudflare”Contacting support
Section titled “Contacting support”Contact Numbers
Section titled “Contact Numbers”Should we need to call Cloudflare, we were given these numbers to reach out to for help.
Those numbers are documented in the internal handbook, or the internal Cloudflare support Slack channel
Other References
Section titled “Other References”- Implementation Epic: https://gitlab.com/groups/gitlab-com/gl-infra/-/epics/94
- Readiness review: https://gitlab.com/gitlab-com/gl-infra/readiness/blob/master/cloudflare/README.md
- Issue Tracker for Evaluation: https://gitlab.com/gitlab-com/gl-infra/cloudflare/issues
- Ongoing Cloudflare Epic: https://gitlab.com/groups/gitlab-com/gl-infra/-/epics/1131
- Managing Limits: https://handbook.gitlab.com/handbook/engineering/infrastructure/rate-limiting/managing-limits/
- Cloudflare terraform configuration: https://gitlab.com/gitlab-com/gl-infra/terraform-modules/cloudflare