WWW Deployment SOP (kubespot.com)

This document describes how to configure and deploy the www site for kubespot.com using Terraform and Cloudflare. The setup manages DNS and Cloudflare Zero Trust so that only opsZero team members can access the site.

Overview

The Cloudflare configuration for the site is located in:

infra/cloudflare/

Terraform creates and manages:

A DNS CNAME record for www
A Cloudflare Access application
An Access policy allowing only @opszero.com users

Prerequisites

You will need:

Access to the Cloudflare account for dbazero.com
A Cloudflare API token with:
- Zone: Read/Write
- Access: Edit

Create a local terraform.tfvars file (this file should not be committed):

terraform.tfvars
api_token = "YOUR_CLOUDFLARE_API_TOKEN"
zone_id   = "3a57be47c35b1010d5923da6cdf12fc7"
domain    = "kubespot.com"

Deployment

From the Cloudflare directory:

cd infra/cloudflare

Initialize Terraform:

terraform init

Preview changes:

terraform plan

Apply the configuration:

terraform apply

Approve with yes when prompted.

Terraform will create the DNS record, Access application, and allow policy.

Verification

DNS

In Cloudflare → DNS, confirm the entry:

CNAME  www  dbazero.com  Proxied

Access Application

Cloudflare Zero Trust → Access → Applications

You should see an application for:

www.dbazero.com

Access Policy

Inside the application, ensure the policy allows:

*@opszero.com

Test

Open:

https://www.dbazero.com

In an incognito window, it should show the Cloudflare Access login.

caution

Only users with @opszero.com email addresses will be able to access the site.

Updating

Any time Terraform files are changed:

terraform plan
terraform apply

Terraform will update the existing Cloudflare resources.

Overview​

Prerequisites​

Deployment​

Verification​

DNS​

Access Application​

Access Policy​

Test​

Updating​