Skip to content

Commit d507ff9

Browse files
ChanningHeChanningHe
committed
docs: document access cleanup behavior inherited from tunnel/dns
1 parent c6e08b6 commit d507ff9

2 files changed

Lines changed: 46 additions & 0 deletions

File tree

docsite/content/docs/en/labels/access.mdx

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -170,3 +170,26 @@ labels:
170170
labelgate.tunnel.admin.service: "http://admin:8080"
171171
labelgate.tunnel.admin.access: "internal"
172172
```
173+
174+
## Cleanup Behavior
175+
176+
Access policies don't have their own `cleanup` label. Instead, the cleanup behavior is **inherited from the tunnel or DNS service** that references the access policy.
177+
178+
```yaml
179+
labels:
180+
labelgate.access.team.policy.decision: "allow"
181+
labelgate.access.team.policy.include.emails_ending_in: "@company.io"
182+
183+
labelgate.tunnel.web.hostname: "app.company.io"
184+
labelgate.tunnel.web.service: "http://app:80"
185+
labelgate.tunnel.web.access: "team"
186+
labelgate.tunnel.web.cleanup: "true" # This controls access cleanup too
187+
```
188+
189+
When `cleanup` is enabled on the referencing service:
190+
- If the container stops, the Access Application on Cloudflare will be removed after the configured `sync.remove_delay` (default: 30 minutes)
191+
- The associated reusable policies are also cleaned up if no other application references them
192+
193+
When `cleanup` is disabled (default):
194+
- The Access Application is marked as **orphaned** in labelgate but preserved on Cloudflare
195+
- It will be reactivated automatically if the container restarts

docsite/content/docs/zh/labels/access.mdx

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -170,3 +170,26 @@ labels:
170170
labelgate.tunnel.admin.service: "http://admin:8080"
171171
labelgate.tunnel.admin.access: "internal"
172172
```
173+
174+
## 清理行为
175+
176+
Access 策略没有独立的 `cleanup` 标签。清理行为**继承自引用该策略的 tunnel 或 DNS 服务**。
177+
178+
```yaml
179+
labels:
180+
labelgate.access.team.policy.decision: "allow"
181+
labelgate.access.team.policy.include.emails_ending_in: "@company.io"
182+
183+
labelgate.tunnel.web.hostname: "app.company.io"
184+
labelgate.tunnel.web.service: "http://app:80"
185+
labelgate.tunnel.web.access: "team"
186+
labelgate.tunnel.web.cleanup: "true" # 同时控制 access 的清理行为
187+
```
188+
189+
当引用服务启用了 `cleanup` 时:
190+
- 容器停止后,Cloudflare 上的 Access Application 将在配置的 `sync.remove_delay`(默认 30 分钟)后被删除
191+
- 关联的可复用策略如果没有被其他应用引用,也会被一并清理
192+
193+
当 `cleanup` 未启用时(默认):
194+
- Access Application 在 labelgate 中标记为 **orphaned**,但在 Cloudflare 上保留
195+
- 容器重启后会自动重新激活

0 commit comments

Comments
 (0)