In addition to securely exposing Services publicly via the BeyondCorp access mode (read more here), Octelium also enables you to completely publicly expose a HTTP-based Service (namely HTTP, GRPC and WEB Service modes) to anonymous access that requires neither authentication nor access control via Polices. This allows you to effectively use Octelium as a self-hosted PaaS or a hosting platform where you can publicly expose Services to the public internet whose upstreams might be served from anywhere (e.g anywhere behind NAT such as your laptop, private clouds, etc...) as well as for containerized applications that are managed by Octelium itself (read more about managed containers here).
It's extremely important to understand that enabling the anonymous public mode for a certain Service completely eliminates both authentication and authorization for that Service. This is by itself against what zero trust is all about.
The Octelium Cluster currently uses the anonymous mode mainly for the AuthService which is exposed publicly to the internet to authenticate the users, both via WEB mode using OpenID Connect and SAML 2.0 identity providers (IdPs) as well as for its authentication gRPC service.
To enable the anonymous public mode, you only need to enable the isPublic and isAnonymous fields as follows:
1kind: Service2metadata:3name: svc14spec:5mode: HTTP6config:7upstream:8url: http://nginx.local9isPublic: true10isAnonymous: true
Public DNS and TLS Certificate
Since public Services are exposed to the internet, you need to set the public DNS and TLS certificate of the Service. You can read more about managing public DNS here and TLS certificates here.