Kind of hijacking this conversation, but is there a service-mesh-like tool that allows reverse TCP tunneling via a central gateway server, kind of like services like ngrok / localtunnel just with all the bells and whistles of a modern service mesh? My use-case is that I want to be able to deploy a HTTP service across a heterogeneous set of distributed host, many of which don't allow any incoming connections / are behind NAT, and I am looking for a good solution to have these boxes connect out to a central gateway server which doesn't involve OpenVPN or SSH reverse tunnels.
I think Netifi is building a somewhat similar solution [1]. As far as I understand, their connects all services via a centralised broker. However, I'm wondering whether Cloudflare Argo can fit your use-case, [2]. It's a daemon that runs next to your software and exposes it to Cloudflare which means that you can open your software to the world even though it's behind NAT.
Many paid SSO/IDP solutions offer this, e.g. IDaptive has an App Gateway that has worked well for me, and Azure SSO has a more limited one as well. You run some agent behind the firewall, it talks outgoing to the cloud sso provider, and your end users get proxied through with the benefit of authenticating to the IDP before they even hit your service at all. Great way to slap 2FA on a lot of things without having to worry about VPNs.
