How to Securely Access Publicly Exposed Resources in a Kubernetes Cluster

Access an exposed service on a K8s cluster

Use case: You’d like to provide external access to a service inside a K8s cluster but control that access using Twingate Resources and Group assignments.

  • Deploy Connector(s) outside the target K8s cluster. This Connector will be used to secure access to your cluster’s API endpoint. The only requirement is that the Connector must have network access to the API endpoint. Neither the Connector nor the API endpoint should be accessible from the public Internet.
  • Configure an external IP address (external to the K8s cluster, but not public) for the K8s service. This address must be reachable from the Connector that you deployed in the previous step. You may want to use private DNS to provide access to the exposed service instead of the private IP address.
  • Create a new Twingate Resource with the service’s IP or private DNS address. This will allow authorized Twingate users to access the K8s service without exposing it on the public internet.

Last updated 5 months ago