v0.1.0
First release 🚀
Features
- Two CRDs:
EdgeNode(a VPS plus the tunnel) andPortBinding(the ports to expose). - Expose TCP and UDP ports, routed to a Kubernetes
Serviceor a rawIP:port. - Active-active HA: N uplink replicas, Envoy L4 load-balancing on the VPS with active health checks per replica.
- TLS at the edge:
passthrough(SNI routing),offload(terminate on the VPS),mutual(downstream mTLS). - Client source IP preserved with Proxy Protocol.
- WireGuard and nftables programmed natively by the
tunnelctlagent: nowireguard-tools,wg-quickornftCLI, distroless uplink. The operator is the single SSH writer, verifies the VPS host key, and stays out of the data path. - Multi-arch images (amd64/arm64).
- Helm chart published as an OCI artifact