Skip to content
a safe way to provide access to k8s service to an external untrusted node
Dockerfile Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
Helpers/Client/k8s initial commit Aug 17, 2019


Provides a way to expose a dynamic k8s service using an ssh tunnel to an external and untrusted host.

Why? Benefits:

  • Host can be untrusted as no k8s credentials need to be shared and connection is controlled from the client side (aka the k8s pod). No secrets are found in the host receiving the service
  • a service with a dynamic DNS can be shared/forwarded and will always be up to date as pods are to die and be replaced.
  • Both sides are running in a docker container and are configurable by env vars.



Alt text Alt text Alt text


  • Document everything in here and in blog post.
  • Provide helper scripts and yamls for k8s deployment.
  • Build public docker images.

More info:

coming soon

You can’t perform that action at this time.