Hi all, could you recommend some solution for hardening access to kubectl (k8s API)? I am trying to configure Cloudflare Zero Trust tunnel and it is not the easiest path to take. I mean something VPN-like…Thanks!
Maybe firewall with whitelist will do?
And you could have some ssh access to remote server somewhere, which ip will be whitelisted.
You mean connecting through bastion host?
There you will have more control
And have audit history logs
Port-forwarding can be configured to GUI uses
And i can suggest another security method
It is old, but still good, it is called port-knocking
You can check this https://kilo.squat.ai/docs/kgctl
Should be working on top of WireGuard vpn
But i can be wrong, you need to research it yourself
Scaleway provider is using kilo as a base in their Kubernetes Kosmos product.