I'm looking for a way to make kubectl accessible for my Kubernetes cluster to the public internet. I initially thought about using Cloudflared, but it appears that requires either the Warp client or a TCP command, which I want to avoid. My cluster is secured with a Talos certificate, so I believe security isn't a major worry. Are there other options besides just opening a port on my router?
1 Answer
Exposing kubectl to the internet isn't the safest move. If you're not keen on using a VPN, consider setting up a bastion or jumpbox server that can securely access your cluster. Just because your cluster seems secure now, doesn't mean vulnerabilities won't pop up later. It's better to be safe than sorry!
I'm wondering why it would be insecure? Isn't it similar to VPN with just public and private keys for connecting? So using a certificate should be safe?