Introducing Pomerium Ingress Controller for Kubernetes

July 17, 2023

We're excited to introduce Pomerium’s Ingress Controller for Kubernetes. Teams can easily add our ingress controller for secure access to their production Kubernetes workloads.

What’s an Ingress Controller for?

In Kubernetes, an ingress controller is a component that acts as a reverse proxy and manages incoming network traffic to Kubernetes services. It serves as an entry point for external traffic to reach the services running inside a Kubernetes cluster.

Ingress controllers work in conjunction with Kubernetes Ingress resources, which define the rules and policies for routing traffic to Kubernetes services, to enable external access to these Kubernetes services. This allows for more fine-grained control over how traffic flows into and out of the Kubernetes cluster, as well as providing features such as load balancing, SSL termination, and routing based on URL paths or hostnames.

Why use Pomerium Ingress Controller?

Pomerium Ingress Controller is an open-source software component that enables secure access to Kubernetes services and resources by enforcing access control policies based on location, user identity, device, and other contextual factors. Pomerium ingress controller is built atop Envoy proxy and supports both OIDC and OAuth2 protocols.

Teams use Pomerium Ingress Controller for:

  • Flexibility — This is particularly important for Kubernetes services and resources in environments where multiple teams or users need access to Kubernetes resources, but only some of them should have access to specific resources.

  • Scale — Teams want a unified and consistent manner for implementing access control policies across multiple Kubernetes clusters and environments, which is useful in large-scale deployments where managing access control policies can become complex and error-prone.

  • Speed — Because Pomerium is deployed entirely on-premise (wherever you need it), there is no latency when using Pomerium. As a side benefit, there’s no more expensive backhauling of data.

  • Security — Pomerium Ingress Controller provides encryption and data loss prevention to ensure that Kubernetes resources are protected from unauthorized access or disclosure.

Because ingress controllers do not compete and can each bring various features, Kubernetes teams can run any number of ingress controllers to fit their unique requirements.

Pomerium Ingress Controller features

Pomerium ingress controller provides these features in particular:

  • Ingress with built-in access controls — While other ingress controllers require plugins or introducing intermediary components, Pomerium ingress controller comes with complete authentication and authorization capabilities.

  • Secure TCP Services — Pomerium is capable of creating secure connections to services like SSH, Databases, and more by creating a TCP tunnel to the service with a local client.

  • Service Proxy — Pomerium routes traffic directly to the referenced Service's Endpoints bypassing Kubernetes service proxy to improve performance.

  • Load Balancing — Pomerium can load balance the requests to the upstream endpoints.

  • Mutual TLS — Some internal communications are not secure by default because Ingress assumes that all communications to the upstream service is sent in plaintext. Pomerium addresses this by supporting mutual TLS communication with upstream endpoints.

  • Integrating External Services — Plugging in other services can be a useful feature for Kubernetes teams, whether it’s for access control or something else.

Take Pomerium Ingress Controller for a spin!

  • Quickstart and deploy — Easily put Pomerium Ingress Controller into your Kubernetes cluster with one line!

  • Documentation — Once it’s deployed, follow the documentation to get it running!

  • Open Source Repo — Want to know what’s in the code? Give us a star and check it out!

Share:

Stay Connected

Stay up to date with Pomerium news and announcements.

More Blog Posts

See All Blog Posts
Blog
Identity Aware Proxy (IAP): Meaning, Pricing, Solutions
Blog
The Great VPN Myth: What PCI DSS 4.0 Actually Requires for Remote Access
Blog
Zscaler vs. Tailscale vs. Pomerium: Detailed Comparison

Revolutionize
Your Security

Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.

Pomerium logo
© 2024 Pomerium. All rights reserved