If you’re part of an enterprise team (and even if you are not), you’ll very likely not want your Kubernetes (K8s) clusters to be public. Of course, you’d like the Humanitec Platform Orchestrator to talk to your K8s API server to do its magic and automatically deploy new configurations, enabling developer self-service and all the other great things you already read about on this blog. But if the Platform Orchestrator has access to your API server on a public endpoint, then others might access it too. And your security teams will not love the idea.
So the question is, if you want to work with Humanitec, do you need to make your K8s clusters public? The answer is no. In fact, network and firewall teams usually like us. Here’s why.
The Humanitec Platform Orchestrator creates a graph-based representation of your workloads and their dependencies with every deployment. New app and infra configuration files are generated and deployed to your clusters.
If you’re working with public clusters, you can simply connect your AWS, GCP, Azure, or other clusters to Humanitec, and the Platform Orchestrator will automatically deploy there.
If you’re using private clusters, you can use the Humanitec Agent.
The Agent sits within your private network and establishes a secure tunnel with the Platform Orchestrator. This means no new port needs to be exposed to the outside world. You can then use the secure tunnel to let the Platform Orchestrator access your private cluster and execute deployments.
The Agent is extremely easy to install. You can follow the steps in our installation documentation, and then register it with the Humanitec Organization you are already using.
If you want to use your own secret store, you can combine the Agent with the Humanitec Operator. Now, both API server access and secrets storage remain within your private network:
Want to get started?
You learn more about how all this works in our documentation for the Agent, and for a deeper look into how to use it in combination with the Humanitec Operator. If you want to get started right away, schedule a call with one of our platform architects or join our Minimum Viable Platform Program (MVP).
