🚀 Build your Minimum Viable Platform (MVP) with our playbook. Start now
close icon
All blogs
How Humanitec deploys to private Kubernetes clusters

How Humanitec deploys to private Kubernetes clusters

Tobias Babin
July 11, 2024

Learn how to utelize the Humanitec Agent in combination with the Humanitec Orchestrator to deploy to a private Kubernetes cluster through a secure tunnel.

⚠️ This post covers Platform Orchestrator v1. v2 is now available with simplified architecture and support for any compute target. See differences between the two products here
Table of contents
Example H2
Example H3
Example H4
Example H5
Example H6

If you’re part of an enterprise team (and even if you are not), you’ll very likely not want your Kubernetes (K8s) clusters to be public. Of course, you’d like the Humanitec Platform Orchestrator to talk to your K8s API server to do its magic and automatically deploy new configurations, enabling developer self-service and all the other great things you already read about on this blog. But if the Platform Orchestrator has access to your API server on a public endpoint, then others might access it too. And your security teams will not love the idea.

So the question is, if you want to work with Humanitec, do you need to make your K8s clusters public? The answer is no. In fact, network and firewall teams usually like us. Here’s why.

The Humanitec Platform Orchestrator creates a graph-based representation of your workloads and their dependencies with every deployment. New app and infra configuration files are generated and deployed to your clusters.

If you’re working with public clusters, you can simply connect your AWS, GCP, Azure, or other clusters to Humanitec, and the Platform Orchestrator will automatically deploy there.

If you’re using private clusters, you can use the Humanitec Agent.

The Agent sits within your private network and establishes a secure tunnel with the Platform Orchestrator. This means no new port needs to be exposed to the outside world. You can then use the secure tunnel to let the Platform Orchestrator access your private cluster and execute deployments.

The Agent is extremely easy to install. You can follow the steps in our installation documentation, and then register it with the Humanitec Organization you are already using.

If you want to use your own secret store, you can combine the Agent with the Humanitec Operator. Now, both API server access and secrets storage remain within your private network:

Want to get started?

You learn more about how all this works in our documentation for the Agent, and for a deeper look into how to use it in combination with the Humanitec Operator. If you want to get started right away, schedule a call with one of our platform architects or join our Minimum Viable Platform Program (MVP).

Tobias Babin
Technical Specialist Documentation, Humanitec
LinkedIn

Tobi is a long-term IT professional and cloud-native enthusiast with a passion for explaining, teaching, and helping others be successful.

Upcoming events

No items found.
See all events

Recommended articles

No items found.
Join our Newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
WHY
Why Platform EngineeringWhy Internal Developer PlatformWhy Humanitec
PRODUCT
Product overviewPlatform OrchestratorScorePortalIntegrationsPricing
Features
Environment managementDeployment managementInfrastructure orchestrationDeveloper self-serviceRBAC & governance
Use Cases
Use cases overview
Kubernetes migration
Kubernetes complexity
Eliminate ticket Ops
End-to-end self service
Build developer portals
Build an IDP
Company
About Humanitec
Careers
Hiring
CustomersProfessional ServicesPartnersContact
Resources
DocsBlogWhitepapersFAQStart free trial
Community
SlackEvents
Reference ARCHITECTURES
AWS
Azure
GCP
Red Hat OpenShift
©2025 Humanitec. All Rights Reserved.
ImprintSupportSecurityStatusPoliciesTechnical DefinitionsWhistleblowing