This repository contains an example on how the Twingate headless client can be used to provide Kubernetes pods access to Twingate resources. The example follows a sidecar approach.
Zero Trust access to protected Twingate resources from K8s services including databases, web services and monitoring systems
- Create Twingate service account and key in the Twingate admin UI, see instruction
- Add desired resources to the service account in the Twingate admin UI
- Download the Twingate service key and base64 encode with commands such as
openssl base64 -in key.json -out key.base64 - Add the content of your base64 encoded service key to secret.yaml
- Add the section
spec.template.spec.containers.sidecar-containerandspec.template.spec.volumesections from deployment.yaml to your deployment - Deploy the secret.yaml and the updated deployment, i.e
kubectl create -f secret.yaml, make sure the secret is deployed in the same namespace as the deployment
privileged: trueis set for the sidecar container in the deployment.yaml, this is required for the Twingate Headless Client