Comment on Multiple Kubernetes Services Using Same Port Without SNI

<- View Parent
Findmysec@infosec.pub ⁨2⁩ ⁨months⁩ ago

In short, you need a reverse-proxy + traffic segregation with domain names (SNI).

I don’t remember much about ingresses, but this can be super easy to set up with Gateway API (I’m looking at it right now).

Basically, you can set up sftp.my.domain/ssh to 192.168.1.40:22, sftp.my.domain/sftp to 192.168.1.40:121 (for example). Same with Forgejo, forgejo.my.domain/ssh will point to 192.168.1.50:22 and forgejo.my.domain/gui will point to 192.168.1.50:443.

The Gateway API will simply send it over to the right k8s service.

About your home network: I think you could in theory open up a DMZ and everything should work. I would personally use a cheap VPS as a VPN server and NAT all traffic through it. About traffic from your router maintaining the SNI, that’s a different problem depending on your network setup.

source
Sort:hotnewtop