Compare

SSH Access Through Kubernetes Ingress with a Proxy

Andrios Robert

Oct 16, 2025 • 1 min read

That’s the power an ingress resource can give you when paired with SSH access and a proxy.

Ingress resources are Kubernetes objects that manage external access to services inside a cluster. They define rules for routing traffic based on hostnames, paths, and protocols. When combined with SSH, the ingress resource becomes a secure gateway—not just for HTTP or HTTPS—but for direct, authenticated access to internal workloads. The SSH access proxy layer ensures every connection passes through a controlled, auditable entry point.

Using an ingress resource for SSH requires precise configuration. You define ingress rules that point to a service running your SSH proxy. This proxy manages sessions, keys, and permissions. Tools like NGINX Ingress Controller or Traefik can be extended to route TCP streams, not just HTTP, allowing SSH traffic into the cluster without exposing raw node ports.

Security is the priority. The ingress resource should enforce TLS wherever possible. SSH keys must be rotated and stored securely. The proxy should integrate with your existing identity systems, ensuring only approved users gain access. Logging must capture every connection and command to meet compliance standards.

Performance is a close second. An ingress resource handles load balancing for SSH connections in the same way it does for HTTP, distributing sessions across multiple pods. This keeps latency low and availability high. With the right setup, engineers can reach critical infrastructure quickly without compromising safety.

This approach also simplifies operations. Instead of managing scattered firewall rules or direct node access, you define everything in YAML. Upgrades, redeployments, and scaling happen through Kubernetes primitives. SSH over ingress through a proxy becomes part of the same declarative workflow you use for the rest of the cluster.

It is simple to test this pattern. Deploy an ingress resource, run a lightweight SSH proxy service behind it, configure host rules, and validate from a remote host. Once working, you can roll it out across your environments with minimal changes while enforcing consistent governance.

If you want to see ingress resources with SSH access proxy in action, go to hoop.dev and deploy your first working example in minutes.

Sign up for more like this.