Private Endpoints for your Applications

Image of Private Endpoints for your Applications

When you deploy applications in Okteto, you automatically get endpoints with valid SSL certificates. This way, you can develop and test your applications on a realistic, production-like environment, instead of localhost.

But not every endpoint in our application is meant to be publicly available. There are admin areas, dashboards, or even certain applications that you want to keep to yourself. We’re happy to announce that Okteto Cloud now allows you to restrict access to your applications by marking its endpoints as private 🕵️‍♀️.

Private endpoints can only be accessed by Okteto users that have access to your namespace. When accessing a private endpoint, Okteto will automagically redirect the request to a separate authentication service to verify if the user has access to your namespace. If they do, they will be redirected to your application. If they don’t, well… they shall not pass! (couldn’t help it 🤭)

Protecting your own application is simple. If you are using Okteto’s automatic SSL endpoints, set the value of the dev.okteto.com/auto-ingress annotation to private in your service manifest:

1
2
3
4
5
6
7
apiVersion: v1
kind: Service
metadata:
name: hello-world
annotations:
dev.okteto.com/auto-ingress: "private"
...

If you are bringing your own ingress, then you’ll need to add the dev.okteto.com/private: "true" annotation to your manifest:

1
2
3
4
5
6
7
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
dev.okteto.com/generate-host: "true"
dev.okteto.com/private: "true"
...

More information on this topic is available in our docs.

We already updated several of the applications in the Okteto catalog to take advantage of this feature. Why you don’t go ahead and try it out today?