Turn Your Kubernetes Ingress into an SSH Access Proxy

Kubernetes Ingress is built to manage HTTP and HTTPS traffic, but it can be extended to handle SSH access when paired with the right proxy. An SSH access proxy inside an Ingress lets you route and secure terminal sessions the same way you route web traffic—through a single, centralized, policy-controlled gateway. This turns an Ingress into a point of enforcement for both HTTP routes and secure shell connections.

To set up an SSH access proxy using Kubernetes Ingress, first deploy an Ingress Controller that supports TCP routes, such as NGINX or HAProxy. Configure the controller for the SSH port, typically 22, and point the service to the target pods. Apply network policies to control which namespaces and pods are reachable, and use authentication methods—public key, certificate-based, or integrated with your existing identity provider—to restrict access.

Use annotations and ConfigMaps to fine-tune connection limits, health checks, and timeout values. Combine this with secrets management in Kubernetes to store private keys securely. Always run the proxy behind TLS termination to keep SSH wrapped in encrypted channels, even across internal hops. Since Ingress is managed by Kubernetes, scaling SSH access horizontally becomes trivial: add pods, update service endpoints, and your proxy handles the rest.

Monitoring is essential. Capture logs at the proxy and push them to a centralized system. Alert on failed SSH attempts and unusual access patterns. With Kubernetes Ingress as your SSH access proxy, you maintain control, visibility, and a single pane of traffic flow for your cluster.

You can deploy this pattern now without writing thousands of lines of code. See it live in minutes with hoop.dev and turn your Kubernetes Ingress into an SSH access proxy today.