Bring Zero Trust to Your Existing Workflows with the Twingate Kubernetes Operator
Eran Kampf
•
Jun 24, 2025
At Twingate, we believe security tooling should enhance—not hinder—developer productivity. That's why we built the Twingate Kubernetes Operator to work exactly how engineering teams already operate: with familiar manifests, GitOps practices, and automated deployments. Today we're excited to announce that the Twingate Kubernetes Operator is now generally available!
The Twingate Operator makes it easy for engineering teams to implement zero trust security principles directly within their Kubernetes workflows.
Why Operators Make Everything Better
Kubernetes operators extend the platform's native capabilities by automating complex operational tasks using the same declarative patterns you already know. Instead of requiring separate tools or manual processes, operators let you manage sophisticated functionality through familiar Kubernetes manifests and GitOps workflows.
The Twingate Kubernetes Operator brings this automation to network security, allowing you to configure secure access to your services as part of your existing deployment processes, no separate tools or workflows required.
This is especially important given the popularity and continued growth of Kubernetes. It’s become the backbone of modern infrastructure, powering everything from microservices architectures to AI workloads. As organizations increasingly rely on Kubernetes for critical applications, the need for seamless, secure access management becomes paramount.
We’re heavy Kubernetes users ourselves here at Twingate. We initially built the Twingate Operator for ourselves with the thinking that if our own engineering team found it valuable, others would too. By solving our own problems first, we ensured that the Twingate Operator was not just theoretically useful but battle-tested in real-world engineering workflows from day one.
What the Twingate Kubernetes Operator Does
The operator integrates directly with your Kubernetes environment to automate three key areas:
1. Automated Connector Deployment
Deploy and manage Twingate Connectors using familiar Kubernetes manifests. The operator handles the entire lifecycle—from initial provisioning to automatic updates—ensuring your network access infrastructure stays current without manual intervention.
apiVersion: twingate.com/v1beta1
kind: TwingateConnector
metadata:
name: my-connector
spec:
imagePolicy:
schedule: "0 2 * * 0" # Auto-update Sundays at 2 AM2. Declarative Resource Management
Define network resources using Kubernetes-native objects or simple service annotations. Whether you prefer explicit resource definitions or want to automatically expose existing services, the Twingate Operator adapts to your workflow.
# Option 1: Dedicated resource object
apiVersion: twingate.com/v1beta1
kind: TwingateResource
metadata:
name: my-api-service
spec:
name: "Internal API"
address: "my-api-service.default.svc.cluster.local"
alias: "my-api-service.int"
# Option 2: Service annotation
apiVersion: v1
kind: Service
metadata:
name: my-api-service
annotations:
resource.twingate.com/enabled: "true"
spec:
selector:
app.kubernetes.io/name: MyAPI
ports:
- protocol: TCP
port: 80
targetPort: 93763. Programmatic Access Control
Configure who can access what using Kubernetes objects, enabling GitOps-style access management that integrates seamlessly with your existing CI/CD pipelines.
apiVersion: twingate.com/v1beta1
kind: TwingateResourceAccess
metadata:
name: api-access
spec:
resourceRef:
name: my-api-service
groups
Engineering-First Security
At Twingate, we believe security tooling should enhance, not hinder, developer productivity. The Twingate Kubernetes Operator embodies this philosophy by:
Integrating with existing workflows: No need to learn new tools or switch contexts
Supporting GitOps practices: All configuration lives in version control alongside your application code
Enabling automation: Resources and access policies deploy automatically with your applications
Maintaining zero trust principles: Services remain hidden from the internet while being accessible to authorized users
Getting Started
The Twingate Kubernetes Operator is available now on GitHub and can be deployed using Helm or standard Kubernetes manifests.
Quick start:
Install the operator in your cluster using our Helm chart
Deploy a connector by applying a TwingateConnector manifest
Expose services by adding annotations to existing services or creating TwingateResource objects
Configure access using TwingateResourceAccess objects
What's Next
While the Twingate Operator delivers immediate value for network-level access control, it also serves as the foundation for more advanced capabilities we're developing. By adopting the operator now, you'll be positioned to take advantage of enhanced features as they become available.
We're actively working on additional capabilities that will extend zero trust principles deeper into cluster operations, providing even more comprehensive security and observability.
We're excited to see how teams use the Twingate Operator to streamline their security workflows. As always, we'd love to hear about your experience and any feedback you have as you integrate it into your environments.
Ready to get started? Check out our Kubernetes Operator documentation or join our community discussions on GitHub.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
Bring Zero Trust to Your Existing Workflows with the Twingate Kubernetes Operator
Eran Kampf
•
Jun 24, 2025
At Twingate, we believe security tooling should enhance—not hinder—developer productivity. That's why we built the Twingate Kubernetes Operator to work exactly how engineering teams already operate: with familiar manifests, GitOps practices, and automated deployments. Today we're excited to announce that the Twingate Kubernetes Operator is now generally available!
The Twingate Operator makes it easy for engineering teams to implement zero trust security principles directly within their Kubernetes workflows.
Why Operators Make Everything Better
Kubernetes operators extend the platform's native capabilities by automating complex operational tasks using the same declarative patterns you already know. Instead of requiring separate tools or manual processes, operators let you manage sophisticated functionality through familiar Kubernetes manifests and GitOps workflows.
The Twingate Kubernetes Operator brings this automation to network security, allowing you to configure secure access to your services as part of your existing deployment processes, no separate tools or workflows required.
This is especially important given the popularity and continued growth of Kubernetes. It’s become the backbone of modern infrastructure, powering everything from microservices architectures to AI workloads. As organizations increasingly rely on Kubernetes for critical applications, the need for seamless, secure access management becomes paramount.
We’re heavy Kubernetes users ourselves here at Twingate. We initially built the Twingate Operator for ourselves with the thinking that if our own engineering team found it valuable, others would too. By solving our own problems first, we ensured that the Twingate Operator was not just theoretically useful but battle-tested in real-world engineering workflows from day one.
What the Twingate Kubernetes Operator Does
The operator integrates directly with your Kubernetes environment to automate three key areas:
1. Automated Connector Deployment
Deploy and manage Twingate Connectors using familiar Kubernetes manifests. The operator handles the entire lifecycle—from initial provisioning to automatic updates—ensuring your network access infrastructure stays current without manual intervention.
apiVersion: twingate.com/v1beta1
kind: TwingateConnector
metadata:
name: my-connector
spec:
imagePolicy:
schedule: "0 2 * * 0" # Auto-update Sundays at 2 AM2. Declarative Resource Management
Define network resources using Kubernetes-native objects or simple service annotations. Whether you prefer explicit resource definitions or want to automatically expose existing services, the Twingate Operator adapts to your workflow.
# Option 1: Dedicated resource object
apiVersion: twingate.com/v1beta1
kind: TwingateResource
metadata:
name: my-api-service
spec:
name: "Internal API"
address: "my-api-service.default.svc.cluster.local"
alias: "my-api-service.int"
# Option 2: Service annotation
apiVersion: v1
kind: Service
metadata:
name: my-api-service
annotations:
resource.twingate.com/enabled: "true"
spec:
selector:
app.kubernetes.io/name: MyAPI
ports:
- protocol: TCP
port: 80
targetPort: 93763. Programmatic Access Control
Configure who can access what using Kubernetes objects, enabling GitOps-style access management that integrates seamlessly with your existing CI/CD pipelines.
apiVersion: twingate.com/v1beta1
kind: TwingateResourceAccess
metadata:
name: api-access
spec:
resourceRef:
name: my-api-service
groups
Engineering-First Security
At Twingate, we believe security tooling should enhance, not hinder, developer productivity. The Twingate Kubernetes Operator embodies this philosophy by:
Integrating with existing workflows: No need to learn new tools or switch contexts
Supporting GitOps practices: All configuration lives in version control alongside your application code
Enabling automation: Resources and access policies deploy automatically with your applications
Maintaining zero trust principles: Services remain hidden from the internet while being accessible to authorized users
Getting Started
The Twingate Kubernetes Operator is available now on GitHub and can be deployed using Helm or standard Kubernetes manifests.
Quick start:
Install the operator in your cluster using our Helm chart
Deploy a connector by applying a TwingateConnector manifest
Expose services by adding annotations to existing services or creating TwingateResource objects
Configure access using TwingateResourceAccess objects
What's Next
While the Twingate Operator delivers immediate value for network-level access control, it also serves as the foundation for more advanced capabilities we're developing. By adopting the operator now, you'll be positioned to take advantage of enhanced features as they become available.
We're actively working on additional capabilities that will extend zero trust principles deeper into cluster operations, providing even more comprehensive security and observability.
We're excited to see how teams use the Twingate Operator to streamline their security workflows. As always, we'd love to hear about your experience and any feedback you have as you integrate it into your environments.
Ready to get started? Check out our Kubernetes Operator documentation or join our community discussions on GitHub.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
Bring Zero Trust to Your Existing Workflows with the Twingate Kubernetes Operator
Eran Kampf
•
Jun 24, 2025
At Twingate, we believe security tooling should enhance—not hinder—developer productivity. That's why we built the Twingate Kubernetes Operator to work exactly how engineering teams already operate: with familiar manifests, GitOps practices, and automated deployments. Today we're excited to announce that the Twingate Kubernetes Operator is now generally available!
The Twingate Operator makes it easy for engineering teams to implement zero trust security principles directly within their Kubernetes workflows.
Why Operators Make Everything Better
Kubernetes operators extend the platform's native capabilities by automating complex operational tasks using the same declarative patterns you already know. Instead of requiring separate tools or manual processes, operators let you manage sophisticated functionality through familiar Kubernetes manifests and GitOps workflows.
The Twingate Kubernetes Operator brings this automation to network security, allowing you to configure secure access to your services as part of your existing deployment processes, no separate tools or workflows required.
This is especially important given the popularity and continued growth of Kubernetes. It’s become the backbone of modern infrastructure, powering everything from microservices architectures to AI workloads. As organizations increasingly rely on Kubernetes for critical applications, the need for seamless, secure access management becomes paramount.
We’re heavy Kubernetes users ourselves here at Twingate. We initially built the Twingate Operator for ourselves with the thinking that if our own engineering team found it valuable, others would too. By solving our own problems first, we ensured that the Twingate Operator was not just theoretically useful but battle-tested in real-world engineering workflows from day one.
What the Twingate Kubernetes Operator Does
The operator integrates directly with your Kubernetes environment to automate three key areas:
1. Automated Connector Deployment
Deploy and manage Twingate Connectors using familiar Kubernetes manifests. The operator handles the entire lifecycle—from initial provisioning to automatic updates—ensuring your network access infrastructure stays current without manual intervention.
apiVersion: twingate.com/v1beta1
kind: TwingateConnector
metadata:
name: my-connector
spec:
imagePolicy:
schedule: "0 2 * * 0" # Auto-update Sundays at 2 AM2. Declarative Resource Management
Define network resources using Kubernetes-native objects or simple service annotations. Whether you prefer explicit resource definitions or want to automatically expose existing services, the Twingate Operator adapts to your workflow.
# Option 1: Dedicated resource object
apiVersion: twingate.com/v1beta1
kind: TwingateResource
metadata:
name: my-api-service
spec:
name: "Internal API"
address: "my-api-service.default.svc.cluster.local"
alias: "my-api-service.int"
# Option 2: Service annotation
apiVersion: v1
kind: Service
metadata:
name: my-api-service
annotations:
resource.twingate.com/enabled: "true"
spec:
selector:
app.kubernetes.io/name: MyAPI
ports:
- protocol: TCP
port: 80
targetPort: 93763. Programmatic Access Control
Configure who can access what using Kubernetes objects, enabling GitOps-style access management that integrates seamlessly with your existing CI/CD pipelines.
apiVersion: twingate.com/v1beta1
kind: TwingateResourceAccess
metadata:
name: api-access
spec:
resourceRef:
name: my-api-service
groups
Engineering-First Security
At Twingate, we believe security tooling should enhance, not hinder, developer productivity. The Twingate Kubernetes Operator embodies this philosophy by:
Integrating with existing workflows: No need to learn new tools or switch contexts
Supporting GitOps practices: All configuration lives in version control alongside your application code
Enabling automation: Resources and access policies deploy automatically with your applications
Maintaining zero trust principles: Services remain hidden from the internet while being accessible to authorized users
Getting Started
The Twingate Kubernetes Operator is available now on GitHub and can be deployed using Helm or standard Kubernetes manifests.
Quick start:
Install the operator in your cluster using our Helm chart
Deploy a connector by applying a TwingateConnector manifest
Expose services by adding annotations to existing services or creating TwingateResource objects
Configure access using TwingateResourceAccess objects
What's Next
While the Twingate Operator delivers immediate value for network-level access control, it also serves as the foundation for more advanced capabilities we're developing. By adopting the operator now, you'll be positioned to take advantage of enhanced features as they become available.
We're actively working on additional capabilities that will extend zero trust principles deeper into cluster operations, providing even more comprehensive security and observability.
We're excited to see how teams use the Twingate Operator to streamline their security workflows. As always, we'd love to hear about your experience and any feedback you have as you integrate it into your environments.
Ready to get started? Check out our Kubernetes Operator documentation or join our community discussions on GitHub.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions