Networking
Explanation 5
- Updated 2026-05-15
Tailscale
Overview Tailscale is a modern mesh VPN solution built on WireGuard that Skyscrapers uses to provide secure access to customer Kubernetes clusters and AWS VPCs. While Tailscale is often positioned as a mesh VPN with peer-to-peer connections, Skyscrapers …
- Updated 2026-05-12
Dynamic, whitelabel-style Ingress to your application
If your application allows for end-customers to use their custom domain, we’ve offered Caddy to provide on-demand SSL certificates for a while. However with our Kubernetes reference solution there is a more native and scalable solution through the …
- Updated 2026-05-12
Network Policies
We enable support Kubernetes NetworkPolicies on all clusters. Introduction This documentation provides detailed instructions on how to manage and deploy Kubernetes Network Policies using Helm. Kubernetes Network Policies are used to control the traffic …
- Updated 2026-05-12
Service Mesh
Istio We use Istio as service mesh. We offer this as an optional feature, so let us know if you want to enable it. You can check if Istio is installed in your cluster with the following command: kubectl get pods -n istio-system We also deploy Kiali, …
- Updated 2026-05-12
VPC CNI
Network Policies VPC CNI VPC CNI Overview The VPC CNI (Container Network Interface) plugin is the default networking plugin for Amazon EKS clusters. The CNI plugin allows Kubernetes Pods to have the same IP address as they do on the VPC network. More …
How-to guides 7
- Updated 2026-05-28
Wireguard VPN
Introduction This page describes how to use the Wireguard VPN add-on to securely connect to your Kubernetes cluster and AWS VPC. While we recommend using Tailscale as full-fledged solution, we also provide Wireguard as a simple, cheaper and self-managed …
- Updated 2026-05-15
Tailscale Setup
Overview This guide explains how to set up Tailscale integration with Skyscrapers-managed EKS clusters. Tailscale provides secure VPN connectivity to your Kubernetes clusters, enabling private network access to cluster resources and advertised routes. The …
- Updated 2026-05-12
AWS Load Balancer Controller
Introduction This page describes how to use the AWS Load Balancer Controller as Ingress Controller in your Kubernetes cluster. The ALB controller provisions AWS Application Load Balancers for your Kubernetes Ingress resources. Pre-requisites First …
- Updated 2026-05-12
Cert-Manager
Let’s Encrypt certificates SSL certificates can be automatically fetched and setup for applications deployed on the Kubernetes cluster via cert-manager. We deploy a letsencrypt-prod ClusterIssuer by default, which uses dns01 validation via Route 53. …
- Updated 2026-05-12
OpenVPN
Note The OpenVPN component in the SKsycrapers platform is considered deprecated and will be removed during the course of 2025. We recommend using Tailscale or Wireguard instead for secure VPN connectivity to your environment: Refer to our Tailscale setup …
- Updated 2026-05-12
Tailscale ACL File
Structure The policy file uses HuJSON format (JSON with comments) and includes several key sections: 1. Groups Define groups of users for easier access management: { "groups": { "group:devops": [ "alice@example.com", …
Reference 1
- Updated 2026-05-12
Tailscale Deployment
Add under spec.tailscale in the cluster definition: spec: tailscale: enabled: true oauth_client_id: your-oauth-client-id oauth_client_secret_payload: kms-encrypted-secret replicas: 2 extra_routes: - "192.168.248.0/24" cpu_requests: "100m" …