Skip to main content


The Signadot platform consists of two high-level components - a control plane that is hosted by Signadot, and a Kubernetes Operator that installs into your Kubernetes cluster.

Connecting Clusters to Signadot

When you install the Signadot Operator in your cluster, it establishes a persistent secure tunnel to the hosted control plane. You can connect multiple Kubernetes clusters by installing the operator into each of them.


Creating Sandboxes

You use the CLI, SDK or API to create and manage Sandboxes. The Signadot Control Plane communicates with the Signadot Operator to create Sandboxes in the specified cluster.

Accessing Sandboxes

Sandbox URLs are created and hosted by Signadot to access services running in Sandboxes. Requests made to these URLs are routed to your cluster via the secure tunnel established by the Operator. These Sandbox URLs offer several benefits over traditional methods of accessing services within Kubernetes:

  • These URLs automatically add the headers used to dynamically route requests to services in Sandboxes as described in Dynamic Routing.
  • It enables access to internal services without exposing any ports to the internet or requiring new ingress / egress rules.
  • As an identity-aware proxy, it allows authenticated access to your sandboxed workloads securely without a VPN or port-forwarding.
  • Sandboxes are immediately accessible as soon as they're created, without having to configure any new infrastructure such as DNS, TLS certificates, or Load Balancers.