Gateway
The Gateway lets you expose services running inside your connected Kubernetes clusters to the public internet through SRExpert’s secure tunnel — without setting up a VPN, opening firewall ports, or changing your network configuration.
Instead of provisioning external load balancers or ingress controllers, you point the Gateway at an in-cluster target and SRExpert publishes it on a public URL under *.gateway.srexpert.io. Traffic is carried over the existing SRExpert tunnel from your cluster, so there are no inbound firewall rules to manage.
Routes
A Route is a single mapping from a public URL to an in-cluster service target. Once a route is active, anyone (or any system) with the public URL can reach the service it points to, without needing access to your cluster network.
Find Routes under Gateway → Routes (/gateway/routes).
Public URL pattern
Each route is published under a subdomain of the Gateway domain:
https://<your-route>.gateway.srexpert.ioThis means no VPN client and no firewall rules are required to reach the service — the public URL is served through the SRExpert tunnel.
Creating a route
- Open Gateway → Routes.
- Click New Route.
- Choose the cluster the service runs in.
- Select the in-cluster target (the service to expose).
- Save. SRExpert provisions a public URL under
*.gateway.srexpert.ioand begins routing traffic to your target.
Routes table
The Routes list shows all configured routes with the following columns:
| Column | Description |
|---|---|
| Name | The route identifier. |
| Public URL | The internet-facing address (<route>.gateway.srexpert.io) where the service is published. |
| Cluster | The connected cluster that hosts the target service. |
| Target | The in-cluster service the route forwards traffic to. |
| Status | Current state of the route (e.g. active / pending). |
| Actions | Manage the route — edit or remove it. |
Coming soon
The following Gateway capabilities are planned for V2 and are not yet available.
These features are listed in the product as Coming soon — V2. The descriptions below outline the intended behavior and may change before release.
Consumers — coming soon
Consumers will identify the callers of your routes — API keys, OAuth clients, or internal users. Planned capabilities:
- Issue and rotate API keys per consumer.
- Attach plugins (such as rate limiting or logging) per consumer.
- Track per-consumer usage of your routes.
Plugins — coming soon
Plugins will let you apply traffic policies on a per-route basis. Planned capabilities:
- A/B testing and canary releases via weighted routing.
- Rewrite, add, or strip headers on requests and responses.
- Enforce CORS, JWT, and rate limits per route.
Vaults — coming soon
Vaults will provide secret stores that plugins and consumers can reference. Planned capabilities:
- A managed vault with envelope encryption (AES-256-GCM with a per-tenant KEK).
- Reference secrets inline using the
${vault://secret-name}syntax. - (Enterprise) Back the vault with an external HashiCorp Vault.