bbyoc anywhere
II
commandment II

Connectivity Without Exposure

Every connection between the planes starts inside the customer account, and when the customer requires it, control traffic never touches the public internet at all.

 one agent, three postures, zero inbound
CONTROL PLANECUSTOMER ACCOUNTtunnel terminusmTLS · TLS 1.3identity in cert CNagentdials outk8s apinever publicno inbound portsworks behind NAT1 · public TLS to named endpoints onlyVPCE2 · private endpoints: cloud-backbone routing,end-to-end TLS via SNI, off the internetinstaller artifactimages embedded3 · air-gapped: nothing connects at allinbound: none. no bastion, no allowlisted vendor IPs

Initiate every connection from inside the customer account, outward. The in-account agent opens persistent channels to your control plane using security best practices like mTLS, PrivateLink / Private Service Connect, etc. Commands, reconciliation, and interactive cluster access all flow back through those agent-initiated tunnels. Your control plane terminates these connections and never dials in on its own. The customer account carries zero inbound exposure: no public Kubernetes API server, no bastion host, no request to allowlist your IP range. Because the tunnel is the only path into the environment, treat its health as a first-class signal: Your watcher needs a watcher.

Zero trust connectivity is a spectrum the customer chooses, with identical trust properties at every point. At the baseline, the agent egresses over TLS to a small set of named, enumerable endpoints. Keep that list short enough for a firewall team to review and pin, and publish it as a stable contract. One step stricter, move the entire control path onto private connectivity such as AWS PrivateLink: the agent connects to a VPC endpoint inside the customer's own VPC, and traffic rides the cloud provider's backbone to your control plane's endpoint service. Control traffic never crosses the public internet. Engineer the private path to preserve end-to-end verification.

At the far end of the spectrum sits on-premises and air-gapped operation. The same outbound-only agent runs on any Kubernetes distribution: EKS or OpenShift, k3s at the edge, bare metal. Where no connectivity is acceptable, fall back to self-contained installers for delivery (Commandment VI). The principle survives every variant: the customer account's inbound attack surface is empty, and its outbound surface is named, minimal, and chosen by the customer. Your control plane's job is the same at every point on the spectrum: terminate agent-initiated tunnels, publish stable endpoint identities, and hold no path into the customer network that the customer did not open from the inside.