Open source · Apache 2.0 · Free forever

One control plane
for clusters anywhere

kedge connects your distributed Kubernetes clusters and bare-metal servers through a single hub — no VPNs, no open firewall ports, no kubeconfig juggling. Agents dial outbound, so home labs, edge sites, and clusters behind NAT just work.

Star on GitHub → Quickstart

kedge ~

$ kubectl kedge login --hub-url https://console.faros.sh
✓ authenticated via OIDC

$ kubectl kedge edge create home-lab --type kubernetes
→ edge registered · token issued · join command ready

$ kubectl kedge edge join-command home-lab
# run on the target cluster, agent dials back

$ kubectl --kubeconfig <(kubectl kedge kubeconfig edge home-lab) get nodes
NAME       STATUS   ROLES           AGE   VERSION
edge-01    Ready    control-plane   12d   v1.30.0

$ kubectl kedge mcp url --name default
https://hub/.../mcp · ready for Claude · Cursor · agents

Architecture

Agents dial out. You log in.

The hub is the only thing with a public endpoint. Everything else stays behind its firewall — and still becomes reachable.

Your laptop kubectl · kedge · ssh

Hub

kedge hub

kcp · OIDC · MCP

Kubernetes edge

behind NAT

Bare metal / VM

SSH mode

Home lab · Raspberry Pi

no inbound rules

Features

Everything you need. Nothing you don't.

Reverse tunnel connectivity

Agents dial out to the hub — no inbound firewall rules, no port forwarding, no VPN. NAT and corporate firewalls are not a problem.

Native kubectl access

Proxy kubectl to any registered cluster through the hub. One kubeconfig, one auth flow, every cluster.

SSH server mode

Manage non-Kubernetes hosts — VMs, bare metal, Raspberry Pis — through the same hub. kubectl kedge ssh my-server.

MCP for AI agents

Expose all connected clusters as a single Model Context Protocol server. Claude, Cursor, and any MCP client can drive your fleet.

OIDC or static tokens

Plug in Dex, Auth0, Okta — anything OIDC. Or use a static token for home labs and dev environments. Per-user kcp workspaces enforce isolation.

CLI-first

Quickstart

Four commands to a live edge.

Install the CLI

Download a binary, install via krew, or go install.

$ kubectl krew install faros/kedge

Log in to the hub

Use the hosted hub at console.faros.sh to try it instantly, or self-host your own.

$ kubectl kedge login --hub-url https://console.faros.sh

Register an edge

Get a one-time join command. Run it on the cluster or host.

$ kubectl kedge edge create my-cluster --type kubernetes
$ kubectl kedge edge join-command my-cluster

Use it

Kubeconfig for kubectl, SSH for shells, MCP for AI agents.

$ kubectl kedge kubeconfig edge my-cluster > kc.yaml
$ kubectl kedge mcp url --name default

Apache 2.0 · No license keys · No telemetry

Free forever.
Open source by design.

kedge is fully open source. Self-host the hub anywhere — VPS, home server, behind a Cloudflare tunnel. No paywalled features, no upsell tiers, no usage limits. Fork it, audit it, ship it. The whole stack is yours.

Self-hosted

Run the hub on any device you control. One container, one binary, no SaaS dependency.

Unlimited edges

Connect as many clusters and servers as you want. No seat counts, no metering.

Audit the code

Every line on GitHub. Reproducible builds. PRs welcome.

github.com/faroshq/kedge Deploy with Helm

One control planefor clusters anywhere