GitHub Webhooks to Private Kubernetes
Deliver GitHub webhook events to services running in private Kubernetes clusters — no inbound ports, no load balancer exposure.
How It Works
GitHub sends events to Zen Mesh over the public internet. Zen Mesh delivers them through an outbound-only Edge Plane connection to your Kubernetes cluster. Your services remain unreachable from the public internet.
Each delivery is tracked through the Flow → Attempt → Trace → Evidence chain. Every attempt carries a trace identifier and produces a cryptographic receipt. See How Zen Works for the full mental model.
Prerequisites
- A Zen Mesh account with Edge Plane access
- A private Kubernetes cluster with Helm 3 installed
- A GitHub account with webhook configuration access
Setup
- Choose a runtime path — Kubernetes Edge Plane or Edge Lite
- Deploy the zen-agent on your cluster via Helm
- Configure a target (Targets API) pointing to your internal service
- Create a flow linking GitHub events to your target
- Set up the GitHub webhook in your repository settings
Full Guide
See GitHub Integration for the complete walkthrough, including event types, HMAC-SHA256 signature verification, and JSONPath transforms.
Related
- How Zen Works — mental model
- Kubernetes Edge Plane — Helm deployment guide
- Delivery Modes — standard vs. outbound-only private delivery