Skip to main content

GitHub Webhooks to Private Kubernetes

Deliver GitHub webhook events to services running in private Kubernetes clusters — no inbound ports, no load balancer exposure.

How It Works

GitHub sends events to Zen Mesh over the public internet. Zen Mesh delivers them through an outbound-only Edge Plane connection to your Kubernetes cluster. Your services remain unreachable from the public internet.

Each delivery is tracked through the Flow → Attempt → Trace → Evidence chain. Every attempt carries a trace identifier and produces a cryptographic receipt. See How Zen Works for the full mental model.

Prerequisites

  • A Zen Mesh account with Edge Plane access
  • A private Kubernetes cluster with Helm 3 installed
  • A GitHub account with webhook configuration access

Setup

  1. Choose a runtime path — Kubernetes Edge Plane or Edge Lite
  2. Deploy the zen-agent on your cluster via Helm
  3. Configure a target (Targets API) pointing to your internal service
  4. Create a flow linking GitHub events to your target
  5. Set up the GitHub webhook in your repository settings

Full Guide

See GitHub Integration for the complete walkthrough, including event types, HMAC-SHA256 signature verification, and JSONPath transforms.