ctf-gateway is a Kubernetes operator designed to establish secure connections to Capture The Flag (CTF) challenge instances.
When you are conducting a CTF event, you want to provision individual instances for each challenge for participants. You also don't want to make those instances available to the public on the internet, because often times challenges are using vulnerable software which you don't want non-participants to exploit.
To solve this, the ctf-gateway provides a client component which is meant to be executed on the machine of the participant, and a server component in the form of a Kubernetes operator which is running on the CTF infrastructure. When a challenge instance is provisioned for a participant, it is exposed through the ctf-gateway. The participant runs the ctf-gateway client locally on his machine with a configuration for authentication and details about which instance to connect to. The ctf-gateway client then creates a connection to the server component, sends a JSON document with all details as a header and then switches into proxy mode and simply forwards all network traffic between client, server and instance. That way, the participant always interacts with the challenge instance through his localhost without any restriction in regard to the network protocol. HTTP, SSH, netcat or any other protocol is supported that way.
NOTE: This project is currently in early development and is not yet in a state to be actually used in a CTF event or even in a proof-of-concept situation.