Adding playit.gg Public Access to Your Factorio Server

Overview

Adding playit.gg tunnels to your Factorio server so friends can connect without installing Tailscale.


Tip:	Having trouble? See v0.11.1 for what your setup should look like after completing this article.

Before You Begin

Prerequisites

Factorio Kubernetes Server completed (core server running via Tailscale)

Why playit.gg

playit.gg¹ provides free tunnels for UDP-based game servers (Factorio uses UDP on port 34197)². Friends can connect without installing Tailscale - just give them the public address.


Note:	Free tier is limited to Minecraft Java, Terraria, and UDP-based tunnels. Factorio qualifies.

Create playit.gg Account

Go to playit.gg and create an account
Navigate to Agents → Add Agent
Copy the secret key (you'll need this for the Kubernetes secret)

Configure playit.gg

Secret

k8s/apps/factorio/secret.sops.yaml (before encryption):

---
apiVersion: v1
kind: Secret
metadata:
  name: playit-secret
  namespace: factorio
type: Opaque
stringData:
  secret-key: <your-secret-key>

Encrypt:

sops --encrypt --in-place k8s/apps/factorio/secret.sops.yaml

HelmRelease (Sidecar)

The Helm chart (v2.5.2) doesn't support additionalContainers, so we use HelmRelease postRenderers to inject the sidecar.

Add postRenderers to k8s/apps/factorio/helmrelease.yaml under the spec: section:

spec:
  # ... existing chart, install, upgrade, values sections ...
  postRenderers:
    - kustomize:
        patches:
          - target:
              kind: Deployment
              name: factorio-factorio-server-charts
            patch: |
              - op: add
                path: /spec/template/spec/containers/-
                value:
                  name: playit-agent
                  image: ghcr.io/playit-cloud/playit-agent:latest
                  env:
                    - name: SECRET_KEY
                      valueFrom:
                        secretKeyRef:
                          name: playit-secret
                          key: secret-key

Kustomization (Update)

Add the secret to k8s/apps/factorio/kustomization.yaml:

---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - namespace.yaml
  - pvc.yaml
  - secret.sops.yaml
  - helmrelease.yaml

Deploy playit.gg

Commit Changes

cd ~/homelab
git add k8s/apps/factorio/
git commit -m "feat(factorio): add playit.gg for public access"
git push

Reconcile Flux

flux reconcile source git flux-system && flux reconcile kustomization sync

Verify playit.gg

Agent Status

After the pod restarts with the sidecar (2/2 containers), verify the agent is connected:

kubectl get pods -n factorio
kubectl logs -n factorio -l app=factorio-factorio-server-charts -c playit-agent

You should see "tunnel running" - the agent authenticates automatically using the SECRET_KEY (no claim URL needed).

Tunnel Configuration

Go to your agent page in playit.gg (same page where you got the secret key)
Add new tunnel:
- Protocol: UDP
- Local Address: 127.0.0.1
- Local Port: 31497 (internal container port, not 34197)
Save and note your public address (format: xx.ip.gl.ply.gg:xxxxx)


Note:	The sidecar connects via localhost, bypassing the Service. Factorio listens on 31497 internally; the Service maps external 34197→31497.

Public Access

Give friends your playit.gg address. They connect directly in Factorio - no Tailscale needed.

Next Steps

For importing existing world saves into your server:

See: Factorio Import Existing Save

Resources

playit.gg, "playit-agent Docker," github.com. Accessed: Dec. 22, 2025. [Online]. Available: https://github.com/playit-cloud/playit-agent ↩
Wube Software, "Factorio Dedicated Server," wiki.factorio.com. Accessed: Dec. 22, 2025. [Online]. Available: https://wiki.factorio.com/Multiplayer ↩