Introducing the ngrok Kubernetes Operator

We're excited to announce the general availability of the ngrok Kubernetes Operator. The new operator brings the power and ease of use developers love about ngrok to production Kubernetes workloads.

The ngrok Kubernetes Operator adds secure internet access to Kubernetes workloads by offloading network ingress and middleware execution to ngrok's global points of presence. Think of it as a Kubernetes-native API to ngrok's ingress as a service platform. This unique architecture confers significant benefits over other controllers:

• Zero Networking Configuration: Set the authentication keys to your ngrok account and you're done. Operators do not need to configure networking details like ELBs, IPs, network interfaces or VPC routing.
• Environment Independence: Runs identically in EKS, GKE, k3s on your laptop, OpenShift in your own datacenter or Minikube on your Raspberry Pi.‍
• Security and Resiliency: Because the operator pushes authentication and policy to ngrok's global edge, attacks and other unwanted traffic never reach your origin network.
• Acceleration: Your application traffic is accelerated because ngrok's middleware executes on ngrok's global network closer to your customers.

The ngrok Kubernetes Operator is open source on GitHub and getting started is as simple as a <code>helm install</code>. Because we're so excited about sharing it with the world, we've expanded ngrok's free tier to include its usage.

Try it out

• Quickstart Guide: A detailed, step-by-step version of the guide below.
• Documentation: Detailed usage, operational and configuration documentation.‍
• Open Source Repo: Star the repository on GitHub to follow along!

‍

To kick the tires on the ngrok Kubernetes Operator, we're going to create ingress for the popular 2048 game packaged by the <code>alexwhen/docker-2048</code> container. In our example, we use the <code>$NGROK_SUBDOMAIN</code> environment variable to set a URL for ingress access across ngrok's global points of presence:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
 name: game-2048
spec:
 ingressClassName: ngrok
 rules:
   - host: ${NGROK_SUBDOMAIN}.ngrok.io
     http:
       paths:
         - path: /
           pathType: Prefix
           backend:
             service:
               name: game-2048
               port:
                 number: 80

To use our sample, simply install the ngrok helm chart and your ngrok authtoken and API key, set the subdomain of your choice and apply the deployment manifest:

# 1 Add ngrok repo
helm repo add ngrok https://charts.ngrok.com


# 2 install the ngrok Kubernetes Operator
export NGROK_API_KEY=[YOUR Secret API KEY]
export NGROK_AUTHTOKEN=[YOUR Secret Auth Token]


helm install ngrok-operator ngrok/ngrok-operator \
   --set credentials.apiKey=$NGROK_API_KEY \
   --set credentials.authtoken=$NGROK_AUTHTOKEN


# 3 choose a subdomain
export NGROK_SUBDOMAIN="[A SUBDOMAIN OF YOUR CHOICE]"


# 4 apply our sample manifest
wget https://raw.githubusercontent.com/ngrok/kubernetes-ingress-controller/main/docs/examples/hello-world/manifests.yaml -O - | envsubst | kubectl apply -f -

The 2048 game is now available on the internet at the domain you configured in the manifest, no other configuration is necessary.

How the ngrok Kubernetes Operator works

How did we create ingress from the internet to your Kubernetes cluster without configuring IPs, DNS, TLS certificates, or networking policies? When you install the ngrok Kubernetes Operator, it's pods create persistent TLS connections to ngrok's global service. As Ingress objects are created in the Kubernetes cluster, the controller transmits to ngrok's global service with their associated configuration (e.g. domain name, IP restrictions, and authentication). ngrok's ingress as a service platform then reconfigures our global points of presence to receive traffic on behalf of your cluster.

After your ingress is configured on our global network, ngrok receives HTTP requests at the closest region to the requester and enforces the middleware policies defined by your application. Unauthorized requests are blocked at the edge and only valid requests are transmitted to your cluster via the persistent TLS connections:

Design of the ngrok Kubernetes Operator

We designed the ngrok Kubernetes Operator with the goal of integrating seamlessly into the Kubernetes ecosystem. We validated the design through iteration from community feedback as well as dogfooding it for our own production usage.

• CRD Configuration: ngrok's operator defines a simple set of CRDs that you can use to configure its ingress objects so that developers don't need to rely on strongly-typed annotations.
• High Availability: ngrok's operator load balances traffic through multiple redundant pods. Services do not go offline when a pod fails or the controller is redeployed.‍
• Customizable Helm Packaging: Following the best practices of the ecosystem, ngrok is packaged as a native helm chart with template variables that make it easy for operations teams to customize its operation to the clusters it runs in.
• Native Observability: The ngrok operator is simply a Kubernetes-native way to use ngrok's ingress as a service platform. That means all of the other benefits you get from the ngrok platform like native logging integrations to AWS services and API access to query your online endpoints across multiple clusters are automatically available with its use.
• Dogfood Battle Tested: At ngrok, we already dogfood the operator for our own production endpoints so that you can deploy it with the confidence that its ready to handle your own production workloads.

Get started

• Quickstart Guide: Follow the ngrok Kubernetes Operator get started guide for a quick way to try it out yourself.
• Documentation: Detailed docs on usage and operation are available in the ngrok Kubernetes Operator documentation.‍
• Open Source on GitHub: The ngrok Kubernetes Operator is open source on Github. Star the repository to follow along!

‍