Skip to main content

Advanced Deployments

This page covers more advanced deployment options for the operator. It is recommended that you start with the deployment guide and use this page if have more advanced use cases. If you are unable to find a solution in either page, we recommend submitting an issue.

White Label Agent Ingress

If you're running the ngrok Kubernetes Operator behind a corporate firewall, you may encounter connectivity issues due to the agent or controller not being able to communicate with the ngrok network edge. If you're facing such issues, you can run the ngrok cli command, which is documented here to diagnose the problem.

However, if opening connectivity is not an option, you can set up a custom ingress domain on your dashboard. This way, you can configure the operator to use the custom domain instead of the default ngrok.app domain.

To get started with this, go to your dashboard and create a custom ingress domain. Once created, you can configure the operator by using the following command:

helm install ngrok-operator ngrok/ngrok-operator \
--create-namespace \
--set serverAddr="ngrok.mydomain.com:443" \
--set clusterName=my-k8s-cluster \
--set credentials.apiKey=$NGROK_API_KEY \
--set credentials.authtoken=$NGROK_AUTHTOKEN

Multiple Operator Installations

note

This capability only applies to the Operator

The Ngrok Kubernetes Operator supports the Kubernetes concept of Ingress Classes which allows you to run multiple Operators in the same cluster. This feature is useful if you want to run multiple versions of the Ngrok Kubernetes Operator or other Operators in the same cluster.

What is Ingress Class Filtering?

Operators work by watching Kubernetes Ingress resources for changes and reconciling them to provide ingress to services. When multiple Operators are installed in the same cluster, they can both try to reconcile all ingress objects by default, which can cause conflicts and unexpected behavior. To address this issue, Ingress Classes can be set on ingress objects and controllers can filter ingresses to only those that match their ingress class.

By default, the Ngrok Kubernetes Operator creates a non-default ingress class with the name ngrok, which the controller watches for changes. In order for the controller to reconcile an ingress, the ingress must have the same ingress class as the controller.

spec:
...
ingressClassName: ngrok
rules:
...

You can override this name via the helm value ingressClass.name, or if there aren't other Operators in the cluster, you can set it to default to be true and not have to add the ingressClass to the ingress objects' specs.

Multiple ngrok Kubernetes Operator Installations

While it's possible to install multiple versions of the controller right now, they can't watch separate ingress classes yet which would cause them to conflict. https://github.com/ngrok/ngrok-operator/issues/87 tracks this work.

Watching Specific Namespaces

By default, the Operator watches all namespaces. It's a common use case to need a controller to watch only a specific namespace in the case where you may run a controller in a namespace for each team or environment. In order to watch only a specific namespace for ingress objects, you can set the helm value watchNamespace to the namespace you want to watch.