Deployment Guide
This guide is meant as the starting point for configuring, deploying, and operating the controller component itself. It focuses on configurations and settings for the whole controller, and thus its corresponding ingress class, rather than individual ingress resources and their annotations.
Prerequisites
- A K8s cluster with kubectl access - We recommend using a recent version of K8s and will specify and test past versions as a part of this GitHub issue
- helm - 3.0.0 or later.
Installation
It is recommended to use helm to install the operator. Alternatively, the container is available on Docker Hub at ngrok/ngrok-operator
and can be run directly with hand crafted manifests.
- Kubernetes Operator
- Gateway API
Add the ngrok Kubernetes Operator repo to Helm:
helm repo add ngrok https://charts.ngrok.com
Install the ngrok Kubernetes Operator:
export NAMESPACE=[YOUR_K8S_NAMESPACE]
export NGROK_AUTHTOKEN=[AUTHTOKEN]
export NGROK_API_KEY=[API_KEY]
helm install ngrok-operator ngrok/ngrok-operator \
--namespace $NAMESPACE \
--create-namespace \
--set clusterName=my-k8s-cluster \
--set credentials.apiKey=$NGROK_API_KEY \
--set credentials.authtoken=$NGROK_AUTHTOKEN
Add the ngrok Kubernetes Operator repo to Helm:
helm repo add ngrok https://charts.ngrok.com
Add the latest Gateway API CRDs to your cluster:
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
Install the ngrok Kubernetes Operator:
export NAMESPACE=[YOUR_K8S_NAMESPACE]
export NGROK_AUTHTOKEN=[AUTHTOKEN]
export NGROK_API_KEY=[API_KEY]
helm install ngrok-operator ngrok/ngrok-operator \
--namespace $NAMESPACE \
--create-namespace \
--set credentials.apiKey=$NGROK_API_KEY \
--set credentials.authtoken=$NGROK_AUTHTOKEN \
--set clusterName=my-k8s-cluster \
--set ingress.enabled=true \
--set gateway.enabled=true
Install the GatewayClass object:
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: ngrok
spec:
controllerName: ngrok.com/gateway-controller
For a more robust infrastructure as code way of passing your credentials, see the credentials page.
Alternate options
- Kubernetes Operator
- Gateway API
For a quick install, you can also use the combined manifests directly from the repo and begin changing resources:
kubectl apply -n ngrok-operator -f https://raw.githubusercontent.com/ngrok/ngrok-operator/main/manifest-bundle.yaml
The above solution is the recommended way to set up the Gateway API
Credentials
In order to use the ngrok Kubernetes Operator, you will need an ngrok account. Once you have an account, you will need to log into the ngrok dashboard to gather the necessary credentials.
You will need two things from the dashboard:
These credentials will be created as a Kubernetes secret, which the controller will have access to. The auth token is used to create tunnels, and the API key is used to manage edges and other resources via the ngrok API.
Setup
While the quickstart guide shows you can pass the credential values directly via helm values, we do not recommend this for production scenarios. Instead, we recommend creating a Kubernetes secret and passing the secret name to the helm chart. This allows for easier infrastructure as code in a more secure manner.
Creating the Secret
To create the secret, follow these steps:
- Make sure the secret is in the same namespace as the ngrok Kubernetes Operator
- Use a well-formed name that can be passed to the helm chart
- Add two keys to the secret:
API_KEY
andAUTHTOKEN
Here is an example secret manifest:
apiVersion: v1
kind: Secret
metadata:
name: ngrok-operator-credentials
namespace: ngrok-operator
data:
API_KEY: "YOUR-API-KEY-BASE64"
AUTHTOKEN: "YOUR-AUTHTOKEN-BASE64"
Common Helm K8s Overrides
This section provides some common use cases and recommendations when using this helm chart in a production setting. The Helm chart offers a variety of overrides that are useful for many different use cases in Kubernetes. Below is a list of common recipes that you may find helpful. If your use case is not achievable with the existing set of values, please log an issue detailing your use case and the values you would like to see added. For a full list of values, see here.
Deployment Scaling
By default, the replica count is set to 1 via replicaCount
. We recommend overriding this to 2 or more to ensure high availability during roll-outs and failures, and to spread out the load.
Image Configuration
The default image tag is latest
, which is not recommended for production deployments. Instead, you should set the image.tag
value to a specific version of the controller. You can find available versions in the releases section. Additionally, you may choose to mirror the image to a private registry and set the image.repository
value to the private registry, along with any required pull secrets.
Applying Labels and Annotations
You may want to add specific labels or annotations to your resources, to help them be discovered and interact with other services like log scrapers or service meshes. You can set the commonLabels
and commonAnnotations
values for all resources created by the helm chart. Additionally, you can set annotations just on the pods themselves by setting the podAnnotations
value.
Adding Extra Volumes and Environment Variables
The helm chart also allows you to add extra volumes and environment variables to the operator, which is useful for mounting secrets or configmaps that contain credentials or other configuration values. This can be done by setting the extraVolumes
and extraEnv
values.
ngrok Region
ngrok runs globally distributed tunnel servers around the world to enable fast, low latency traffic to your applications. See ngrok's points of presence for more information on ngrok's regions.
Similar to the agent, if you do not explicitly pick a region via helm when installing the operator, the operator will attempt to pick the region with the least latency, which is usually the one geographically closest to your machine.
See the helm value region
to configure a specific region for the controller to use.
Metrics
This operator exposes prometheus metrics on the /metrics
endpoint. The metrics are exposed on the :8080
port and can be scraped by prometheus or other services using typical means.
This project is built using kube-builder, so out of the box it exposes the metrics listed here