Skip to main content

Kubernetes Gateway API

Overview

The ngrok Kubernetes Operator allows access to Kubernetes Services using the new Gateway API. This implementation includes CRDs for a Gateway as well as HTTPRoute. Additional routes, such as TLSRoute and TCPRoute will be added at a later date when they move from experimental to stable.

Install

Installing the ngrok Kubernetes Operator is easy using Helm.

Add the ngrok Kubernetes Operator repo to Helm:

helm repo add ngrok https://charts.ngrok.com

Add the latest Gateway API CRDs to your cluster:

kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml

Install the ngrok Kubernetes Operator:

export NAMESPACE=[YOUR_K8S_NAMESPACE]
export NGROK_AUTHTOKEN=[AUTHTOKEN]
export NGROK_API_KEY=[API_KEY]

helm install ngrok-operator ngrok/ngrok-operator \
--namespace $NAMESPACE \
--create-namespace \
--set credentials.apiKey=$NGROK_API_KEY \
--set credentials.authtoken=$NGROK_AUTHTOKEN \
--set clusterName=my-k8s-cluster \
--set ingress.enabled=true \
--set gateway.enabled=true

Install the GatewayClass object:

apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: ngrok
spec:
controllerName: ngrok.com/gateway-controller

Create An Edge With A Domain

This would create an Edge with the Domain example.ngrok.app that routes traffic to the Kubernetes service example-service running on port 80.

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: example-gateway
namespace: default
spec:
gatewayClassName: ngrok
listeners:
- name: example-web
hostname: "example.ngrok.app"
port: 443
protocol: HTTPS
tls:
mode: Terminate
certificateRefs:
- name: ngrokcert #ngrok will generate the cert so this cert does not be defined and will be ignored if defined
allowedRoutes:
kinds:
- kind: HTTPRoute
namespaces:
from: Selector
selector:
matchLabels:
expose-apps: "true"

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: my-route
namespace: ngrok-gateway
spec:
parentRefs:
- kind: Gateway
name: example-gateway
namespace: default
hostnames:
- "example.ngrok.app"
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: example-service
kind: Service
port: 80

Route Traffic Based On A Path

This would create an Edge with the Domain example.ngrok.app that routes traffic from example.ngrok.app/foo to the Kubernetes service example-service running on port 80.

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: my-route
namespace: default
spec:
parentRefs:
- kind: Gateway
name: example-gateway
namespace: default
hostnames:
- "example.ngrok.app"
rules:
- matches:
- path:
type: PathPrefix
value: /foo
backendRefs:
- name: example-service
kind: Service
port: 80

Modify Headers

This would modify request headers by removing the x-request-id header, adding an additional one and setting another header to a specific value.

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: example-route
namespace: ngrok-gateway
spec:
rules:
- backendRefs:
- name: game-2048
port: 80
kind: Service
filters:
- type: RequestHeaderModifier
requestHeaderModifier:
remove: ["x-request-id"]
add:
- name: my-request-header-name
value: my-header-value
set:
- name: my-request-header-to-set
value: set-header-value

Redirect Traffic

This would redirect a request from "example.ngrok.app" to "example.ngrok.app/paprika"

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: redirect-route
namespace: ngrok-gateway

spec:
parentRefs:
- name: ngrok-gateway
hostnames:
- "example.ngrok.app"
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
hostname: "example.ngrok.app"
statusCode: 301
path:
type: ReplacePrefixMatch
replacePrefixMatch: /paprika
matches:
- path:
type: PathPrefix
value: /

Pricing

The ngrok Kubernetes Operator is available to all ngrok users at no additional charge. You only incur costs if the resources provisioned by your usage of the ngrok Kubernetes Operator, such as endpoints or traffic policies, incur a cost. More information can be found on the pricing page