Introducing the ngrok Ingress Controller for Kubernetes

June 26, 2023
min read
Alex Bezek

We're excited to announce the general availability of the ngrok Ingress Controller for Kubernetes. The new controller brings the power and ease of use developers love about ngrok to production Kubernetes workloads.

The ngrok Ingress Controller adds secure internet access to Kubernetes workloads by offloading network ingress and middleware execution to ngrok's global points of presence. Think of it as a Kubernetes-native API to ngrok's ingress as a service platform. This unique architecture confers significant benefits over other controllers:

  • Zero Networking Configuration: Set the authentication keys to your ngrok account and you're done. Operators do not need to configure networking details like ELBs, IPs, network interfaces or VPC routing.
  • Environment Independence: Runs identically in EKS, GKE, k3s on your laptop, OpenShift in your own datacenter or Minikube on your Raspberry Pi.
  • Security and Resiliency: Because the controller pushes authentication and policy to ngrok's global edge, attacks and other unwanted traffic never reach your origin network.
  • Acceleration: Your application traffic is accelerated because ngrok's middleware executes on ngrok's global network closer to your customers.

The ngrok Ingress Controller for Kubernetes is open source on GitHub and getting started is as simple as a <code>helm install</code>. Because we're so excited about sharing it with the world, we've expanded ngrok's free tier to include its usage.

Try it out

To kick the tires on the ngrok Ingress Controller, we're going to create ingress for the popular 2048 game packaged by the <code>alexwhen/docker-2048</code> container. In our example, we use the <code>$NGROK_SUBDOMAIN</code> environment variable to set a URL for ingress access across ngrok's global points of presence:

kind: Ingress
 name: game-2048
 ingressClassName: ngrok
   - host: ${NGROK_SUBDOMAIN}
         - path: /
           pathType: Prefix
               name: game-2048
                 number: 80

To use our sample, simply install the ngrok helm chart and your ngrok authtoken and API key, set the subdomain of your choice and apply the deployment manifest:

# 1 Add ngrok repo
helm repo add ngrok

# 2 install the ngrok ingress controller
export NGROK_AUTHTOKEN=[YOUR Secret Auth Token]

helm install ngrok-ingress-controller ngrok/kubernetes-ingress-controller \
   --set credentials.apiKey=$NGROK_API_KEY \
   --set credentials.authtoken=$NGROK_AUTHTOKEN

# 3 choose a subdomain

# 4 apply our sample manifest
wget -O - | envsubst | kubectl apply -f -

The 2048 game is now available on the internet at the domain you configured in the manifest, no other configuration is necessary.

How the ngrok ingress controller works

How did we create ingress from the internet to your Kubernetes cluster without configuring IPs, DNS, TLS certificates, or networking policies? When you install the ngrok Ingress Controller, it's pods create persistent TLS connections to ngrok's global service. As Ingress objects are created in the Kubernetes cluster, the controller transmits to ngrok's global service with their associated configuration (e.g. domain name, IP restrictions, and authentication). ngrok's ingress as a service platform then reconfigures our global points of presence to receive traffic on behalf of your cluster.

How a Kubernetes cluster with the ngrok Ingress Controller creates access

After your ingress is configured on our global network, ngrok receives HTTP requests at the closest region to the requester and enforces the middleware policies defined by your application. Unauthorized requests are blocked at the edge and only valid requests are transmitted to your cluster via the persistent TLS connections:

How requests are handled and delivered to your Kubernetes cluster

Design of the ngrok ingress controller

We designed the ngrok Ingress Controller with the goal of integrating seamlessly into the Kubernetes ecosystem. We validated the design through iteration from community feedback as well as dogfooding it for our own production usage.

  • CRD Configuration: ngrok's ingress controller defines a simple set of CRDs that you can use to configure its ingress objects so that developers don't need to rely on strongly-typed annotations.
  • High Availability: ngrok's ingress controller load balances traffic through multiple redundant pods. Services do not go offline when a pod fails or the controller is redeployed.
  • Customizable Helm Packaging: Following the best practices of the ecosystem, ngrok is packaged as a native helm chart with template variables that make it easy for operations teams to customize its operation to the clusters it runs in.
  • Native Observability: The ngrok ingress controller is simply a Kubernetes-native way to use ngrok's ingress as a service platform. That means all of the other benefits you get from the ngrok platform like native logging integrations to AWS services and API access to query your online endpoints across multiple clusters are automatically available with its use.
  • Dogfood Battle Tested: At ngrok, we already dogfood the ingress controller for our own production endpoints so that you can deploy it with the confidence that its ready to handle your own production workloads.

Get started

  • Quickstart Guide: Follow the ngrok Ingress Controller for Kubernetes get started guide for a quick way to try it out yourself.
  • Documentation: Detailed docs on usage and operation are available in the ngrok Ingress Controller documentation.
  • Open Source on GitHub: The ngrok Kubernetes Ingress Controller is open source on Github. Star the repository to follow along!

Share this post
Alex Bezek
Alex is an Infrastructure Engineer at ngrok where he helps manage our internal developer platform. He loves all things cloud native and might be a little obsessed with Kubernetes recently!
Cloud edge