Skip to main content
Kubernetes has the concept of Custom Resource Definitions (CRDs) which allow you to define your own custom resources. This document will cover the CRDs you might use to achieve your goals with the ngrok Kubernetes Operator.

ngrok Kubernetes CRDs

CloudEndpoint

Centrally managed endpoints in the cloud that can be used to route traffic to agent endpoints.

AgentEndpoint

Public or internal Endpoints created by Secure Tunnel agents.

NgrokTrafficPolicy

Configuration language that offers you the flexibility to filter, match, manage and orchestrate traffic to your endpoints.

BoundEndpoint

Project ngrok endpoints into one or more Kubernetes clusters as Services to enable secure cluster to cluster networking without exposing them to public traffic.

Domain

A Domain’s primary responsibility is to enable you to create public endpoints with a hostname matching the domain.

KubernetesOperator

Use ngrok with your Kubernetes clusters.

IPPolicy

A policy to restrict access to an endpoint based on IP that can be used across endpoints.

Resource Status and Conditions

The ngrok Kubernetes Operator uses standard Kubernetes conditions to report the state of resources. Each resource includes a status.conditions array that provides visibility into the current state and any issues that may need attention.

Common Condition Types

The following table summarizes the condition types available across different CRD resources:
CRDCondition TypePurpose
DomainReadyOverall domain readiness
DomainCreatedDomain reservation status
CertificateReadyTLS certificate status
DNSConfiguredDNS configuration status
ProgressingDomain provisioning in progress
IPPolicyReadyOverall policy readiness
IPPolicyCreatedPolicy creation status
RulesConfiguredRules configuration status
CloudEndpointReadyOverall endpoint readiness
CloudEndpointCreatedEndpoint creation status
DomainReadyAssociated domain status
AgentEndpointReadyOverall endpoint readiness
EndpointCreatedEndpoint creation status
TrafficPolicyAppliedTraffic policy application status
DomainReadyAssociated domain status
BoundEndpointReadyOverall bound endpoint readiness
ServicesCreatedTarget and upstream services creation status
ConnectivityVerifiedUpstream connectivity verification status

Checking Resource Status

You can use kubectl to check the status of your resources: 
# Check if a resource is ready
kubectl get <resource-type> <name> -o jsonpath='{.status.conditions[?(@.type=="Ready")]}'

# Wait for a resource to become ready
kubectl wait --for=condition=Ready <resource-type>/<name> --timeout=60s

# List all resources with ready status
kubectl get <resource-type> -A -o custom-columns=\
NAME:.metadata.name,\
NAMESPACE:.metadata.namespace,\
READY:.status.conditions[?(@.type==\'Ready\')].status,\
REASON:.status.conditions[?(@.type==\'Ready\')].reason

Understanding Condition Fields

Each condition includes the following fields:
  • type: The condition type (e.g., Ready, DomainCreated)
  • status: True, False, or Unknown
  • reason: A programmatic identifier for the condition state
  • message: A human-readable description of the condition
  • lastTransitionTime: When the condition last changed state
  • observedGeneration: The resource generation this condition reflects
For detailed information about the status fields and conditions for each CRD, refer to the individual CRD documentation pages linked above.