Using ngrok Custom Resources
The following sections offer a brief guide on how using each of ngrok's custom resources work. You can also head to the Custom Resource Definition docs for more detailed information about the structure of each resource and all of their fields.
Using AgentEndpoint
The AgentEndpoint
resource is used to create Agent Endpoints using the operator.
At a high level, Agent Endpoints are endpoints that accept traffic and forward it to an upstream of your choice.
They may optionally include traffic policy configuration specified in-line or as a reference to an NgrokTrafficPolicy
resource.
The lifetime of these endpoints is tied to the lifetime of the "agent" responsible for them, in this scenario, the operator is the "agent", so if the operator is deleted, then the endpoint will be deleted.
The endpoint types page showcases using different protocols with AgentEndpoint
and/or CloudEndpoint
resources.
See the AgentEndpoint Reference for more detailed information about AgentEndpoint
structure and fields.
Public AgentEndpoint
The following example will create a publicly accessible AgentEndpoint
that forwards traffic to a Service
in the Kubernetes cluster.
Loading…
AgentEndpoint
with In-line Traffic Policy
The following example showcases an AgentEndpoint
with in-line traffic policy configuration
Loading…
AgentEndpoint
with referenced NgrokTrafficPolicy
The following example showcases an AgentEndpoint
with traffic policy configuration from a referenced NgrokTrafficPolicy
resource.
Loading…
AgentEndpoint
with client certificates
If you would like to enforce mutual TLS, you can reference Secret
objects that contain client certificates that the operator should use for the
AgentEndpoint
when connecting to the upstream.
- The secrets are expected to contain the data in the keys
tls.crt
andtls.key
. - The
namespace
field is optional, and when not supplied, the namespace of theAgentEndpoint
will be used.
Loading…
AgentEndpoint
Public URL vs. Upstream URL
With AgentEndpoints, while the public URL of an endpoint may have a scheme such as http://
, the upstream.url
for that endpoint does not need to also use the same scheme as the public URL.
You can create an endpoint with an http://
scheme as the public URL and still use https://
as the scheme for the upstream URL.
The following Agent Endpoint accepts cleartext HTTP connections at http://example-http-domain.ngrok.app, and forwards to the kubernetes service https://example-service.default
on port 443
over HTTPS.
Loading…
Using CloudEndpoint
The CloudEndpoint
resource is used to create Cloud Endpoints using the operator.
At a high level, Cloud Endpoints are endpoints that live in the ngrok cloud and are always online.
They may optionally include traffic policy configuration specified in-line or as a reference to an NgrokTrafficPolicy
resource.
Since they live in the ngrok cloud, Cloud Endpoints are always accessible, even if the cluster running your ngrok operator goes down.
Unlike Agent Endpoints, Cloud Endpoints do not directly specify a local upstream to forward traffic to since they live in the cloud. Their primary purpose is to run traffic policies which can be used to forward traffic to other endpoints.
A very common pattern is to make a publicly accessible Cloud Endpoint for a hostname that has traffic policy to forward traffic to one of several other Cloud or Agent endpoints depending on the path/headers/etc.
The endpoint types page showcases using different protocols with AgentEndpoint
and/or CloudEndpoint
resources.
See the CloudEndpoint Reference for more detailed information about CloudEndpoint
structure and fields.
CloudEndpoint
with In-line Traffic Policy
The following example showcases an CloudEndpoint
with in-line traffic policy configuration
Loading…
CloudEndpoint
with referenced NgrokTrafficPolicy
The following example showcases an CloudEndpoint
with traffic policy configuration from a referenced NgrokTrafficPolicy
resource.
Loading…
CloudEndpoint
Routing
For a more in-depth guide on using CloudEndpoints
to forward requests to other endpoints using the forward-internal
action, see the request routing guide
Using NgrokTrafficPolicy
NgrokTrafficPolicy
allows you to specify a traffic policy configuration to be used on one or more Ingress
, Gateway
, CloudEndpoint
, or AgentEndpoint
resources.
On their own, NgrokTrafficPolicy
resources do not do anything unless attached to a CloudEndpoint
, Ingress
, etc.
The CloudEndpoint
and AgentEndpoint
custom resources allow you to choose whether you would like to supply traffic policy configuration in-line or as a reference to an NgrokTrafficPolicy
resource.
This makes it easy to create common NgrokTrafficPolicy
resources and re-use them on multiple different resources.
Ingress
and Gateway API resources have several methods of accepting NgrokTrafficPolicy
resources outlined in the using ingresses and using Gateway API pages.
The following example showcases creating an NgrokTrafficPolicy
resource that will return a custom response when the ?debug=true
query parameter is sent with the request.
Loading…
See the NgrokTrafficPolicy Reference for more detailed information about NgrokTrafficPolicy
structure and fields.
Using Domain
, Tunnel
, BoundEndpoint
, and KubernetesOperator
Domain
, Tunnel
, BoundEndpoint
, and KubernetesOperator
are all custom resources that you should not need to interface with directly very much.
They are created by the operator in response to AgentEndpoint
, CloudEndpoint
, Ingress
, and Gateway API resources. They exist primarily to provide feedback to the user about events and resources that are created in response to your configuration and help keep the state of your cluster configuration in-sync with the resources in your ngrok account.
You can use kubectl describe
on any of them to check their status and conditions when debugging configuration.
Domains:
- Domains reserve domains in your ngrok that are used in hostnames across
Ingress
, etc. resources. - Tunnels:
- Tunnels establish connections to your upstream services to handle forwarding traffic.
- Tunnel Reference
- BoundEndpoints:
- BoundEndpoints project endpoints with a binding type of
kubernetes
into one or more Kubernetes clusters running the ngrok operator. - For more information on endpoint bindings, refer to the bindings page.
- BoundEndpoint Reference
- BoundEndpoints project endpoints with a binding type of
- KubernetesOperators:
- KubernetesOperators are used to synchronize the state of any instances of the ngrok Kubernetes operator with your ngrok account.
- KubernetesOperator Reference
Using Edges
Edges are a deprecated custom resource that are not documented as they will be removed soon, so you should not start using Edges or create any new ones now.
For those who have installed an early release of the operator and created any HTTPSEdge
resources, they can be rewritten as CloudEndpoint
and/or AgentEndpoint
custom resources.
The same is true of the NgrokModuleSet
resources that were the precursor to NgrokTrafficPolicy
.
Edges will be completely removed prior to the 1.0 release of the ngrok Kubernetes operator.