Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Productize an easier way to create access to the k8s api endpoint #372

Open
ctindel opened this issue May 8, 2024 · 2 comments
Open

Productize an easier way to create access to the k8s api endpoint #372

ctindel opened this issue May 8, 2024 · 2 comments
Labels
enhancement New feature or request needs-triage Issues that need triage question Further information is requested

Comments

@ctindel
Copy link

ctindel commented May 8, 2024
edited by nijikokun
Loading

Description

Users want a way to expose the k8s api via an ngrok endpoint. Sometimes this would be via a whitelabeled reserved domain, some users would probably be fine with an ngrok.app or other ngrok domain.

Ideally this would be done via some parameters set at helm install time, to be able to configure what domain name to use for the ngrok edge, and any relevant authentication information (mtls etc) to layer on top of the edge.

I wonder also if it makes sense to create a new CRD for accomplishing this directly in a manifest file too?

Below is a manifest file that works but is a bit complicated for users to implement.

apiVersion: ingress.k8s.ngrok.com/v1alpha1
kind: HTTPSEdge
metadata:
  name: kube-api-example-config
  generation: 1
spec:
  description: Proxy kube-api-example
  hostports:
  - k8s.edges.example.com:443
  metadata: '{"owned-by":"kubernetes-ingress-controller"}'
  routes:
  - backend:
      description: Created by kubernetes-ingress-controller
      labels:
        a: "b"
      metadata: '{"owned-by":"kubernetes-ingress-controller"}'
    compression:
      enabled: true
    description: Created by kubernetes-ingress-controller
    match: /
    matchType: path_prefix
    metadata: '{"owned-by":"kubernetes-ingress-controller"}'
---
apiVersion: ingress.k8s.ngrok.com/v1alpha1
kind: Tunnel
metadata:
  name: k8s-api-test
spec:
  appProtocol: http2
  backend:
    protocol: HTTPS
  forwardsTo: kubernetes.default.svc:443
  labels:
    a: "b"
---
apiVersion: ingress.k8s.ngrok.com/v1alpha1
kind: Domain
metadata:
  name: reserved-domain
spec:
  description: Reserved for test
  domain: k8s.edges.example.com

Use Case

No response

Related issues

No response
@ctindel ctindel added enhancement New feature or request needs-triage Issues that need triage labels May 8, 2024
@salilsub salilsub self-assigned this May 28, 2024
@salilsub
Copy link
Contributor

Investigating, would need spec before development.

@deroine deroine added the question Further information is requested label Jul 29, 2024
@alex-bezek
Copy link
Collaborator

@nijikokun I think this ability to expose the k8s api using ngrok is a really cool and interesting case for demos and messing around. Rather than baking this into the operator as something like a helm chart option to opt into though, what if we just make a guide for how to do this for now and we can bake it into the operator later if it becomes a very common setup

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request needs-triage Issues that need triage question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ctindel @salilsub @alex-bezek @deroine