-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing important resources in helm chart #416
Comments
btw I already tried to uninstall and install again, same issue. |
@ricardosilva86, any chance you have the logs from the helm install? That might give us some more information. Or if you can re-run the helm install command with the |
Also, could you include the output of |
helm version version.BuildInfo{Version:"v3.15.4", GitCommit:"fa9efb07d9d8debbb4306d72af76a383895aa8c4", GitTreeState:"clean", GoVersion:"go1.22.6"} |
helm install with Outputinstall.go:222: [debug] Original chart version: ""
install.go:239: [debug] CHART PATH: /home/ricardosilva/.cache/helm/repository/kubernetes-ingress-controller-0.14.1.tgz
client.go:142: [debug] creating 1 resource(s)
client.go:142: [debug] creating 33 resource(s)
NAME: ngrok-ingress-controller
LAST DEPLOYED: Tue Aug 27 06:27:44 2024
NAMESPACE: ngrok-ingress-controller
STATUS: deployed
REVISION: 1
TEST SUITE: None
USER-SUPPLIED VALUES:
credentials:
apiKey: <apikey>
authtoken: <authtoken>
COMPUTED VALUES:
affinity: {}
apiURL: ""
common:
exampleValue: common-chart
global: {}
commonAnnotations: {}
commonLabels: {}
controllerName: k8s.ngrok.com/ingress-controller
credentials:
apiKey: <apikey>
authtoken: <authtoken>
secret:
name: ""
extraEnv: {}
extraVolumeMounts: []
extraVolumes: []
fullnameOverride: ""
image:
pullPolicy: IfNotPresent
pullSecrets: []
registry: docker.io
repository: ngrok/kubernetes-ingress-controller
tag: ""
ingressClass:
create: true
default: false
name: ngrok
lifecycle: {}
log:
format: json
level: info
stacktraceLevel: error
metaData: {}
nameOverride: ""
nodeAffinityPreset:
key: ""
type: ""
values: []
podAffinityPreset: ""
podAnnotations: {}
podAntiAffinityPreset: soft
podDisruptionBudget:
create: false
maxUnavailable: 1
minAvailable: ""
podLabels: {}
priorityClassName: ""
region: ""
replicaCount: 1
resources:
limits: {}
requests: {}
rootCAs: ""
serverAddr: ""
serviceAccount:
annotations: {}
create: true
name: ""
watchNamespace: ""
HOOKS:
MANIFEST:
---
# Source: kubernetes-ingress-controller/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: ngrok-ingress-controller-kubernetes-ingress-controller
namespace: ngrok-ingress-controller
labels:
helm.sh/chart: kubernetes-ingress-controller-0.14.1
app.kubernetes.io/name: kubernetes-ingress-controller
app.kubernetes.io/instance: ngrok-ingress-controller
app.kubernetes.io/version: "0.12.1"
app.kubernetes.io/part-of: kubernetes-ingress-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
---
# Source: kubernetes-ingress-controller/templates/credentials-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: ngrok-ingress-controller-kubernetes-ingress-controller-credentials
namespace: ngrok-ingress-controller
type: Opaque
data:
API_KEY: <apikey>
AUTHTOKEN: <authtoken>
---
# Source: kubernetes-ingress-controller/templates/controller-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: ngrok-ingress-controller-kubernetes-ingress-controller-manager-config
namespace: ngrok-ingress-controller
data:
controller_manager_config.yaml: |
apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
kind: ControllerManagerConfig
health:
healthProbeBindAddress: :8081
metrics:
bindAddress: 127.0.0.1:8080
leaderElection:
leaderElect: true
resourceName: ngrok-ingress-controller-kubernetes-ingress-controller-leader
---
# Source: kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_domains.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: domains.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: Domain
listKind: DomainList
plural: domains
singular: domain
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Domain ID
jsonPath: .status.id
name: ID
type: string
- description: Region
jsonPath: .status.region
name: Region
type: string
- description: Domain
jsonPath: .status.domain
name: Domain
type: string
- description: CNAME Target
jsonPath: .status.cnameTarget
name: CNAME Target
type: string
- description: Age
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: Domain is the Schema for the domains API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: DomainSpec defines the desired state of Domain
properties:
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of the object
in the ngrok API/Dashboard
type: string
domain:
description: Domain is the domain name to reserve
type: string
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated with
the object in the ngrok API/Dashboard
type: string
region:
description: Region is the region in which to reserve the domain
type: string
required:
- domain
type: object
status:
description: DomainStatus defines the observed state of Domain
properties:
cnameTarget:
description: CNAMETarget is the CNAME target for the domain
type: string
domain:
description: Domain is the domain that was reserved
type: string
id:
description: ID is the unique identifier of the domain
type: string
region:
description: Region is the region in which the domain was created
type: string
uri:
description: URI of the reserved domain API resource
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_httpsedges.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: httpsedges.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: HTTPSEdge
listKind: HTTPSEdgeList
plural: httpsedges
singular: httpsedge
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: HTTPSEdge is the Schema for the httpsedges API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: HTTPSEdgeSpec defines the desired state of HTTPSEdge
properties:
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of the object
in the ngrok API/Dashboard
type: string
hostports:
description: Hostports is a list of hostports served by this edge
items:
type: string
type: array
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated with
the object in the ngrok API/Dashboard
type: string
mutualTLS:
properties:
certificateAuthorities:
description: |-
List of CA IDs that will be used to validate incoming connections to the
edge.
items:
type: string
type: array
type: object
routes:
description: Routes is a list of routes served by this edge
items:
properties:
backend:
description: |-
Backend is the definition for the tunnel group backend
that serves traffic for this edge
properties:
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description
of the object in the ngrok API/Dashboard
type: string
labels:
additionalProperties:
type: string
description: Labels to watch for tunnels on this backend
type: object
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated
with the object in the ngrok API/Dashboard
type: string
type: object
circuitBreaker:
description: CircuitBreaker is a circuit breaker configuration
to apply to this route
properties:
errorThresholdPercentage:
anyOf:
- type: integer
- type: string
description: Error threshold percentage should be between
0 - 1.0, not 0-100.0
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
numBuckets:
description: Integer number of buckets into which metrics
are retained. Max 128.
format: int32
maximum: 128
minimum: 1
type: integer
rollingWindow:
description: Statistical rolling window duration that metrics
are retained for.
format: duration
type: string
trippedDuration:
description: Duration after which the circuit is tripped
to wait before re-evaluating upstream health
format: duration
type: string
volumeThreshold:
description: |-
Integer number of requests in a rolling window that will trip the circuit.
Helpful if traffic volume is low.
format: int32
type: integer
type: object
compression:
description: Compression is whether or not to enable compression
for this route
properties:
enabled:
description: Enabled is whether or not to enable compression
for this endpoint
type: boolean
type: object
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of
the object in the ngrok API/Dashboard
type: string
headers:
description: Headers are request/response headers to apply to
this route
properties:
request:
description: Request headers are the request headers module
configuration or null
properties:
add:
additionalProperties:
type: string
description: |-
a map of header key to header value that will be injected into the HTTP Request
before being sent to the upstream application server
type: object
remove:
description: |-
a list of header names that will be removed from the HTTP Request before being
sent to the upstream application server
items:
type: string
type: array
type: object
response:
description: Response headers are the response headers module
configuration or null
properties:
add:
additionalProperties:
type: string
description: |-
a map of header key to header value that will be injected into the HTTP Response
returned to the HTTP client
type: object
remove:
description: |-
a list of header names that will be removed from the HTTP Response returned to
the HTTP client
items:
type: string
type: array
type: object
type: object
ipRestriction:
description: IPRestriction is an IPRestriction to apply to this
route
properties:
policies:
items:
type: string
type: array
type: object
match:
description: Match is the value to match against the request
path
type: string
matchType:
description: 'MatchType is the type of match to use for this
route. Valid values are:'
enum:
- exact_path
- path_prefix
type: string
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated
with the object in the ngrok API/Dashboard
type: string
oauth:
description: OAuth configuration to apply to this route
properties:
amazon:
description: configuration for using amazon as the identity
provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
facebook:
description: configuration for using facebook as the identity
provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
github:
description: configuration for using github as the identity
provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
organizations:
description: |-
a list of github org identifiers. users who are members of any of the listed
organizations will be allowed access. identifiers should be the organization's
'slug'
items:
type: string
type: array
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
teams:
description: |-
a list of github teams identifiers. users will be allowed access to the endpoint
if they are a member of any of these teams. identifiers should be in the 'slug'
format qualified with the org name, e.g. org-name/team-name
items:
type: string
type: array
type: object
gitlab:
description: configuration for using gitlab as the identity
provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
google:
description: configuration for using google as the identity
provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
linkedin:
description: configuration for using linkedin as the identity
provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
microsoft:
description: configuration for using microsoft as the identity
provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
twitch:
description: configuration for using twitch as the identity
provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
type: object
oidc:
description: OIDC is the OpenID Connect configuration to apply
to this route
properties:
clientId:
description: The OIDC app's client ID and OIDC audience.
type: string
clientSecret:
description: The OIDC app's client secret.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
issuer:
description: URL of the OIDC "OpenID provider". This is
the base URL used for discovery.
type: string
maximumDuration:
description: |-
The maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: The set of scopes to request from the OIDC
identity provider.
items:
type: string
type: array
type: object
policy:
description: raw json policy string that was applied to the
ngrok API
type: object
x-kubernetes-preserve-unknown-fields: true
saml:
description: SAML is the SAML configuration to apply to this
route
properties:
allowIdpInitiated:
description: |-
If true, the IdP may initiate a login directly (e.g. the user does not need to
visit the endpoint first and then be redirected). The IdP should set the
RelayState parameter to the target URL of the resource they want the user to be
redirected to after the SAML login assertion has been processed.
type: boolean
authorizedGroups:
description: |-
If present, only users who are a member of one of the listed groups may access
the target endpoint.
items:
type: string
type: array
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
forceAuthn:
description: |-
If true, indicates that whenever we redirect a user to the IdP for
authentication that the IdP must prompt the user for authentication credentials
even if the user already has a valid session with the IdP.
type: boolean
idpMetadata:
description: |-
The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file
to download or as a URL.
type: string
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
The maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
nameidFormat:
description: |-
Defines the name identifier format the SP expects the IdP to use in its
assertions to identify subjects. If unspecified, a default value of
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of
the allowed values enumerated by the SAML specification are supported.
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
type: object
webhookVerification:
description: WebhookVerification is webhook verification configuration
to apply to this route
properties:
provider:
description: |-
a string indicating which webhook provider will be sending webhooks to this
endpoint. Value must be one of the supported providers defined at
https://ngrok.com/docs/http/webhook-verification/#supported-providers
type: string
secret:
description: |-
SecretRef is a reference to a secret containing the secret used to validate
requests from the given provider. All providers except AWS SNS require a secret
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
type: object
required:
- match
- matchType
type: object
type: array
tlsTermination:
description: TLSTermination is the TLS termination configuration for
this edge
properties:
minVersion:
description: MinVersion is the minimum TLS version to allow for
connections to the edge
type: string
type: object
type: object
status:
description: HTTPSEdgeStatus defines the observed state of HTTPSEdge
properties:
id:
description: ID is the unique identifier for this edge
type: string
routes:
items:
properties:
backend:
description: |-
Backend stores the status of the tunnel group backend,
mainly the ID of the backend
properties:
id:
description: ID is the unique identifier for this backend
type: string
type: object
id:
description: ID is the unique identifier for this route
type: string
match:
type: string
matchType:
type: string
uri:
description: URI is the URI for this route
type: string
type: object
type: array
uri:
description: URI is the URI for this edge
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_ippolicies.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: ippolicies.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: IPPolicy
listKind: IPPolicyList
plural: ippolicies
singular: ippolicy
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: IPPolicy ID
jsonPath: .status.id
name: ID
type: string
- description: Age
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: IPPolicy is the Schema for the ippolicies API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: IPPolicySpec defines the desired state of IPPolicy
properties:
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of the object
in the ngrok API/Dashboard
type: string
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated with
the object in the ngrok API/Dashboard
type: string
rules:
description: Rules is a list of rules that belong to the policy
items:
properties:
action:
enum:
- allow
- deny
type: string
cidr:
type: string
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of
the object in the ngrok API/Dashboard
type: string
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated
with the object in the ngrok API/Dashboard
type: string
type: object
type: array
type: object
status:
description: IPPolicyStatus defines the observed state of IPPolicy
properties:
id:
description: |-
INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
Important: Run "make" to regenerate code after modifying this file
type: string
rules:
items:
properties:
action:
type: string
cidr:
type: string
id:
type: string
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_ngrokmodulesets.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: ngrokmodulesets.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: NgrokModuleSet
listKind: NgrokModuleSetList
plural: ngrokmodulesets
singular: ngrokmoduleset
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NgrokModuleSet is the Schema for the ngrokmodules API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
modules:
properties:
circuitBreaker:
description: CircuitBreaker configuration for this module set
properties:
errorThresholdPercentage:
anyOf:
- type: integer
- type: string
description: Error threshold percentage should be between 0 -
1.0, not 0-100.0
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
numBuckets:
description: Integer number of buckets into which metrics are
retained. Max 128.
format: int32
maximum: 128
minimum: 1
type: integer
rollingWindow:
description: Statistical rolling window duration that metrics
are retained for.
format: duration
type: string
trippedDuration:
description: Duration after which the circuit is tripped to wait
before re-evaluating upstream health
format: duration
type: string
volumeThreshold:
description: |-
Integer number of requests in a rolling window that will trip the circuit.
Helpful if traffic volume is low.
format: int32
type: integer
type: object
compression:
description: Compression configuration for this module set
properties:
enabled:
description: Enabled is whether or not to enable compression for
this endpoint
type: boolean
type: object
headers:
description: Header configuration for this module set
properties:
request:
description: Request headers are the request headers module configuration
or null
properties:
add:
additionalProperties:
type: string
description: |-
a map of header key to header value that will be injected into the HTTP Request
before being sent to the upstream application server
type: object
remove:
description: |-
a list of header names that will be removed from the HTTP Request before being
sent to the upstream application server
items:
type: string
type: array
type: object
response:
description: Response headers are the response headers module
configuration or null
properties:
add:
additionalProperties:
type: string
description: |-
a map of header key to header value that will be injected into the HTTP Response
returned to the HTTP client
type: object
remove:
description: |-
a list of header names that will be removed from the HTTP Response returned to
the HTTP client
items:
type: string
type: array
type: object
type: object
ipRestriction:
description: IPRestriction configuration for this module set
properties:
policies:
items:
type: string
type: array
type: object
mutualTLS:
description: MutualTLS configuration for this module set
properties:
certificateAuthorities:
description: |-
List of CA IDs that will be used to validate incoming connections to the
edge.
items:
type: string
type: array
type: object
oauth:
description: OAuth configuration for this module set
properties:
amazon:
description: configuration for using amazon as the identity provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
facebook:
description: configuration for using facebook as the identity
provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
github:
description: configuration for using github as the identity provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
organizations:
description: |-
a list of github org identifiers. users who are members of any of the listed
organizations will be allowed access. identifiers should be the organization's
'slug'
items:
type: string
type: array
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
teams:
description: |-
a list of github teams identifiers. users will be allowed access to the endpoint
if they are a member of any of these teams. identifiers should be in the 'slug'
format qualified with the org name, e.g. org-name/team-name
items:
type: string
type: array
type: object
gitlab:
description: configuration for using gitlab as the identity provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
google:
description: configuration for using google as the identity provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
linkedin:
description: configuration for using linkedin as the identity
provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
microsoft:
description: configuration for using microsoft as the identity
provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
twitch:
description: configuration for using twitch as the identity provider
properties:
authCheckInterval:
description: |-
Duration after which ngrok guarantees it will refresh user
state from the identity provider and recheck whether the user is still
authorized to access the endpoint. This is the preferred tunable to use to
enforce a minimum amount of time after which a revoked user will no longer be
able to access the resource.
format: duration
type: string
clientId:
description: |-
the OAuth app client ID. retrieve it from the identity provider's dashboard
where you created your own OAuth app. optional. if unspecified, ngrok will use
its own managed oauth application which has additional restrictions. see the
OAuth module docs for more details. if present, clientSecret must be present as
well.
type: string
clientSecret:
description: |-
the OAuth app client secret. retrieve if from the identity provider's dashboard
where you created your own OAuth app. optional, see all of the caveats in the
docs for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
emailAddresses:
description: |-
a list of email addresses of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: |-
a list of email domains of users authenticated by identity provider who are
allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
Integer number of seconds of the maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: |-
a list of provider-specific OAuth scopes with the permissions your OAuth app
would like to ask for. these may not be set if you are using the ngrok-managed
oauth app (i.e. you must pass both client_id and client_secret to set scopes)
items:
type: string
type: array
type: object
type: object
oidc:
description: OIDC configuration for this module set
properties:
clientId:
description: The OIDC app's client ID and OIDC audience.
type: string
clientSecret:
description: The OIDC app's client secret.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
issuer:
description: URL of the OIDC "OpenID provider". This is the base
URL used for discovery.
type: string
maximumDuration:
description: |-
The maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
scopes:
description: The set of scopes to request from the OIDC identity
provider.
items:
type: string
type: array
type: object
policy:
description: Policy configuration for this module set
properties:
enabled:
description: Determines if the rule will be applied to traffic
type: boolean
inbound:
description: Inbound traffic rule
items:
properties:
actions:
description: Actions
items:
properties:
config:
type: object
x-kubernetes-preserve-unknown-fields: true
type:
type: string
type: object
type: array
expressions:
description: Expressions
items:
type: string
type: array
name:
description: Name
type: string
type: object
type: array
outbound:
description: Outbound traffic rule
items:
properties:
actions:
description: Actions
items:
properties:
config:
type: object
x-kubernetes-preserve-unknown-fields: true
type:
type: string
type: object
type: array
expressions:
description: Expressions
items:
type: string
type: array
name:
description: Name
type: string
type: object
type: array
type: object
saml:
description: SAML configuration for this module set
properties:
allowIdpInitiated:
description: |-
If true, the IdP may initiate a login directly (e.g. the user does not need to
visit the endpoint first and then be redirected). The IdP should set the
RelayState parameter to the target URL of the resource they want the user to be
redirected to after the SAML login assertion has been processed.
type: boolean
authorizedGroups:
description: |-
If present, only users who are a member of one of the listed groups may access
the target endpoint.
items:
type: string
type: array
cookiePrefix:
description: |-
the prefix of the session cookie that ngrok sets on the http client to cache
authentication. default is 'ngrok.'
type: string
forceAuthn:
description: |-
If true, indicates that whenever we redirect a user to the IdP for
authentication that the IdP must prompt the user for authentication credentials
even if the user already has a valid session with the IdP.
type: boolean
idpMetadata:
description: |-
The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file
to download or as a URL.
type: string
inactivityTimeout:
description: |-
Duration of inactivity after which if the user has not accessed
the endpoint, their session will time out and they will be forced to
reauthenticate.
format: duration
type: string
maximumDuration:
description: |-
The maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
nameidFormat:
description: |-
Defines the name identifier format the SP expects the IdP to use in its
assertions to identify subjects. If unspecified, a default value of
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of
the allowed values enumerated by the SAML specification are supported.
type: string
optionsPassthrough:
description: |-
Do not enforce authentication on HTTP OPTIONS requests. necessary if you are
supporting CORS.
type: boolean
type: object
tlsTermination:
description: TLSTermination configuration for this module set
properties:
minVersion:
description: MinVersion is the minimum TLS version to allow for
connections to the edge
type: string
terminateAt:
description: |-
TerminateAt determines where the TLS connection should be terminated.
"edge" if the ngrok edge should terminate TLS traffic, "upstream" if TLS
traffic should be passed through to the upstream ngrok agent /
application server for termination.
type: string
type: object
webhookVerification:
description: WebhookVerification configuration for this module set
properties:
provider:
description: |-
a string indicating which webhook provider will be sending webhooks to this
endpoint. Value must be one of the supported providers defined at
https://ngrok.com/docs/http/webhook-verification/#supported-providers
type: string
secret:
description: |-
SecretRef is a reference to a secret containing the secret used to validate
requests from the given provider. All providers except AWS SNS require a secret
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_tcpedges.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: tcpedges.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: TCPEdge
listKind: TCPEdgeList
plural: tcpedges
singular: tcpedge
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Domain ID
jsonPath: .status.id
name: ID
type: string
- description: Hostports
jsonPath: .status.hostports
name: Hostports
type: string
- description: Tunnel Group Backend ID
jsonPath: .status.backend.id
name: Backend ID
type: string
- description: Age
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: TCPEdge is the Schema for the tcpedges API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: TCPEdgeSpec defines the desired state of TCPEdge
properties:
backend:
description: |-
Backend is the definition for the tunnel group backend
that serves traffic for this edge
properties:
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of the
object in the ngrok API/Dashboard
type: string
labels:
additionalProperties:
type: string
description: Labels to watch for tunnels on this backend
type: object
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated
with the object in the ngrok API/Dashboard
type: string
type: object
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of the object
in the ngrok API/Dashboard
type: string
ipRestriction:
description: IPRestriction is an IPRestriction to apply to this edge
properties:
policies:
items:
type: string
type: array
type: object
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated with
the object in the ngrok API/Dashboard
type: string
policy:
description: raw json policy string that was applied to the ngrok
API
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
status:
description: TCPEdgeStatus defines the observed state of TCPEdge
properties:
backend:
description: |-
Backend stores the status of the tunnel group backend,
mainly the ID of the backend
properties:
id:
description: ID is the unique identifier for this backend
type: string
type: object
hostports:
description: Hostports served by this edge
items:
type: string
type: array
id:
description: ID is the unique identifier for this edge
type: string
uri:
description: URI is the URI of the edge
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_tlsedges.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: tlsedges.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: TLSEdge
listKind: TLSEdgeList
plural: tlsedges
singular: tlsedge
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Domain ID
jsonPath: .status.id
name: ID
type: string
- description: Hostports
jsonPath: .status.hostports
name: Hostports
type: string
- description: Tunnel Group Backend ID
jsonPath: .status.backend.id
name: Backend ID
type: string
- description: Age
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: TLSEdge is the Schema for the tlsedges API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: TLSEdgeSpec defines the desired state of TLSEdge
properties:
backend:
description: |-
Backend is the definition for the tunnel group backend
that serves traffic for this edge
properties:
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of the
object in the ngrok API/Dashboard
type: string
labels:
additionalProperties:
type: string
description: Labels to watch for tunnels on this backend
type: object
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated
with the object in the ngrok API/Dashboard
type: string
type: object
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of the object
in the ngrok API/Dashboard
type: string
hostports:
description: Hostports is a list of hostports served by this edge
items:
type: string
type: array
ipRestriction:
description: IPRestriction is an IPRestriction to apply to this edge
properties:
policies:
items:
type: string
type: array
type: object
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated with
the object in the ngrok API/Dashboard
type: string
mutualTls:
properties:
certificateAuthorities:
description: |-
List of CA IDs that will be used to validate incoming connections to the
edge.
items:
type: string
type: array
type: object
policy:
description: raw json policy string that was applied to the ngrok
API
type: object
x-kubernetes-preserve-unknown-fields: true
tlsTermination:
properties:
minVersion:
description: MinVersion is the minimum TLS version to allow for
connections to the edge
type: string
terminateAt:
description: |-
TerminateAt determines where the TLS connection should be terminated.
"edge" if the ngrok edge should terminate TLS traffic, "upstream" if TLS
traffic should be passed through to the upstream ngrok agent /
application server for termination.
type: string
type: object
type: object
status:
description: TLSEdgeStatus defines the observed state of TLSEdge
properties:
backend:
description: |-
Backend stores the status of the tunnel group backend,
mainly the ID of the backend
properties:
id:
description: ID is the unique identifier for this backend
type: string
type: object
cnameTargets:
additionalProperties:
type: string
description: Map of hostports to the ngrok assigned CNAME targets
type: object
hostports:
description: Hostports served by this edge
items:
type: string
type: array
id:
description: ID is the unique identifier for this edge
type: string
uri:
description: URI is the URI of the edge
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_tunnels.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: tunnels.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: Tunnel
listKind: TunnelList
plural: tunnels
singular: tunnel
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Service/port to forward to
jsonPath: .spec.forwardsTo
name: ForwardsTo
type: string
- description: Age
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: Tunnel is the Schema for the tunnels API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: TunnelSpec defines the desired state of Tunnel
properties:
appProtocol:
description: The appProtocol for the backend. Currently only supports
`http2`
type: string
backend:
description: The configuration for backend connections to services
properties:
protocol:
type: string
type: object
forwardsTo:
description: ForwardsTo is the name and port of the service to forward
traffic to
type: string
labels:
additionalProperties:
type: string
description: Labels are key/value pairs that are attached to the tunnel
type: object
type: object
status:
description: TunnelStatus defines the observed state of Tunnel
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: kubernetes-ingress-controller/templates/crds/ngrok.k8s.ngrok.com_ngroktrafficpolicies.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: ngroktrafficpolicies.ngrok.k8s.ngrok.com
spec:
group: ngrok.k8s.ngrok.com
names:
kind: NgrokTrafficPolicy
listKind: NgrokTrafficPolicyList
plural: ngroktrafficpolicies
singular: ngroktrafficpolicy
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NgrokTrafficPolicy is the Schema for the ngroktrafficpolicies
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: NgrokTrafficPolicySpec defines the desired state of NgrokTrafficPolicy
properties:
policy:
description: The raw json encoded policy that was applied to the ngrok
API
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
status:
description: NgrokTrafficPolicyStatus defines the observed state of NgrokTrafficPolicy
properties:
policy:
description: The raw json encoded policy that was applied to the ngrok
API
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: kubernetes-ingress-controller/templates/controller-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-ingress-controller-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
# Source: kubernetes-ingress-controller/templates/rbac/domain_editor_role.yaml
# permissions for end users to edit domains.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
helm.sh/chart: kubernetes-ingress-controller-0.14.1
app.kubernetes.io/name: kubernetes-ingress-controller
app.kubernetes.io/instance: ngrok-ingress-controller
app.kubernetes.io/version: "0.12.1"
app.kubernetes.io/part-of: kubernetes-ingress-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: rbac
name: ngrok-ingress-controller-kubernetes-ingress-controller-domain-editor-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/rbac/domain_viewer_role.yaml
# permissions for end users to view domains.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
helm.sh/chart: kubernetes-ingress-controller-0.14.1
app.kubernetes.io/name: kubernetes-ingress-controller
app.kubernetes.io/instance: ngrok-ingress-controller
app.kubernetes.io/version: "0.12.1"
app.kubernetes.io/part-of: kubernetes-ingress-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: rbac
name: ngrok-ingress-controller-kubernetes-ingress-controller-domain-viewer-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains
verbs:
- get
- list
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/rbac/httpsedge_editor_role.yaml
# permissions for end users to edit httpsedges.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: httpsedge-editor-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: ngrok-ingress-controller
app.kubernetes.io/part-of: ngrok-ingress-controller
app.kubernetes.io/managed-by: kustomize
name: httpsedge-editor-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- httpsedges
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- httpsedges/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/rbac/httpsedge_viewer_role.yaml
# permissions for end users to view httpsedges.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: httpsedge-viewer-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: ngrok-ingress-controller
app.kubernetes.io/part-of: ngrok-ingress-controller
app.kubernetes.io/managed-by: kustomize
name: httpsedge-viewer-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- httpsedges
verbs:
- get
- list
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- httpsedges/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/rbac/ippolicy_editor_role.yaml
# permissions for end users to edit ippolicies.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: ippolicy-editor-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: ngrok-ingress-controller
app.kubernetes.io/part-of: ngrok-ingress-controller
app.kubernetes.io/managed-by: kustomize
name: ippolicy-editor-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/rbac/ippolicy_viewer_role.yaml
# permissions for end users to view ippolicies.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: ippolicy-viewer-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: ngrok-ingress-controller
app.kubernetes.io/part-of: ngrok-ingress-controller
app.kubernetes.io/managed-by: kustomize
name: ippolicy-viewer-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies
verbs:
- get
- list
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/rbac/ngrokmoduleset_editor_role.yaml
# permissions for end users to edit ngrokmodulesets.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: ngrokmoduleset-editor-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: kubernetes-ingress-controller
app.kubernetes.io/part-of: kubernetes-ingress-controller
app.kubernetes.io/managed-by: kustomize
name: ngrokmoduleset-editor-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ngrokmodulesets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ngrokmodulesets/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/rbac/ngrokmoduleset_viewer_role.yaml
# permissions for end users to view ngrokmodulesets.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: ngrokmoduleset-viewer-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: kubernetes-ingress-controller
app.kubernetes.io/part-of: kubernetes-ingress-controller
app.kubernetes.io/managed-by: kustomize
name: ngrokmoduleset-viewer-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ngrokmodulesets
verbs:
- get
- list
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ngrokmodulesets/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/rbac/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-ingress-controller-manager-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses
verbs:
- get
- list
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/status
verbs:
- get
- list
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways
verbs:
- get
- list
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways/status
verbs:
- get
- list
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
verbs:
- get
- list
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes/status
verbs:
- get
- list
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains/finalizers
verbs:
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains/status
verbs:
- get
- patch
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- httpsedges
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- httpsedges/finalizers
verbs:
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- httpsedges/status
verbs:
- get
- patch
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies/finalizers
verbs:
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies/status
verbs:
- get
- patch
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ngrokmodulesets
verbs:
- get
- list
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tcpedges
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tcpedges/finalizers
verbs:
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tcpedges/status
verbs:
- get
- patch
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tlsedges
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tlsedges/finalizers
verbs:
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tlsedges/status
verbs:
- get
- patch
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tunnels
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tunnels/finalizers
verbs:
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tunnels/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- get
- list
- update
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- ngroktrafficpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- ngroktrafficpolicies/finalizers
verbs:
- update
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- ngroktrafficpolicies/status
verbs:
- get
- patch
- update
---
# Source: kubernetes-ingress-controller/templates/rbac/tcpedge_editor_role.yaml
# permissions for end users to edit tcpedges.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: tcpedge-editor-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: ngrok-ingress-controller
app.kubernetes.io/part-of: ngrok-ingress-controller
app.kubernetes.io/managed-by: kustomize
name: tcpedge-editor-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tcpedges
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tcpedges/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/rbac/tcpedge_viewer_role.yaml
# permissions for end users to view tcpedges.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: tcpedge-viewer-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: ngrok-ingress-controller
app.kubernetes.io/part-of: ngrok-ingress-controller
app.kubernetes.io/managed-by: kustomize
name: tcpedge-viewer-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tcpedges
verbs:
- get
- list
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tcpedges/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/rbac/tlsedge_editor_role.yaml
# permissions for end users to edit tlsedges.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: tlsedge-editor-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: ngrok-ingress-controller
app.kubernetes.io/part-of: ngrok-ingress-controller
app.kubernetes.io/managed-by: kustomize
name: tlsedge-editor-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tlsedges
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tlsedges/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/rbac/tlsedge_viewer_role.yaml
# permissions for end users to view tlsedges.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: tlsedge-viewer-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: ngrok-ingress-controller
app.kubernetes.io/part-of: ngrok-ingress-controller
app.kubernetes.io/managed-by: kustomize
name: tlsedge-viewer-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tlsedges
verbs:
- get
- list
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tlsedges/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/rbac/tunnel_editor_role.yaml
# permissions for end users to edit tunnels.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
helm.sh/chart: kubernetes-ingress-controller-0.14.1
app.kubernetes.io/name: kubernetes-ingress-controller
app.kubernetes.io/instance: ngrok-ingress-controller
app.kubernetes.io/version: "0.12.1"
app.kubernetes.io/part-of: kubernetes-ingress-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: rbac
name: ngrok-ingress-controller-kubernetes-ingress-controller-tunnel-editor-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tunnels
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tunnels/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/rbac/tunnel_viewer_role.yaml
# permissions for end users to view tunnels.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
helm.sh/chart: kubernetes-ingress-controller-0.14.1
app.kubernetes.io/name: kubernetes-ingress-controller
app.kubernetes.io/instance: ngrok-ingress-controller
app.kubernetes.io/version: "0.12.1"
app.kubernetes.io/part-of: kubernetes-ingress-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: rbac
name: ngrok-ingress-controller-kubernetes-ingress-controller-tunnel-viewer-role
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tunnels
verbs:
- get
- list
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- tunnels/status
verbs:
- get
---
# Source: kubernetes-ingress-controller/templates/controller-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ngrok-ingress-controller-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ngrok-ingress-controller-manager-role
subjects:
- kind: ServiceAccount
name: ngrok-ingress-controller-kubernetes-ingress-controller
namespace: ngrok-ingress-controller
---
# Source: kubernetes-ingress-controller/templates/controller-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ngrok-ingress-controller-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ngrok-ingress-controller-proxy-role
subjects:
- kind: ServiceAccount
name: ngrok-ingress-controller-kubernetes-ingress-controller
namespace: ngrok-ingress-controller
---
# Source: kubernetes-ingress-controller/templates/controller-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ngrok-ingress-controller-leader-election-role
namespace: ngrok-ingress-controller
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
# Source: kubernetes-ingress-controller/templates/controller-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ngrok-ingress-controller-leader-election-rolebinding
namespace: ngrok-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ngrok-ingress-controller-leader-election-role
subjects:
- kind: ServiceAccount
name: ngrok-ingress-controller-kubernetes-ingress-controller
namespace: ngrok-ingress-controller
---
# Source: kubernetes-ingress-controller/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
helm.sh/chart: kubernetes-ingress-controller-0.14.1
app.kubernetes.io/name: kubernetes-ingress-controller
app.kubernetes.io/instance: ngrok-ingress-controller
app.kubernetes.io/version: "0.12.1"
app.kubernetes.io/part-of: kubernetes-ingress-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ngrok-ingress-controller-kubernetes-ingress-controller-manager
namespace: ngrok-ingress-controller
annotations:
checksum/controller-role: 7a410be28b1592797fe68e262cc5a7c24a8c3c6aaff67b396203315b701818e7
checksum/rbac: f91fd21c0e331efb3c41a4551b81ba429616fbf9bb3079c64e0284a7612ca47b
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: kubernetes-ingress-controller
app.kubernetes.io/instance: ngrok-ingress-controller
app.kubernetes.io/component: controller
template:
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: '8080'
prometheus.io/scrape: 'true'
checksum/controller-role: 7a410be28b1592797fe68e262cc5a7c24a8c3c6aaff67b396203315b701818e7
checksum/rbac: f91fd21c0e331efb3c41a4551b81ba429616fbf9bb3079c64e0284a7612ca47b
checksum/secret: 283e53865ad5f9d238d51716535c045f767c31a318c95c28af579c045680959e
labels:
app.kubernetes.io/name: kubernetes-ingress-controller
app.kubernetes.io/instance: ngrok-ingress-controller
app.kubernetes.io/component: controller
spec:
affinity:
podAffinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/instance: ngrok-ingress-controller
app.kubernetes.io/name: kubernetes-ingress-controller
app.kubernetes.io/component: controller
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
serviceAccountName: ngrok-ingress-controller-kubernetes-ingress-controller
containers:
- name: ngrok-ingress-controller
image: docker.io/ngrok/kubernetes-ingress-controller:0.12.1
imagePullPolicy: IfNotPresent
command:
- /manager
args:
- --controller-name=k8s.ngrok.com/ingress-controller
- --zap-log-level=info
- --zap-stacktrace-level=error
- --zap-encoder=json
- --health-probe-bind-address=:8081
- --metrics-bind-address=:8080
- --election-id=ngrok-ingress-controller-kubernetes-ingress-controller-leader
- --manager-name=ngrok-ingress-controller-kubernetes-ingress-controller-manager
securityContext:
allowPrivilegeEscalation: false
env:
- name: NGROK_API_KEY
valueFrom:
secretKeyRef:
key: API_KEY
name: ngrok-ingress-controller-kubernetes-ingress-controller-credentials
- name: NGROK_AUTHTOKEN
valueFrom:
secretKeyRef:
key: AUTHTOKEN
name: ngrok-ingress-controller-kubernetes-ingress-controller-credentials
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits: {}
requests: {}
---
# Source: kubernetes-ingress-controller/templates/ingress-class.yaml
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
helm.sh/chart: kubernetes-ingress-controller-0.14.1
app.kubernetes.io/name: kubernetes-ingress-controller
app.kubernetes.io/instance: ngrok-ingress-controller
app.kubernetes.io/version: "0.12.1"
app.kubernetes.io/part-of: kubernetes-ingress-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ngrok
spec:
controller: k8s.ngrok.com/ingress-controller
NOTES:
================================================================================
The ngrok Ingress controller has been deployed as a Deployment type to your
cluster.
If you haven't yet, create some Ingress resources in your cluster and they will
be automatically configured on the internet using ngrok.
One example, taken from your cluster, is the Service:
"game-2048"
You can make this accessible via ngrok with the following manifest:
--------------------------------------------------------------------------------
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: game-2048
namespace: ngrok-ingress-controller
spec:
ingressClassName: ngrok
rules:
- host: game-2048-fu3zm54o.ngrok.app
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: game-2048
port:
number: 80
--------------------------------------------------------------------------------
Applying this manifest will make the service "game-2048"
available on the public internet at "https://game-2048-fu3zm54o.ngrok.app/".
Once done, view your edges in the Dashboard https://dashboard.ngrok.com/cloud-edge/edges
Find the tunnels running in your cluster here https://dashboard.ngrok.com/tunnels/agents
If you have any questions or feedback, please join us in https://ngrok.com/slack and let us know! |
The logs look quite normal to me. I tried re-creating as close as possible but I haven't had any luck with it yet.
The only other thing I would try is to confirm that the CRDs did get installed like so:
You should see something like this:
|
@ricardosilva86, I added a github actions pipeline to test this with different k8s & helm versions using kind, but still haven't been able to recreate. If you can find a way to repro the issue though, let us know and we'll keep looking into it. |
Kubernetes Version
1.30
Helm Chart Version
0.12.1
Helm Chart configuration
I just installed as it was requested in the tutorial:
What happened
Kubernetes flavour: minikube or kind
I was following the https://ngrok.com/docs/using-ngrok-with/k8s/ tutorial and I couldn't make it work. The following errors were reported:
When I try to get any
domains
object in the cluster:k get domains Error from server (NotFound): Unable to list "ingress.k8s.ngrok.com/v1alpha1, Resource=domains": the server could not find the requested resource (get domains.ingress.k8s.ngrok.com)
Same happens with other resources like tunnels:
k get tunnels Error from server (NotFound): Unable to list "ingress.k8s.ngrok.com/v1alpha1, Resource=tunnels": the server could not find the requested resource (get tunnels.ingress.k8s.ngrok.com)
What you think should happen instead
As per the result of the tutorial, I should have got a working 2048 app running on my domain.
How to reproduce
Follow the K8s ingress tutorial from ngrok, here: https://ngrok.com/docs/using-ngrok-with/k8s/
The text was updated successfully, but these errors were encountered: