Exposing Kubernetes services to the internet can be tricky, especially when you’re working on Kubernetes. Enter ngrok, the tool that makes it super easy to securely expose your clusters and pods. In this post, we’ll dive into getting started with ngrok, explore its features (including automated SSL), and discuss when you should use ngrok versus a traditional cloud load balancer.

What is ngrok?#

ngrok has come a long way from being a simple tool to create secure tunnels to your localhost. It’s now a powerful proxy agent ready for production workloads. Initially, it was mostly used by developers to expose local applications for testing webhooks or APIs, but now it does much more.

Think of ngrok as a friendly middleman between your app and the internet. Like Cloudflare, it handles SSL, secure tunneling, and even identity management for you. With ngrok, you can easily develop, debug, and expose your services with added layers of security like OAuth and access control.

Whether you’re just starting development or already have a live application, ngrok is a tool you’ll want to keep in your pocket.

Key Features of ngrok#

  1. Automated SSL: ngrok automatically handles SSL setup for you. Every tunnel is HTTPS-ready, so you don’t have to fuss with certificates.
  2. Secure Tunnels: Set up secure tunnels for HTTP, TCP, and TLS traffic without having to deal with complex firewall configurations.
  3. Webhooks and Testing: ngrok gives you a public URL that forwards requests to your local server, making it perfect for testing webhooks or APIs.
  4. Identity and Security: Supports OAuth, SAML, and OpenID, allowing secure access control via third-party providers.
  5. Traffic Insights: Real-time traffic logs help you debug and monitor your incoming requests easily.
  6. Flexible Deployment: Run ngrok on Docker, your local server, or even your laptop. It’s a great way to share local apps with clients or collaborate on projects.
  7. Closed Tunnel Security: Since ngrok provides a closed tunnel, there’s no need to open any ports on your cluster.
  8. Load Balancing: ngrok can even act as a load balancer, giving you flexibility and added security.

Ngrok vs. Cloud Load Balancer#

When comparing ngrok to a traditional cloud load balancer, there are a few key differences to consider.

1. Flexibility vs. Speed#

  • ngrok: Offers more flexibility by providing a closed tunnel with a reverse proxy, handling HTTP, TCP, and TLS traffic. Built-in features like SSL and identity management (OAuth, SAML) make it a great choice for development, testing, and smaller production workloads.
  • Cloud LB: Operates directly at the network level, making it faster since it doesn’t add an extra tunnel layer. It’s ideal for high-scale, production workloads that require fast throughput and low latency.

2. Security Features#

  • ngrok: Automatically encrypts all tunnels with HTTPS, and provides real-time traffic monitoring, request tracing, and OAuth integration. It also keeps your application hidden behind a closed tunnel, so it’s not directly exposed to the internet.
  • Cloud LB: Requires manual SSL configuration unless you use automated tools like AWS ACM. It can integrate with security services like WAF but requires more setup, and the need to open ports can increase your attack surface.

3. Ease of Use vs. Scalability#

  • ngrok: Simple and fast to set up—perfect for developers needing quick access to prototypes, smaller apps, or internal testing. No DNS or certificate headaches.

  • Cloud LB: Better for large-scale production apps. It can distribute traffic across multiple zones or regions, ensuring high availability as your traffic grows.

4. Cost Efficiency#

  • ngrok: The free tier is great for development and small-scale apps. Paid tiers unlock custom domains, persistent URLs, and extra tunnels—still quite affordable for smaller production environments.
  • Cloud LB: Costs can quickly stack up depending on traffic volume, the number of endpoints, and SSL certificate management fees. Cloud LBs are efficient for large-scale apps but might be overkill (and pricey) for smaller setups.

5. Custom Domains and Persistence#

  • ngrok: Custom domains are available on paid plans. You also get persistent URLs with those plans.
  • Cloud LB: Provides permanent DNS records, making it stable and reliable for long-term, large-scale deployments.

6. Debugging and Monitoring#

  • ngrok: Built-in traffic inspection and real-time logs make it perfect for debugging during development. It’s super user-friendly compared to most cloud load balancer monitoring tools.
  • Cloud LB: Logging and monitoring require additional setup (via AWS CloudWatch or GCP Stackdriver). While it works well, it’s less immediate for debugging than ngrok.

7. Internal Developer Platform#

  • ngrok: Allows developers to easily provision endpoints without touching DNS records, which makes it easier to work in a collaborative environment.
  • Cloud LB: DNS always needs to be configured manually, giving developers access to your DNS registry—which might be less convenient for teams.

Getting Started with ngrok on Kubernetes#

Ready to try ngrok on Kubernetes? Here’s a simple walkthrough to get you started.

  1. Use helm to add the ngrok repo

    helm repo add ngrok https://charts.ngrok.com

  2. Get your API key and authtoken from the ngrok dashboard and set your environment variables. Replace [AUTHTOKEN] and [API_KEY] with your Authtoken and API key.

    export NGROK_AUTHTOKEN=[AUTHTOKEN]export NGROK_API_KEY=[API_KEY]

  3. Install the ngrok Kubernetes Operator in your cluster, replacing [AUTHTOKEN] and [API_KEY] with your Authtoken and API key from above:

Note: For this tutorial, we’re creating and using the namespace ngrok-ingress-controller.

   helm install ngrok-ingress-controller ngrok/kubernetes-ingress-controller \
   --namespace ngrok-ingress-controller \
   --create-namespace \
   --set credentials.apiKey=$NGROK_API_KEY \
   --set credentials.authtoken=$NGROK_AUTHTOKEN
  1. Create a manifest file (for example ngrok-manifest.yaml) with the following contents. You will need to replace the NGROK_DOMAIN with the domain you registered in the ngrok dashboard. You’ll also need to update the SERVICE to the Kubernetes service you want to expose.
---
# ngrok Kubernetes Operator Configuration
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: game-2048-ingress
  namespace: ngrok-ingress-controller
spec:
  ingressClassName: ngrok
  rules:
    - host: NGROK_DOMAIN
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
              name: SERVICE
              port: 80

  1. Apply the manifest file to your k8s cluster.

    kubectl apply -f ngrok-manifest.yaml

Note: If you get an error when applying the manifest, double check that you’ve updated the NGROK_DOMAIN value and try again.

  1. To confirm the manifest is successfully applied, go to the ngrok Dashboard and click Edge Configurations. You should see a new Edge Configuration for your cluster with the name matching your URL (1) — for example: my-awesome-k8s-cluster.ngrok.app. Also note that your some of your cluster configurations are presented int the dashboard as annotations (2).

ingress created

  1. Access your ingress URL using the subdomain you chose in the manifest file above (i.e. https://my-awesome-k8s-cluster.ngrok.app) to confirm the 2048 app is accessible from the internet. If you forgot what url you chose, you can always run kubectl get ingresses --namespace=ngrok-ingress-controller to see what it is.

For more information, check out the ngrok documentation.

Happy coding!