Kubernetes ingress to apps/APIs on clusters managed by Canonical MicroK8s
Using this guide, you'll launch a new Kubernetes cluster with Canonical's open-source MicroK8s and use the ngrok Kubernetes Operator to securely ingress public traffic to an example app using the new Kubernetes Gateway API.
Along the way, you'll learn enough to leverage MicroK8s in your next Kubernetes deployment—local development, embedded in a CI environment, and production workloads—with simple and secure traffic ingress.
Here is what you'll be building with:
- The ngrok Kubernetes Operator: ngrok's official controller for adding secure public ingress and middleware execution to your Kubernetes apps with ngrok's Cloud Edge. With ngrok, you can manage and secure app traffic at every stage of the development lifecycle while benefiting from simpler configurations, security, and edge acceleration.
- The Kubernetes Gateway API: This new API, which made generally available in October 2023, is a role-oriented mechanism for provisioning load-balancing infrastructure and routing traffic. The Gateway API does not replace "traditional" Operators—both are available for production usage, but the Gateway API may be better suited for large organizations with defined roles for managing Kubernetes services, cluster operators vs. application developers.
- Canonical MicroK8s: An open-source system for low-ops, minimal, production-ready Kubernetes. MicroK8s' single-node configuration, small size, and customizeable footprint lets you use it for local development, in minimal environments like GitHub's CI/CD, or using Kubernetes on IoT hardware.
What you'll need
- MicroK8s installed locally.
- An ngrok account.
- kubectl and Helm 3.0.0+ installed on your local workstation.
- The ngrok Kubernetes Operator installed on your cluster.
- A reserved domain, which you can get in the ngrok
dashboard or with the ngrok
API.
- You can choose from an ngrok subdomain or bring your own custom branded
domain, like
https://api.example.com. - We'll refer to this domain as
<NGROK_DOMAIN>.
- You can choose from an ngrok subdomain or bring your own custom branded
domain, like
Deploy a Kubernetes cluster with MicroK8s
Start by deploying a new single-node MicroK8s Kubernetes cluster in your chosen environment. That could be your local workstation, an IoT device, a virtual machine in the cloud, or any system running one of the 42 supported flavors of Linux.
-
Follow the get started tutorial for MicroK8s to install the binary for your target system.
Once Microk8s is installed, it automatically deploys a single-node Kubernetes cluster.
-
Run
microk8s status --wait-readyto check on the state of your MicroK8s cluster.Loading…
If you see
microk8s is ready, your new cluster is ready to go!
Install an example app
Now you need a domain and Kubernetes service to ingress traffic to!
-
If you don't have an ngrok static domain, create one. Navigate to the Domains section of the ngrok dashboard and click Create Domain or New Domain. This static domain, which will look like
example.ngrok.app, will be yourNGROK_DOMAINfor the remainder of this guide.Creating a subdomain on the ngrok network provides a public route to accept HTTP, HTTPS, and TLS traffic.
-
Create a new Kubernetes manifest (
2048.yaml) with the YAML below. This manifest defines the 2048 application service and deployment, then configures the ngrok Kubernetes Operator to connect thegame-2048service to the ngrok edge via yourNGROK_DOMAIN.Loading…
-
Apply the
2048.yamlmanifest to your MicroK8s cluster.Loading…
Configure the ngrok Kubernetes Operator
With your example app running alongside the ngrok Kubernetes Operator, you now need to configure the new Kubernetes Gateway API to route traffic arriving from outside the cluster on NGROK_DOMAIN to the game-2048 service.
You'll first create a GatewayClass, which represents a class of cluster-level Gateways. You'll then configure the Gateway with a listener, and an HTTPRoute to specify how the Gateway should route requests.
-
Create a new file called
gatewayclass.yamlon your workstation with the below YAML:Loading…
-
Install the GatewayClass:
Loading…
-
Create a new file named
2048-gateway.yamlon your workstation with the below YAML, replacing<YOUR_NGROK_DOMAIN>:Loading…
This YAML uses the Gateway API to first define a Gateway that allows north/south traffic to enter the cluster from external requests, then uses an HTTPRoute to terminate the connection at the pod running the
game-2048service. -
Access your 2048 demo app by navigating to your ngrok domain, e.g.
https://<YOUR_NGROK_DOMAIN>. ngrok's network and the ngrok Kubernetes Operator routes traffic to your app from any device or external network.
What's next?
To track the development of the ngrok Kubernetes Operator and its use of the new Kubernetes Gateway API, check out the GitHub repository and give it a ⭐.