Closed russorat closed 8 months ago
I've managed to get this working with a TLS edge and the following tunnel resource definition:
apiVersion: ingress.k8s.ngrok.com/v1alpha1
kind: Tunnel
metadata:
finalizers:
- k8s.ngrok.com/finalizer
name: k8s-control
namespace: ngrok-ingress-controller
resourceVersion: "900"
spec:
backend:
protocol: TCP
forwardsTo: kubernetes.default.svc:443
labels:
edge: k8s-control # replace with your label as needed
The TLS edge needs to have TLS termination set to "pass through", since mutual tls is generally how clients are authenticated:
and you need to tell kubectl to skip verification of the server certificate via either the insecure-skip-tls-verify
cluster setting in the kubeconfig file, or via the --insecure-skip-tls-verify
cli option. This is because the server certificate common name won't match the ngrok domain that the client connects to.
This is soon to get even easier with first-class TLS edge support. Stay tuned!
TLS Edge support is complete.
Description
My main question is this, the ingress controller is great for exposing a Kubernetes service, but is there a clean/recommended way to expose the control plane itself? Ideally, I'd love to run kubectl commands outside of my home network on my home cluster, using ngrok. Also would love to deploy to my home cluster with a CICD tool like CircleCI. If you have some time, please let me know your thoughts. Again, thanks for the service!
Use Case
No response
Related issues
No response