ngrok/ngrok-operator
1
0
Fork 0
mirror of https://github.com/ngrok/ngrok-operator.git synced 2026-05-17 16:50:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ae7bc37d9f62feb899087c20a1edafe7d83c8e2c
ngrok-operator/manifest-bundle.yaml
T
alex bezek ae7bc37d9f Release operator helm chart 0.23.0-rc1 (#809) 
* Release operator helm chart 0.23.0-rc1

* generate manifest-bundle.yaml
2026-05-08 23:14:48 +00:00

3101 lines
101 KiB
YAML
Generated
Raw Blame History

---
# Source: ngrok-operator/templates/agent/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: ngrok-operator-agent
namespace: ngrok-operator
labels:
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
---
# Source: ngrok-operator/templates/api-manager/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: ngrok-operator
namespace: ngrok-operator
labels:
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
---
# Source: ngrok-operator/templates/api-manager/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: ngrok-operator-manager-config
namespace: ngrok-operator
data:
controller_manager_config.yaml: |
apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
kind: ControllerManagerConfig
health:
healthProbeBindAddress: :8081
metrics:
bindAddress: 127.0.0.1:8080
leaderElection:
leaderElect: true
resourceName: ngrok-operator-leader
---
# Source: ngrok-operator/charts/ngrok-crds/templates/bindings.k8s.ngrok.com_boundendpoints.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.1
name: boundendpoints.bindings.k8s.ngrok.com
spec:
group: bindings.k8s.ngrok.com
names:
kind: BoundEndpoint
listKind: BoundEndpointList
plural: boundendpoints
singular: boundendpoint
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.endpointURL
name: URL
type: string
- jsonPath: .spec.port
name: Port
type: string
- jsonPath: .status.endpointsSummary
name: Endpoints
type: string
- jsonPath: .status.conditions[?(@.type=="ServicesCreated")].status
name: Services
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- description: Age
jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].reason
name: Reason
priority: 1
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Message
priority: 1
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: BoundEndpoint is the Schema for the boundendpoints API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: BoundEndpointSpec defines the desired state of BoundEndpoint
properties:
endpointURI:
description: 'Deprecated: Use EndpointURL instead. Will be removed
in a future release.'
pattern: ^((?P<scheme>(tcp|http|https|tls)?)://)?(?P<service>[a-z][a-zA-Z0-9-]{0,62})\.(?P<namespace>[a-z][a-zA-Z0-9-]{0,62})(:(?P<port>\d+))?$
type: string
endpointURL:
description: |-
EndpointURL is the unique identifier
representing the BoundEndpoint + its Endpoints
Format: <scheme>://<service>.<namespace>:<port>
See: https://regex101.com/r/9QkXWl/1
pattern: ^((?P<scheme>(tcp|http|https|tls)?)://)?(?P<service>[a-z][a-zA-Z0-9-]{0,62})\.(?P<namespace>[a-z][a-zA-Z0-9-]{0,62})(:(?P<port>\d+))?$
type: string
port:
description: Port is the Service port this Endpoint uses internally
to communicate with its Upstream Service
type: integer
scheme:
default: https
description: |-
Scheme is a user-defined field for endpoints that describe how the data packets
are framed by the pod forwarders mTLS connection to the ngrok edge
enum:
- tcp
- http
- https
- tls
type: string
target:
description: EndpointTarget is the target Service that this Endpoint
projects
properties:
metadata:
description: Metadata is a subset of metav1.ObjectMeta that is
added to the Service
properties:
annotations:
additionalProperties:
type: string
description: |-
Annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
type: object
labels:
additionalProperties:
type: string
description: |-
Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
type: object
type: object
namespace:
description: Namespace is the destination Namespace for the Service
this Endpoint projects
type: string
port:
description: Port is the Service targetPort this Endpoint's Target
Service uses for requests
format: int32
type: integer
protocol:
default: TCP
description: Protocol is the Service protocol this Endpoint uses
enum:
- TCP
type: string
service:
description: Service is the name of the Service that this Endpoint
projects
type: string
required:
- namespace
- port
- protocol
- service
type: object
required:
- port
- scheme
- target
type: object
status:
description: BoundEndpointStatus defines the observed state of BoundEndpoint
properties:
conditions:
description: Conditions represent the latest available observations
of the BoundEndpoint's state
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
maxItems: 8
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
endpoints:
description: |-
Endpoints is the list of ngrok API endpoint references bound to this BoundEndpoint
All endpoints share the same underlying Kubernetes services
items:
description: |-
BindingEndpoint is a reference to an Endpoint object in the ngrok API that is attached to the kubernetes operator binding
All endpoints in a BoundEndpoint share the same underlying Kubernetes services
properties:
id:
description: a resource identifier
type: string
uri:
description: a uri for locating a resource
type: string
type: object
type: array
endpointsSummary:
description: |-
EndpointsSummary provides a human-readable count of bound endpoints
Format: "N endpoint" or "N endpoints"
Examples: "1 endpoint", "2 endpoints"
type: string
hashedName:
description: HashName is the hashed output of the TargetService and
TargetNamespace for unique identification
type: string
targetServiceRef:
description: TargetServiceRef references the created ExternalName
Service in the target namespace
properties:
name:
description: The name of the Kubernetes resource being referenced
type: string
namespace:
description: The namespace of the Kubernetes resource being referenced
type: string
required:
- name
type: object
upstreamServiceRef:
description: UpstreamServiceRef references the created ClusterIP Service
pointing to pod forwarders
properties:
name:
description: The name of the Kubernetes resource being referenced
type: string
required:
- name
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: ngrok-operator/charts/ngrok-crds/templates/ingress.k8s.ngrok.com_domains.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.1
name: domains.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: Domain
listKind: DomainList
plural: domains
singular: domain
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Domain ID
jsonPath: .status.id
name: ID
type: string
- description: Domain
jsonPath: .status.domain
name: Domain
type: string
- description: Reclaim Policy
jsonPath: .spec.reclaimPolicy
name: Reclaim Policy
type: string
- description: Domain Ready
jsonPath: .status.conditions[?(@.type=='Ready')].status
name: Ready
type: string
- description: Age
jsonPath: .metadata.creationTimestamp
name: Age
type: date
- description: CNAME Target
jsonPath: .status.cnameTarget
name: CNAME Target
priority: 2
type: string
- description: Region
jsonPath: .status.region
name: Region
priority: 2
type: string
- description: Ready Reason
jsonPath: .status.conditions[?(@.type=='Ready')].reason
name: Reason
priority: 1
type: string
- description: Ready Message
jsonPath: .status.conditions[?(@.type=='Ready')].message
name: Message
priority: 1
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: Domain is the Schema for the domains API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: DomainSpec defines the desired state of Domain
properties:
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of the object
in the ngrok API/Dashboard
type: string
domain:
description: Domain is the domain name to reserve
type: string
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated with
the object in the ngrok API/Dashboard
type: string
reclaimPolicy:
default: Delete
description: DomainReclaimPolicy is the policy to use when the domain
is deleted
enum:
- Delete
- Retain
type: string
region:
description: Region is the region in which to reserve the domain
type: string
resolves_to:
description: ResolvesTo is the list of resolving targets for the domain
items:
description: DomainResolvesToEntry contains a resolving target for
this domain
properties:
value:
description: Value is a point-of-presence alias, an IP address
(coming soon), or an IP group alias (coming soon)
type: string
required:
- value
type: object
type: array
required:
- domain
type: object
status:
description: DomainStatus defines the observed state of Domain
properties:
acmeChallengeCnameTarget:
description: ACMEChallengeCNAMETarget is the CNAME target for ACME
challenge (wildcards only)
type: string
certificate:
description: Certificate contains information about the TLS certificate
properties:
id:
description: ID is the certificate ID
type: string
required:
- id
type: object
certificateManagementPolicy:
description: CertificateManagementPolicy contains the certificate
management configuration
properties:
authority:
description: Authority is the certificate authority (e.g., "letsencrypt")
type: string
privateKeyType:
description: PrivateKeyType is the private key type (e.g., "ecdsa")
type: string
required:
- authority
- privateKeyType
type: object
certificateManagementStatus:
description: CertificateManagementStatus contains the certificate
management status
properties:
provisioningJob:
description: ProvisioningJob contains information about the current
provisioning job
properties:
errorCode:
description: ErrorCode indicates the type of error (e.g.,
"DNS_ERROR")
type: string
message:
description: Message is a human-readable description of the
current status
type: string
retriesAt:
description: RetriesAt is when the provisioning job will be
retried
format: date-time
type: string
startedAt:
description: StartedAt is when the provisioning job started
format: date-time
type: string
type: object
renewsAt:
description: RenewsAt is when the certificate will be renewed
format: date-time
type: string
type: object
cnameTarget:
description: CNAMETarget is the CNAME target for the domain
type: string
conditions:
description: Conditions represent the latest available observations
of the domain's state
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
maxItems: 8
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
domain:
description: Domain is the domain that was reserved
type: string
id:
description: ID is the unique identifier of the domain
type: string
region:
description: Region is the region in which the domain was created
type: string
resolves_to:
description: ResolvesTo is the list of resolving targets for the domain
items:
description: DomainResolvesToEntry contains a resolving target for
this domain
properties:
value:
description: Value is a point-of-presence alias, an IP address
(coming soon), or an IP group alias (coming soon)
type: string
required:
- value
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: ngrok-operator/charts/ngrok-crds/templates/ingress.k8s.ngrok.com_ippolicies.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.1
name: ippolicies.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: IPPolicy
listKind: IPPolicyList
plural: ippolicies
singular: ippolicy
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: IPPolicy ID
jsonPath: .status.id
name: ID
type: string
- description: IPPolicy Ready
jsonPath: .status.conditions[?(@.type=='Ready')].status
name: Ready
type: string
- description: Age
jsonPath: .metadata.creationTimestamp
name: Age
type: date
- description: Ready Reason
jsonPath: .status.conditions[?(@.type=='Ready')].reason
name: Reason
priority: 1
type: string
- description: Ready Message
jsonPath: .status.conditions[?(@.type=='Ready')].message
name: Message
priority: 1
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: IPPolicy is the Schema for the ippolicies API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: IPPolicySpec defines the desired state of IPPolicy
properties:
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of the object
in the ngrok API/Dashboard
type: string
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated with
the object in the ngrok API/Dashboard
type: string
rules:
description: Rules is a list of rules that belong to the policy
items:
properties:
action:
enum:
- allow
- deny
type: string
cidr:
type: string
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of
the object in the ngrok API/Dashboard
type: string
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated
with the object in the ngrok API/Dashboard
type: string
required:
- action
- cidr
type: object
type: array
type: object
status:
description: IPPolicyStatus defines the observed state of IPPolicy
properties:
conditions:
description: Conditions represent the latest available observations
of the IP policy's state
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
maxItems: 8
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
id:
type: string
rules:
items:
properties:
action:
type: string
cidr:
type: string
id:
type: string
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: ngrok-operator/charts/ngrok-crds/templates/ngrok.k8s.ngrok.com_agentendpoints.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.1
name: agentendpoints.ngrok.k8s.ngrok.com
spec:
group: ngrok.k8s.ngrok.com
names:
kind: AgentEndpoint
listKind: AgentEndpointList
plural: agentendpoints
shortNames:
- aep
singular: agentendpoint
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.url
name: URL
type: string
- jsonPath: .spec.upstream.url
name: Upstream URL
type: string
- jsonPath: .spec.bindings
name: Bindings
type: string
- jsonPath: .status.conditions[?(@.type=='Ready')].status
name: Ready
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=='Ready')].reason
name: Reason
priority: 1
type: string
- jsonPath: .status.conditions[?(@.type=='Ready')].message
name: Message
priority: 1
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: AgentEndpoint is the Schema for the agentendpoints API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: AgentEndpointSpec defines the desired state of an AgentEndpoint
properties:
bindings:
description: |-
List of Binding IDs to associate with the endpoint
Accepted values are "public", "internal", or "kubernetes"
items:
pattern: ^(public|internal|kubernetes)$
type: string
maxItems: 1
type: array
clientCertificateRefs:
description: List of client certificates to present to the upstream
when performing a TLS handshake
items:
properties:
name:
description: The name of the Kubernetes resource being referenced
type: string
namespace:
description: The namespace of the Kubernetes resource being
referenced
type: string
required:
- name
type: object
type: array
description:
default: Created by the ngrok-operator
description: Human-readable description of this agent endpoint
type: string
metadata:
default: '{"owned-by":"ngrok-operator"}'
description: String of arbitrary data associated with the object in
the ngrok API/Dashboard
type: string
trafficPolicy:
description: |-
Allows configuring a TrafficPolicy to be used with this AgentEndpoint
When configured, the traffic policy is provided inline or as a reference to an NgrokTrafficPolicy resource
properties:
inline:
description: |-
Inline definition of a TrafficPolicy to attach to the agent Endpoint
The raw JSON-encoded policy that was applied to the ngrok API
type: object
x-kubernetes-preserve-unknown-fields: true
targetRef:
description: Reference to a TrafficPolicy resource to attach to
the Agent Endpoint
properties:
name:
description: The name of the Kubernetes resource being referenced
type: string
required:
- name
type: object
type: object
x-kubernetes-validations:
- message: targetRef or inline must be provided to trafficPolicy
rule: has(self.inline) || has(self.targetRef)
- message: Only one of inline and targetRef can be configured for
trafficPolicy
rule: has(self.inline) != has(self.targetRef)
upstream:
description: Defines the destination for traffic to this AgentEndpoint
properties:
protocol:
description: |-
Specifies the protocol to use when connecting to the upstream. Currently only http1 and http2 are supported
with prior knowledge (defaulting to http1). alpn negotiation is not currently supported.
enum:
- http1
- http2
type: string
proxyProtocolVersion:
description: Optionally specify the version of proxy protocol
to use if the upstream requires it
enum:
- "1"
- "2"
type: string
url:
description: |-
The local or remote address you would like to incoming traffic to be forwarded to. Accepted formats are:
Origin - https://example.org or http://example.org:80 or tcp://127.0.0.1:80
When using the origin format you are defining the protocol, domain and port.
When no port is present and scheme is https or http the port will be inferred.
For https port will be443.
For http port will be 80.
Domain - example.org
This is only allowed for https and http endpoints.
For tcp and tls endpoints host and port is required.
When using the domain format you are only defining the host.
Scheme will default to http.
Port will default to 80.
Scheme (shorthand) - https://
This only works for https and http.
For tcp and tls host and port is required.
When using scheme you are defining the protocol and the port will be inferred on the local host.
For https port will be443.
For http port will be 80.
Host will be localhost.
Port (shorthand) - 8080
When using port you are defining the port on the local host that will receive traffic.
Scheme will default to http.
Host will default to localhost.
type: string
required:
- url
type: object
url:
description: |-
The unique URL for this agent endpoint. This URL is the public address. The following formats are accepted
Domain - example.org
When using the domain format you are only defining the domain. The scheme and port will be inferred.
Origin - https://example.ngrok.app or https://example.ngrok.app:443 or tcp://1.tcp.ngrok.io:12345 or tls://example.ngrok.app
When using the origin format you are defining the protocol, domain and port. HTTP endpoints accept ports 80 or 443 with respective protocol.
Scheme (shorthand) - https:// or tcp:// or tls:// or http://
When using scheme you are defining the protocol and will receive back a randomly assigned ngrok address.
Empty - ``
When empty your endpoint will default to be https and receive back a randomly assigned ngrok address.
Internal - some.domain.internal
When ending your url with .internal, an internal endpoint will be created. nternal Endpoints cannot be accessed directly, but rather
can only be accessed using the forward-internal traffic policy action.
type: string
required:
- upstream
- url
type: object
status:
description: AgentEndpointStatus defines the observed state of an AgentEndpoint
properties:
assignedURL:
description: |-
The assigned URL. This will either be the user-supplied url, or the generated assigned url
depending on the configuration of spec.url
type: string
conditions:
description: Conditions describe the current conditions of the AgentEndpoint.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
maxItems: 8
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
domainRef:
description: |-
DomainRef is a reference to the Domain resource associated with this endpoint.
For internal endpoints, this will be nil.
nullable: true
properties:
name:
description: The name of the Kubernetes resource being referenced
type: string
namespace:
description: The namespace of the Kubernetes resource being referenced
type: string
required:
- name
type: object
trafficPolicy:
description: Identifies any traffic policies attached to the AgentEndpoint
("inline", "none", or reference name).
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: ngrok-operator/charts/ngrok-crds/templates/ngrok.k8s.ngrok.com_cloudendpoints.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.1
name: cloudendpoints.ngrok.k8s.ngrok.com
spec:
group: ngrok.k8s.ngrok.com
names:
kind: CloudEndpoint
listKind: CloudEndpointList
plural: cloudendpoints
shortNames:
- clep
singular: cloudendpoint
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.id
name: ID
type: string
- jsonPath: .spec.url
name: URL
type: string
- jsonPath: .spec.trafficPolicyName
name: Traffic Policy
type: string
- jsonPath: .spec.bindings
name: Bindings
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=='Ready')].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=='Ready')].reason
name: Reason
priority: 1
type: string
- jsonPath: .status.conditions[?(@.type=='Ready')].message
name: Message
priority: 1
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: CloudEndpoint is the Schema for the cloudendpoints API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: CloudEndpointSpec defines the desired state of CloudEndpoint
properties:
bindings:
description: |-
Bindings is the list of Binding IDs to associate with the endpoint
Accepted values are "public", "internal", or "kubernetes"
items:
pattern: ^(public|internal|kubernetes)$
type: string
maxItems: 1
type: array
description:
default: Created by the ngrok-operator
description: Human-readable description of this cloud endpoint
type: string
metadata:
default: '{"owned-by":"ngrok-operator"}'
description: String of arbitrary data associated with the object in
the ngrok API/Dashboard
type: string
poolingEnabled:
description: |-
Controls whether or not the Cloud Endpoint should allow pooling with other
Cloud Endpoints sharing the same URL. When Cloud Endpoints are pooled, any requests
going to the URL for the pooled endpoint will be distributed among all Cloud Endpoints
in the pool. A URL can only be shared across multiple Cloud Endpoints if they all have pooling enabled.
type: boolean
trafficPolicy:
description: Allows inline definition of a TrafficPolicy object
properties:
policy:
description: The raw json encoded policy that was applied to the
ngrok API
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
trafficPolicyName:
description: Reference to the TrafficPolicy resource to attach to
the Cloud Endpoint
type: string
url:
description: |-
The unique URL for this cloud endpoint. This URL is the public address. The following formats are accepted
Domain - example.org
When using the domain format you are only defining the domain. The scheme and port will be inferred.
Origin - https://example.ngrok.app or https://example.ngrok.app:443 or tcp://1.tcp.ngrok.io:12345 or tls://example.ngrok.app
When using the origin format you are defining the protocol, domain and port. HTTP endpoints accept ports 80 or 443 with respective protocol.
Scheme (shorthand) - https:// or tcp:// or tls:// or http://
When using scheme you are defining the protocol and will receive back a randomly assigned ngrok address.
Empty - ``
When empty your endpoint will default to be https and receive back a randomly assigned ngrok address.
Internal - some.domain.internal
When ending your url with .internal, an internal endpoint will be created. nternal Endpoints cannot be accessed directly, but rather
can only be accessed using the forward-internal traffic policy action.
type: string
required:
- url
type: object
status:
description: CloudEndpointStatus defines the observed state of CloudEndpoint
properties:
conditions:
description: Conditions describe the current conditions of the CloudEndpoint.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
maxItems: 8
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
domainRef:
description: |-
DomainRef is a reference to the Domain resource associated with this endpoint.
For internal endpoints, this will be nil.
nullable: true
properties:
name:
description: The name of the Kubernetes resource being referenced
type: string
namespace:
description: The namespace of the Kubernetes resource being referenced
type: string
required:
- name
type: object
id:
description: ID is the unique identifier for this endpoint
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: ngrok-operator/charts/ngrok-crds/templates/ngrok.k8s.ngrok.com_kubernetesoperators.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.1
name: kubernetesoperators.ngrok.k8s.ngrok.com
spec:
group: ngrok.k8s.ngrok.com
names:
kind: KubernetesOperator
listKind: KubernetesOperatorList
plural: kubernetesoperators
singular: kubernetesoperator
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Kubernetes Operator ID
jsonPath: .status.id
name: ID
type: string
- jsonPath: .status.registrationStatus
name: Status
type: string
- jsonPath: .status.enabledFeatures
name: Enabled Features
type: string
- jsonPath: .spec.binding.endpointSelectors
name: Endpoint Selectors
type: string
- jsonPath: .spec.binding.ingressEndpoint
name: Binding Ingress Endpoint
priority: 2
type: string
- description: Age
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: KubernetesOperator is the Schema for the ngrok kubernetesoperators
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
binding:
description: Configuration for the binding feature of this Kubernetes
Operator
properties:
endpointSelectors:
description: EndpointSelectors is a list of cel expression that
determine which kubernetes-bound Endpoints will be created by
the operator
items:
type: string
type: array
ingressEndpoint:
description: The public ingress endpoint for this Kubernetes Operator
type: string
tlsSecretName:
default: default-tls
description: TlsSecretName is the name of the k8s secret that
contains the TLS private/public keys to use for the ngrok forwarding
endpoint
type: string
required:
- endpointSelectors
- tlsSecretName
type: object
deployment:
description: Deployment information of this Kubernetes Operator
properties:
name:
description: Name is the name of the k8s deployment for the operator
type: string
namespace:
description: The namespace in which the operator is deployed
type: string
version:
description: The version of the operator that is currently running
type: string
type: object
description:
default: Created by ngrok-operator
description: Description is a human-readable description of the object
in the ngrok API/Dashboard
type: string
drain:
description: Drain configures the drain behavior for uninstall
properties:
policy:
default: Retain
description: Policy determines whether to delete ngrok API resources
or just remove finalizers
enum:
- Delete
- Retain
type: string
type: object
enabledFeatures:
description: Features enabled for this Kubernetes Operator
items:
enum:
- ingress
- gateway
- bindings
type: string
type: array
metadata:
default: '{"owned-by":"ngrok-operator"}'
description: Metadata is a string of arbitrary data associated with
the object in the ngrok API/Dashboard
type: string
region:
default: global
description: |-
The ngrok region in which the ingress for this operator is served. Defaults to
"global" if not specified.
type: string
type: object
status:
description: KubernetesOperatorStatus defines the observed state of KubernetesOperator
properties:
bindingsIngressEndpoint:
description: |-
BindingsIngressEndpoint is the URL that the operator will use to talk
to the ngrok edge when forwarding traffic for k8s-bound endpoints
type: string
drainErrors:
description: DrainErrors contains the most recent errors encountered
during drain
items:
type: string
type: array
drainMessage:
description: DrainMessage provides additional information about the
drain status
type: string
drainProgress:
description: |-
DrainProgress indicates how many resources have been drained vs total
Format: "X/Y" where X is processed (completed + failed) and Y is total
type: string
drainStatus:
description: DrainStatus indicates the current state of the drain
process
enum:
- pending
- draining
- completed
- failed
type: string
enabledFeatures:
description: EnabledFeatures is the string representation of the features
enabled for this Kubernetes Operator
type: string
errorMessage:
description: RegistrationErrorMessage is a free-form error message
if the status is error
maxLength: 4096
type: string
id:
description: ID is the unique identifier for this Kubernetes Operator
type: string
registrationErrorCode:
description: RegistrationErrorCode is the returned ngrok error code
pattern: ^ERR_NGROK_\d+$
type: string
registrationStatus:
default: pending
description: RegistrationStatus is the status of the registration
of this Kubernetes Operator with the ngrok API
enum:
- registered
- error
- pending
type: string
uri:
description: URI is the URI for this Kubernetes Operator
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: ngrok-operator/charts/ngrok-crds/templates/ngrok.k8s.ngrok.com_ngroktrafficpolicies.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.1
name: ngroktrafficpolicies.ngrok.k8s.ngrok.com
spec:
group: ngrok.k8s.ngrok.com
names:
kind: NgrokTrafficPolicy
listKind: NgrokTrafficPolicyList
plural: ngroktrafficpolicies
singular: ngroktrafficpolicy
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NgrokTrafficPolicy is the Schema for the ngroktrafficpolicies
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: NgrokTrafficPolicySpec defines the desired state of NgrokTrafficPolicy
properties:
policy:
description: The raw json encoded policy that was applied to the ngrok
API
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
status:
description: NgrokTrafficPolicyStatus defines the observed state of NgrokTrafficPolicy
properties:
policy:
description: The raw json encoded policy that was applied to the ngrok
API
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
# Source: ngrok-operator/templates/agent/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-agent-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- agentendpoints
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- agentendpoints/finalizers
verbs:
- patch
- update
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- agentendpoints/status
verbs:
- get
- patch
- update
# KubernetesOperator is intentionally NOT in this role. The KubernetesOperator
# CR is a singleton owned by the api-manager and always lives in the release
# namespace, independent of `watchNamespace`. The agent reads it for drain
# state via a release-namespace-pinned cache scope; its rules live in
# release-namespace-role.yaml.
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- ngroktrafficpolicies
verbs:
- get
- list
- watch
---
# Source: ngrok-operator/templates/api-manager/bindings-cluster-role.yaml
# Bindings RBAC: cluster-wide rules required by the BoundEndpoint controller
# (binding poller) that runs in api-manager. These rules are always cluster-wide
# regardless of `watchNamespace` because:
#
# - BoundEndpoint CRs are reconciled cluster-wide.
# - The poller creates Kubernetes Services in any namespace based on the
# BoundEndpoint's top-level domain, so cross-namespace Service write access
# is required.
#
# This is symmetric with the bindings-forwarder ClusterRole for cluster-wide
# Pod watches — both binding components have a cluster-wide footprint by design.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-bindings-cluster-role
rules:
- apiGroups:
- bindings.k8s.ngrok.com
resources:
- boundendpoints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- bindings.k8s.ngrok.com
resources:
- boundendpoints/finalizers
verbs:
- patch
- update
- apiGroups:
- bindings.k8s.ngrok.com
resources:
- boundendpoints/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services/finalizers
verbs:
- patch
- update
- apiGroups:
- ""
resources:
- services/status
verbs:
- get
- list
- patch
- update
- watch
---
# Source: ngrok-operator/templates/api-manager/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-manager-role
rules:
# --- Core API ---
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services/finalizers
verbs:
- patch
- update
- apiGroups:
- ""
resources:
- services/status
verbs:
- get
- list
- patch
- update
- watch
# --- networking.k8s.io ---
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/finalizers
verbs:
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- get
- list
- update
- watch
# --- gateway.networking.k8s.io ---
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways/status
verbs:
- get
- list
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes/status
verbs:
- get
- list
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes/status
verbs:
- get
- list
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes/status
verbs:
- get
- list
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- referencegrants
verbs:
- get
- list
- watch
# --- ingress.k8s.ngrok.com ---
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains/finalizers
verbs:
- patch
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains/status
verbs:
- get
- patch
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies/finalizers
verbs:
- patch
- update
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies/status
verbs:
- get
- patch
- update
# --- bindings.k8s.ngrok.com ---
# BoundEndpoint is intentionally NOT in this role. The BoundEndpoint controller
# (binding poller) runs in api-manager and operates cluster-wide regardless of
# `watchNamespace`, so its rules live in bindings-cluster-role.yaml (gated on
# `bindings.enabled`).
# --- ngrok.k8s.ngrok.com ---
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- agentendpoints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- agentendpoints/finalizers
verbs:
- patch
- update
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- agentendpoints/status
verbs:
- get
- patch
- update
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- cloudendpoints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- cloudendpoints/finalizers
verbs:
- patch
- update
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- cloudendpoints/status
verbs:
- get
- patch
- update
# KubernetesOperator is intentionally NOT in this role. The KubernetesOperator
# CR is the api-manager's own state singleton and always lives in the release
# namespace, independent of `watchNamespace`. Its rules live in
# release-namespace-role.yaml.
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- ngroktrafficpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- ngroktrafficpolicies/finalizers
verbs:
- patch
- update
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- ngroktrafficpolicies/status
verbs:
- get
- patch
- update
# --- cluster-scoped Kubernetes resources (inline when ClusterRole) ---
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/finalizers
verbs:
- patch
- update
---
# Source: ngrok-operator/templates/rbac/crd-access/agentendpoint-editor.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-agentendpoint-editor-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- agentendpoints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- agentendpoints/status
verbs:
- get
---
# Source: ngrok-operator/templates/rbac/crd-access/agentendpoint-viewer.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-agentendpoint-viewer-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- agentendpoints
verbs:
- get
- list
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- agentendpoints/status
verbs:
- get
---
# Source: ngrok-operator/templates/rbac/crd-access/boundendpoint-editor.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-boundendpoint-editor-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- bindings.k8s.ngrok.com
resources:
- boundendpoints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- bindings.k8s.ngrok.com
resources:
- boundendpoints/status
verbs:
- get
---
# Source: ngrok-operator/templates/rbac/crd-access/boundendpoint-viewer.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-boundendpoint-viewer-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- bindings.k8s.ngrok.com
resources:
- boundendpoints
verbs:
- get
- list
- watch
- apiGroups:
- bindings.k8s.ngrok.com
resources:
- boundendpoints/status
verbs:
- get
---
# Source: ngrok-operator/templates/rbac/crd-access/cloudendpoint-editor.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-cloudendpoint-editor-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- cloudendpoints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- cloudendpoints/status
verbs:
- get
---
# Source: ngrok-operator/templates/rbac/crd-access/cloudendpoint-viewer.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-cloudendpoint-viewer-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- cloudendpoints
verbs:
- get
- list
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- cloudendpoints/status
verbs:
- get
---
# Source: ngrok-operator/templates/rbac/crd-access/domain-editor.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-domain-editor-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains/status
verbs:
- get
---
# Source: ngrok-operator/templates/rbac/crd-access/domain-viewer.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-domain-viewer-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains
verbs:
- get
- list
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- domains/status
verbs:
- get
---
# Source: ngrok-operator/templates/rbac/crd-access/ippolicy-editor.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-ippolicy-editor-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies/status
verbs:
- get
---
# Source: ngrok-operator/templates/rbac/crd-access/ippolicy-viewer.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-ippolicy-viewer-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies
verbs:
- get
- list
- watch
- apiGroups:
- ingress.k8s.ngrok.com
resources:
- ippolicies/status
verbs:
- get
---
# Source: ngrok-operator/templates/rbac/crd-access/kubernetesoperator-editor.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-kubernetesoperator-editor-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- kubernetesoperators
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- kubernetesoperators/status
verbs:
- get
---
# Source: ngrok-operator/templates/rbac/crd-access/kubernetesoperator-viewer.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-kubernetesoperator-viewer-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- kubernetesoperators
verbs:
- get
- list
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- kubernetesoperators/status
verbs:
- get
---
# Source: ngrok-operator/templates/rbac/crd-access/ngroktrafficpolicy-editor.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-ngroktrafficpolicy-editor-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- ngroktrafficpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- ngroktrafficpolicies/status
verbs:
- get
---
# Source: ngrok-operator/templates/rbac/crd-access/ngroktrafficpolicy-viewer.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-operator-ngroktrafficpolicy-viewer-role
labels:
app.kubernetes.io/component: rbac
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- ngroktrafficpolicies
verbs:
- get
- list
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- ngroktrafficpolicies/status
verbs:
- get
---
# Source: ngrok-operator/templates/agent/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ngrok-operator-agent-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ngrok-operator-agent-role
subjects:
- kind: ServiceAccount
name: ngrok-operator-agent
namespace: ngrok-operator
---
# Source: ngrok-operator/templates/api-manager/bindings-cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ngrok-operator-bindings-cluster-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ngrok-operator-bindings-cluster-role
subjects:
- kind: ServiceAccount
name: ngrok-operator
namespace: ngrok-operator
---
# Source: ngrok-operator/templates/api-manager/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ngrok-operator-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ngrok-operator-manager-role
subjects:
- kind: ServiceAccount
name: ngrok-operator
namespace: ngrok-operator
---
# Source: ngrok-operator/templates/agent/release-namespace-role.yaml
# Operator-state RBAC for the agent: the agent reads the singleton
# KubernetesOperator CR for drain state. The CR always lives in the release
# namespace regardless of `watchNamespace`, and the agent's controller-runtime
# cache pins this resource to the release namespace (see cmd/agent-manager.go),
# so the corresponding RBAC also lives here rather than in the watchNamespace
# Role.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ngrok-operator-agent-operator-state-role
namespace: ngrok-operator
rules:
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- kubernetesoperators
verbs:
- get
- list
- watch
---
# Source: ngrok-operator/templates/api-manager/leader-election-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ngrok-operator-leader-election-role
namespace: ngrok-operator
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
# Source: ngrok-operator/templates/api-manager/release-namespace-role.yaml
# Operator-state RBAC: rules the api-manager needs that are tied to the
# operator's installation, not to user workloads. These ALWAYS live in the
# release namespace regardless of `watchNamespace`, because:
#
# - KubernetesOperator is a singleton CR that the api-manager creates and
# reconciles for its own state; it always lives where the operator is
# installed (`POD_NAMESPACE`).
# - The TLS Secret created by `findOrCreateTLSSecret` is written to
# `r.K8sOpNamespace` (= release namespace), so secret writes are confined
# to that namespace even when the rest of the api-manager Role is namespaced
# to a different `watchNamespace`.
#
# Read access to Secrets is granted both here (so the operator can always read
# its own TLS Secret in the release namespace, even when `watchNamespace` points
# elsewhere — `CreateOrUpdate` does a Get before deciding to create) AND in the
# watchNamespace-following api-manager Role/ClusterRole (for user-referenced
# TLS material on Ingress/Gateway in the watched namespace).
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ngrok-operator-operator-state-role
namespace: ngrok-operator
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- kubernetesoperators
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- kubernetesoperators/finalizers
verbs:
- patch
- update
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- kubernetesoperators/status
verbs:
- get
- patch
- update
---
# Source: ngrok-operator/templates/agent/release-namespace-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ngrok-operator-agent-operator-state-rolebinding
namespace: ngrok-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ngrok-operator-agent-operator-state-role
subjects:
- kind: ServiceAccount
name: ngrok-operator-agent
namespace: ngrok-operator
---
# Source: ngrok-operator/templates/api-manager/leader-election-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ngrok-operator-leader-election-rolebinding
namespace: ngrok-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ngrok-operator-leader-election-role
subjects:
- kind: ServiceAccount
name: ngrok-operator
namespace: ngrok-operator
---
# Source: ngrok-operator/templates/api-manager/release-namespace-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ngrok-operator-operator-state-rolebinding
namespace: ngrok-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ngrok-operator-operator-state-role
subjects:
- kind: ServiceAccount
name: ngrok-operator
namespace: ngrok-operator
---
# Source: ngrok-operator/templates/agent/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: agent
name: ngrok-operator-agent
namespace: ngrok-operator
annotations:
checksum/rbac: 0e1543232056c2853f293a4dcb95f2f1097e41914036be3e6641b7bcfe4d1977
spec:
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/component: agent
template:
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: '8080'
prometheus.io/scrape: 'true'
checksum/rbac: 0e1543232056c2853f293a4dcb95f2f1097e41914036be3e6641b7bcfe4d1977
labels:
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/component: agent
spec:
terminationGracePeriodSeconds: 30
affinity:
podAffinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/component: agent
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
serviceAccountName: ngrok-operator-agent
containers:
- name: agent
image: docker.io/ngrok/ngrok-operator:0.21.0-rc.1
imagePullPolicy: IfNotPresent
command:
- /ngrok-operator
args:
- agent-manager
- --enable-feature-ingress=true
- --enable-feature-gateway=true
- --disable-reference-grants=false
- "--description=The official ngrok Kubernetes Operator."
- --zap-log-level=info
- --zap-stacktrace-level=error
- --zap-encoder=json
- --health-probe-bind-address=:8081
- --metrics-bind-address=:8080
- --manager-name=ngrok-operator-agent-manager
- --release-name=ngrok-operator
- --default-domain-reclaim-policy=Delete
securityContext:
allowPrivilegeEscalation: false
env:
- name: NGROK_AUTHTOKEN
valueFrom:
secretKeyRef:
key: AUTHTOKEN
name: ngrok-operator-credentials
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: HELM_RELEASE_NAME
value: "ngrok-operator"
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits: {}
requests: {}
---
# Source: ngrok-operator/templates/api-manager/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ngrok-operator-manager
namespace: ngrok-operator
annotations:
checksum/controller-role: 03c71c28e1a1bd7fe3fe3b77946b6e437280101a8ba6d4a2d19c1ee1c316afc7
checksum/rbac: 3c010fd2cf6a534cc29d1483b4abeb16710dfc185eded3d7ac57e5c3289e4ea2
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/component: controller
template:
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: '8080'
prometheus.io/scrape: 'true'
checksum/controller-role: 03c71c28e1a1bd7fe3fe3b77946b6e437280101a8ba6d4a2d19c1ee1c316afc7
checksum/rbac: 3c010fd2cf6a534cc29d1483b4abeb16710dfc185eded3d7ac57e5c3289e4ea2
checksum/secret: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
labels:
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/component: controller
spec:
terminationGracePeriodSeconds: 30
affinity:
podAffinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/component: controller
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
serviceAccountName: ngrok-operator
containers:
- name: ngrok-operator
image: docker.io/ngrok/ngrok-operator:0.21.0-rc.1
imagePullPolicy: IfNotPresent
command:
- /ngrok-operator
args:
- api-manager
- --release-name=ngrok-operator
- --drain-policy=Retain
- --default-domain-reclaim-policy=Delete
- --enable-feature-ingress=true
- --enable-feature-gateway=true
- --disable-reference-grants=false
- "--description=The official ngrok Kubernetes Operator."
- --ingress-controller-name=k8s.ngrok.com/ingress-controller
- --zap-log-level=info
- --zap-stacktrace-level=error
- --zap-encoder=json
- --health-probe-bind-address=:8081
- --metrics-bind-address=:8080
- --election-id=ngrok-operator-leader
- --manager-name=ngrok-operator-manager
- --cluster-domain=svc.cluster.local
securityContext:
allowPrivilegeEscalation: false
env:
- name: NGROK_API_KEY
valueFrom:
secretKeyRef:
key: API_KEY
name: ngrok-operator-credentials
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: HELM_RELEASE_NAME
value: "ngrok-operator"
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits: {}
requests: {}
---
# Source: ngrok-operator/templates/ingress-class.yaml
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ngrok
spec:
controller: k8s.ngrok.com/ingress-controller
---
# Source: ngrok-operator/templates/cleanup-hook/rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: ngrok-operator-cleanup
namespace: ngrok-operator
labels:
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
---
# Source: ngrok-operator/templates/cleanup-hook/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ngrok-operator-cleanup
namespace: ngrok-operator
labels:
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
rules:
- apiGroups:
- ngrok.k8s.ngrok.com
resources:
- kubernetesoperators
verbs:
- get
- list
- watch
- delete
---
# Source: ngrok-operator/templates/cleanup-hook/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ngrok-operator-cleanup
namespace: ngrok-operator
labels:
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ngrok-operator-cleanup
subjects:
- kind: ServiceAccount
name: ngrok-operator-cleanup
namespace: ngrok-operator
---
# Source: ngrok-operator/templates/cleanup-hook/job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: ngrok-operator-cleanup
namespace: ngrok-operator
labels:
helm.sh/chart: ngrok-operator-0.23.0-rc.1
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/version: "0.21.0-rc.1"
app.kubernetes.io/part-of: ngrok-operator
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "0"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
ttlSecondsAfterFinished: 60
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/name: ngrok-operator
app.kubernetes.io/instance: ngrok-operator
app.kubernetes.io/component: cleanup
spec:
serviceAccountName: ngrok-operator-cleanup
restartPolicy: OnFailure
containers:
- name: cleanup
image: "bitnami/kubectl:latest"
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
set -e
echo "Deleting KubernetesOperator 'ngrok-operator' to trigger drain..."
kubectl delete kubernetesoperator "ngrok-operator" -n ngrok-operator --wait=true --timeout=300s || true
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
Reference in New Issue View Git Blame Copy Permalink