Kubernetes Endpoints

Kubernetes endpoints are secure, private endpoints that are only addressable inside of Kubernetes clusters where you install the Kubernetes operator. They enable you to connect to ngrok endpoints without making them publicly addressable.

Kubernetes endpoints have a binding of kubernetes.


Create a Kubernetes endpoint by specifying binding of kubernetes when you create an endpoint.

Step 1: Install the ngrok Kubernetes Operator


Step 2: Create an ngrok endpoint

Run the following command in the same ngrok account to create the kubernetes bound endpoint. After the command completes, the ngrok operator will create Service objects in the kubernetes cluster matching the endpoint's URL.


Step 3: Connect to the endpoint

Other pods in the Kubernetes cluster where the ngrok operator is running can connect to the bound endpoint.


Congraulations, you just connected to your application via a private kubernetes endpoint!


Kubernetes endpoint URL hostnames must be in the following format:

  • [http|tcp]://name.namespace[:port]

The following restrictions are enforced:

  • Scheme - Must be http or tcp. https and tls are not supported.
  • Hostname - Hostnames must always be two parts separated by a single dot, e.g. Wildcard hostnames are not allowed.
  • Port - All port numbers [1-65535] are valid. Port must be specified for tcp endpoints.
  • Namespacing - Kubernetes endpoints are namespaced on a per-account basis. Two accounts may have kubernetes endpoints with the same URL (e.g. http://api.internal). Those endpoints will not conflict or pool.


  • http://app.example
  • http://app.example:12345
  • tcp://app.example:443
  • tcp://app.example:12345
  • https://app.example - invalid scheme https
  • tls://app.example:12345 - invalid scheme tls
  • - invalid hostname, must have only two parts
  • tcp://app.example - tcp endpoint must specify port number

Type and Pooling

Service Creation

After a kubernetes-bound endpoint is created, the ngrok cloud service notifies Kubernetes Operators that a new kubernetes-bound endpoint exists. Kubernetes Operators create v1.Service objects in their Kubernetes clusters which forward traffic they receive to the operators' pods.

ClusterIP Service

A Cluster IP service is created in the operator's namespace.


ExternalName Service

An ExternalName service is created in the namespace targeted by the second part of the URL's hostname.


Endpoint Selector

If you don't want all kubernetes endpoints in your account to appear inside of a cluster, you may specify an Endpoint Selector which filters which Kubernetes endpoints are projected into the cluster it runs in. Endpoint Selectors are a CEL expression which is evaluated against each Kubernetes Endpoint in your account. The operator will only projects endpoints that the selector returns true for.

For example, to only project kubernetes endpoints in the billing namespace, you would add the following flag when installing the Kubernetes Operator:


Kubernetes endpoints can be created programatically. Consult the documentation on Endpoint APIs.


Kubernetes endpoints are available on the Pay-as-you-go plan. Consult the Endpoints Pricing documentation for billing details.