Skip to main content

Deploy a multi-cloud API gateway

You've developed a world-class API, and now you want to make it available online on not just one cloud provider, but two or more.

Aside from the challenges involved in any multi-cloud deployment, you're looking for a multi-cloud API gateway that allows you to consistently apply security and traffic management policy in one place, provide a single pane of glass for observability, fail-over automatically, and work identically in every cloud or environment.

In this guide, you'll learn how to implement ngrok as a multi-cloud API gateway with these broad steps:

  1. Set up the common pattern of cloud and internal agent endpoints, which uses a single cloud endpoint to accept all API traffic and route it to internal agent endpoints via the forward-internal Trafic Policy action.
  2. Use endpoint pooling to enable dead-simple load balancing between your API services.
  3. Apply Traffic Policy rules to your endpoints to manage traffic according to common API gateway use cases.
info

This guide uses endpoint pools, which are not yet generally available. To use them, you must request access to the developer preview.

What you'll need

  • An ngrok account: Sign up for for free if you don't already have one.
  • Your authtoken: Create an authtoken using the ngrok dashboard.
  • A reserved domain: Reserve a domain in the ngrok dashboard or using the ngrok API. You can choose from an ngrok subdomain or bring your own custom branded domain, like https://api.example.com. We'll refer to this domain as {YOUR_NGROK_DOMAIN} throughout the guide.
  • The ngrok agent: Download the appropriate version and install it on the same machine or network as the API service you want to make available via ngrok's API gateway.
  • (optional) An API key: Create an ngrok API key using the ngrok dashboard if you'd like to use the ngrok API to manage your multi-cloud API gateway setup.

Deploy a demo API service (optional)

If you don't yet have API services you'd like to bring online with a multi-cloud API gateway, or just want to quickly wire up a POC using ngrok, we recommend running multiple "replicas" of httpbin, which is simple HTTP request and response service.

Assuming you have Docker installed on the systems where your API services run, you can deploy an httpbin container listening on port 8080.

Loading…

Repeat this process on your other cloud providers where you want to run replicas of your API service.

Bring your multi-cloud API gateway online

Create internal agent endpoints to add API services to an endpoint pool

When your create two endpoints with the same URL (and binding), those endpoints automatically form a "pool" and share incoming traffic. For handling API traffic in a multi-cloud environment, you'll create two internal agent endpoints on the same URL to form the pool and load balance traffic between them automatically—no complex networking or cloud-specific tools required.

In one cloud, create an internal agent endpoint on an internal URL, like https://api.internal. Replace 8080 with for an API service you've brought yourself.

Loading…

Repeat the process for additional replicas of your API service in other clouds.

Loading…

These two internal agent endpoints are now in a single endpoint pool, and traffic is automatically load balanced between them.

Create a Traffic Policy file to forward traffic

The internal agent endpoints you just created—and the endpoint pool that handles load balancing between them—are not yet addressable on the public internet.

For that, you need a Traffic Policy rule that species a forward-internal action and the URL to an internal endpoint where traffic should be forwarded.

Create a file called multi-cloud-policy.yaml and paste the YAML below.

Loading…

You'll use this Traffic Policy file in the next step.

Create a cloud endpoint for your API

Cloud endpoints are persistent, always-on endpoints that you can manage with the ngrok dashboard or API.

You centrally control your traffic management and security policy on this cloud endpoint, then forward traffic to your endpoint pool, rather than trying to apply policy separately for each replica and cloud.

First, log into the ngrok dashboard. Click Endpoints → + New.

Leave the Binding value Public, then enter the domain name you reserved earlier. Click Create Cloud Endpoint.

With your cloud endpoint created, you'll see a default Traffic Policy in the dashboard. Open up your multi-cloud-policy.yaml file, copy its contents, and paste them into the editor. Click Save to apply your changes.

Access your API services

At this point, you have a front door to your multi-cloud API gateway with a cloud endpoint, which in turn forwards traffic to your endpoint pool for automatic load balancing between clouds.

If you're running httpbin as a demo API service, send a query to the /get route—if you've brought your own service, change the route accordingly.

Loading…

With httpbin, you'll see a response like:

Loading…

Manage multi-cloud API traffic with Traffic Policy rules

TK

Add security policy across your multi-cloud API gateway

TK

Add rate limiting for all API services

TK

Compose policies on specific API services

TK

Define custom load balancing strategies with endpoint pools

TK

Extend your multi-cloud API gateway with additional services

So far, you've deployed multiple replicas of a single API service and added automatic load balancing with an endpoint pool.

What if you have more than one API service you'd like to make available behind a multi-cloud API gateway? You'll need to add additional forward-internal actions and implement a strategy for routing to different upstream services based on the qualities of incoming requests.

Route by path

TK

Route by headers

TK

What's next?

TK