NGINX
NGINX is the most widely used ingress controller for Kubernetes, supporting advanced routing, TLS, and integration with all major clouds (AKS, EKS, GKE) and on-prem clusters. It is GitOps-friendly and production-proven.
Why Use NGINX Ingress?
Mature, large community, and well-documented
Supports advanced routing, TLS, and authentication
Works with GitOps tools (ArgoCD, Flux) for declarative, auditable deployments
Integrates with cloud load balancers (AKS, EKS, GKE)
Highly customizable via Helm or YAML
Installation (Helm)
helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace
Idempotent: installs or upgrades the controller in the
ingress-nginx
namespace.For all configurable values:
helm show values ingress-nginx --repo https://kubernetes.github.io/ingress-nginx
Installation (YAML Manifest)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
Nearly identical resources as Helm install.
For Kubernetes <1.19, see version-specific manifests.
Pre-flight Check
kubectl get pods --namespace=ingress-nginx
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=120s
Local Testing Example
Deploy a demo web server and expose it:
kubectl create deployment demo --image=httpd --port=80
kubectl expose deployment demo
Create an ingress resource (host maps to localhost):
kubectl create ingress demo-localhost --class=nginx \
--rule="demo.localdev.me/*=demo:80"
Port-forward to the ingress controller:
kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller 8080:80
Test with curl:
curl --resolve demo.localdev.me:8080:127.0.0.1 http://demo.localdev.me:8080
Online Testing (Cloud LoadBalancer)
Get the external IP:
kubectl get service ingress-nginx-controller --namespace=ingress-nginx
Set up a DNS record for your domain to point to the external IP.
Create an ingress resource for your domain:
kubectl create ingress demo --class=nginx \ --rule="www.demo.io/*=demo:80"
GitOps Example (ArgoCD)
Store your ingress manifests in Git.
Define an ArgoCD Application:
apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: nginx-ingress namespace: argocd spec: project: default source: repoURL: 'https://github.com/your-org/your-gitops-repo.git' targetRevision: main path: k8s/ingress-nginx destination: server: 'https://kubernetes.default.svc' namespace: ingress-nginx syncPolicy: automated: prune: true selfHeal: true
Apply with:
kubectl apply -f nginx-ingress-argocd-app.yaml
Pros and Cons
Large community, mature
Can be complex to tune for high scale
Advanced routing, TLS, auth
Some features require custom templates
Works with all clouds
Default config may need hardening
GitOps-friendly
2025 Best Practices
Use GitOps (ArgoCD, Flux) for all NGINX config and upgrades
Store all manifests and Helm values in Git
Enable RBAC and network policies for security
Use HTTPS and automatic certificate management
Monitor with Prometheus/Grafana
Use LLMs (Copilot, Claude) to generate and review ingress configs
Common Pitfalls
Exposing services without TLS
Manual changes outside Git (causes drift)
Not monitoring for sync errors or drift
References
Last updated