NGINX

NGINX is the most widely used ingress controller for Kubernetes, supporting advanced routing, TLS, and integration with all major clouds (AKS, EKS, GKE) and on-prem clusters. It is GitOps-friendly and production-proven.


Why Use NGINX Ingress?

  • Mature, large community, and well-documented

  • Supports advanced routing, TLS, and authentication

  • Works with GitOps tools (ArgoCD, Flux) for declarative, auditable deployments

  • Integrates with cloud load balancers (AKS, EKS, GKE)

  • Highly customizable via Helm or YAML


Installation (Helm)

helm upgrade --install ingress-nginx ingress-nginx \
  --repo https://kubernetes.github.io/ingress-nginx \
  --namespace ingress-nginx --create-namespace
  • Idempotent: installs or upgrades the controller in the ingress-nginx namespace.

  • For all configurable values:

    helm show values ingress-nginx --repo https://kubernetes.github.io/ingress-nginx

Installation (YAML Manifest)

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml

Pre-flight Check

kubectl get pods --namespace=ingress-nginx
kubectl wait --namespace ingress-nginx \
  --for=condition=ready pod \
  --selector=app.kubernetes.io/component=controller \
  --timeout=120s

Local Testing Example

Deploy a demo web server and expose it:

kubectl create deployment demo --image=httpd --port=80
kubectl expose deployment demo

Create an ingress resource (host maps to localhost):

kubectl create ingress demo-localhost --class=nginx \
  --rule="demo.localdev.me/*=demo:80"

Port-forward to the ingress controller:

kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller 8080:80

Test with curl:

curl --resolve demo.localdev.me:8080:127.0.0.1 http://demo.localdev.me:8080

Online Testing (Cloud LoadBalancer)

Get the external IP:

kubectl get service ingress-nginx-controller --namespace=ingress-nginx
  • Set up a DNS record for your domain to point to the external IP.

  • Create an ingress resource for your domain:

    kubectl create ingress demo --class=nginx \
      --rule="www.demo.io/*=demo:80"

GitOps Example (ArgoCD)

  1. Store your ingress manifests in Git.

  2. Define an ArgoCD Application:

    apiVersion: argoproj.io/v1alpha1
    kind: Application
    metadata:
      name: nginx-ingress
      namespace: argocd
    spec:
      project: default
      source:
        repoURL: 'https://github.com/your-org/your-gitops-repo.git'
        targetRevision: main
        path: k8s/ingress-nginx
      destination:
        server: 'https://kubernetes.default.svc'
        namespace: ingress-nginx
      syncPolicy:
        automated:
          prune: true
          selfHeal: true
  3. Apply with:

    kubectl apply -f nginx-ingress-argocd-app.yaml

Pros and Cons

Pros
Cons

Large community, mature

Can be complex to tune for high scale

Advanced routing, TLS, auth

Some features require custom templates

Works with all clouds

Default config may need hardening

GitOps-friendly


2025 Best Practices

  • Use GitOps (ArgoCD, Flux) for all NGINX config and upgrades

  • Store all manifests and Helm values in Git

  • Enable RBAC and network policies for security

  • Use HTTPS and automatic certificate management

  • Monitor with Prometheus/Grafana

  • Use LLMs (Copilot, Claude) to generate and review ingress configs

Common Pitfalls

  • Exposing services without TLS

  • Manual changes outside Git (causes drift)

  • Not monitoring for sync errors or drift


References

Last updated