freundcloud

NGINX

NGINX is the most widely used ingress controller for Kubernetes, supporting advanced routing, TLS, and integration with all major clouds (AKS, EKS, GKE) and on-prem clusters. It is GitOps-friendly and production-proven.

Why Use NGINX Ingress?

  • Mature, large community, and well-documented
  • Supports advanced routing, TLS, and authentication
  • Works with GitOps tools (ArgoCD, Flux) for declarative, auditable deployments
  • Integrates with cloud load balancers (AKS, EKS, GKE)
  • Highly customizable via Helm or YAML

Installation (Helm)

helm upgrade --install ingress-nginx ingress-nginx \
  --repo https://kubernetes.github.io/ingress-nginx \
  --namespace ingress-nginx --create-namespace
  • Idempotent: installs or upgrades the controller in the ingress-nginx namespace.
  • For all configurable values: 
    helm show values ingress-nginx --repo https://kubernetes.github.io/ingress-nginx

Installation (YAML Manifest)

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml

Pre-flight Check

kubectl get pods --namespace=ingress-nginx
kubectl wait --namespace ingress-nginx \
  --for=condition=ready pod \
  --selector=app.kubernetes.io/component=controller \
  --timeout=120s

Local Testing Example

Deploy a demo web server and expose it:

kubectl create deployment demo --image=httpd --port=80
kubectl expose deployment demo

Create an ingress resource (host maps to localhost):

kubectl create ingress demo-localhost --class=nginx \
  --rule="demo.localdev.me/*=demo:80"

Port-forward to the ingress controller:

kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller 8080:80

Test with curl:

curl --resolve demo.localdev.me:8080:127.0.0.1 http://demo.localdev.me:8080

Online Testing (Cloud LoadBalancer)

Get the external IP:

kubectl get service ingress-nginx-controller --namespace=ingress-nginx
  • Set up a DNS record for your domain to point to the external IP.
  • Create an ingress resource for your domain: 
    kubectl create ingress demo --class=nginx \
  --rule="www.demo.io/*=demo:80"

GitOps Example (ArgoCD)

  1. Store your ingress manifests in Git.
  2. Define an ArgoCD Application: 
    apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: nginx-ingress
  namespace: argocd
spec:
  project: default
  source:
    repoURL: 'https://github.com/your-org/your-gitops-repo.git'
    targetRevision: main
    path: k8s/ingress-nginx
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: ingress-nginx
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
  3. Apply with: 
    kubectl apply -f nginx-ingress-argocd-app.yaml

Pros and Cons

| Pros | Cons | |——|——| | Large community, mature | Can be complex to tune for high scale | | Advanced routing, TLS, auth | Some features require custom templates | | Works with all clouds | Default config may need hardening | | GitOps-friendly | |

2025 Best Practices

  • Use GitOps (ArgoCD, Flux) for all NGINX config and upgrades
  • Store all manifests and Helm values in Git
  • Enable RBAC and network policies for security
  • Use HTTPS and automatic certificate management
  • Monitor with Prometheus/Grafana
  • Use LLMs (Copilot, Claude) to generate and review ingress configs

Common Pitfalls

  • Exposing services without TLS
  • Manual changes outside Git (causes drift)
  • Not monitoring for sync errors or drift

References