Nginx Ingress Controller for K8s

Why Nginx Ingress Controller?

The Nginx Ingress Controller is the most widely deployed ingress solution for Kubernetes, handling external traffic routing, TLS termination, and load balancing for your cluster services. It translates Kubernetes Ingress resources into Nginx configuration automatically.

Installation with Helm

Deploy the ingress controller using the official Helm chart:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

helm install ingress-nginx ingress-nginx/ingress-nginx \
  --namespace ingress-nginx \
  --create-namespace \
  --set controller.replicaCount=2 \
  --set controller.resources.requests.cpu=100m \
  --set controller.resources.requests.memory=128Mi \
  --set controller.metrics.enabled=true

Basic Ingress Resource

Route traffic to your services based on hostname and path:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /api
        pathType: Prefix
        backend:
          service:
            name: api-service
            port:
              number: 80
      - path: /
        pathType: Prefix
        backend:
          service:
            name: frontend-service
            port:
              number: 80

TLS with cert-manager

Automate Let's Encrypt certificate provisioning:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress-tls
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - app.example.com
    secretName: app-tls-secret
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: app-service
            port:
              number: 80

Production Tuning Annotations

Essential annotations for production deployments:

metadata:
  annotations:
    # Rate limiting
    nginx.ingress.kubernetes.io/limit-rps: "50"
    nginx.ingress.kubernetes.io/limit-burst-multiplier: "5"

    # Timeouts
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "10"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "60"

    # Body size (file uploads)
    nginx.ingress.kubernetes.io/proxy-body-size: "50m"

    # CORS
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-origin: "https://app.example.com"

    # Security headers
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "X-Frame-Options: DENY";
      more_set_headers "X-Content-Type-Options: nosniff";

High Availability Configuration

• Multiple replicas — Run at least 2 controller pods across different nodes
• Pod disruption budgets — Ensure at least 1 pod is always available during rolling updates
• Anti-affinity rules — Spread controller pods across availability zones
• Resource requests — Guarantee CPU and memory allocation for consistent performance

Monitoring with Prometheus

Enable metrics and create a ServiceMonitor for Prometheus scraping:

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: ingress-nginx
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
  endpoints:
  - port: metrics
    interval: 30s

Key metrics to monitor: nginx_ingress_controller_requests, nginx_ingress_controller_response_duration_seconds, and nginx_ingress_controller_nginx_process_connections.

Eazy SaaS Tip: We deploy Nginx Ingress with a Grafana dashboard pre-configured with 4 golden signals (latency, traffic, errors, saturation). This gives instant visibility into ingress performance for all your services.