NGINX Ingress — Complete Kubernetes Gateway Guide
In this tutorial, you will learn about NGINX Ingress. We cover key concepts, practical examples, and best practices to help you master this topic.
NGINX Ingress Controller is a Kubernetes Ingress implementation that provides API gateway functionality. It routes external HTTP/HTTPS traffic to services within the cluster.
What You'll Learn
You'll learn how to configure NGINX Ingress, implement TLS, authentication, Rate Limiting, and annotations for advanced gateway features.
Why It Matters
NGINX Ingress is the most popular Kubernetes Ingress controller, used by over 50% of Kubernetes clusters. It brings proven NGINX gateway capabilities to containerized environments.
Real-World Use
A Kubernetes cluster runs 30 Microservices. A single NGINX Ingress Controller routes traffic to all services, handles TLS termination, enforces rate limits, and collects Prometheus metrics.
Implementation
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: api-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/limit-rps: "100"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "https://app.example.com"
spec:
ingressClassName: nginx
tls:
- hosts:
- api.example.com
secretName: api-tls
rules:
- host: api.example.com
http:
paths:
- path: /api/users(/|$)(.*)
pathType: Prefix
backend:
service:
name: user-service
port:
number: 3000
- path: /api/orders(/|$)(.*)
pathType: Prefix
backend:
service:
name: order-service
port:
number: 3001
Common Mistakes
| Mistake | Fix | |---------|-----| | Not setting resource limits | Ingress controller consumes all node memory | Set CPU/memory requests and limits | | Missing ingress class | Multiple ingress controllers conflict | Specify ingressClassName | | No health checks on backend | Traffic sent to unhealthy pods | Configure readiness probes | | Default backend not configured | Unmatched routes return 404 | Set a default backend for custom 404 | | No monitoring | Cannot observe ingress performance | Enable Prometheus annotations |
What's Next
Learn about Envoy Proxy for modern service mesh architectures.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro