🚀 Help make the NGINX Ingress Controller better by participating in our survey! 🚀
This repo provides an implementation of an Ingress Controller for NGINX and NGINX Plus.
Note: this project is different from the NGINX Ingress Controller in kubernetes/ingress-nginx repo. See this doc to find out about the key differences.
The Ingress is a Kubernetes resource that lets you configure an HTTP load balancer for applications running on Kubernetes, represented by one or more Services. Such a load balancer is necessary to deliver those applications to clients outside of the Kubernetes cluster.
The Ingress resource supports the following features:
- Content-based routing:
- Host-based routing. For example, routing requests with the host header
foo.example.com
to one group of services and the host headerbar.example.com
to another group. - Path-based routing. For example, routing requests with the URI that starts with
/serviceA
to service A and requests with the URI that starts with/serviceB
to service B.
- Host-based routing. For example, routing requests with the host header
- TLS/SSL termination for each hostname, such as
foo.example.com
.
See the Ingress User Guide to learn more about the Ingress resource.
The Ingress Controller is an application that runs in a cluster and configures an HTTP load balancer according to Ingress resources. The load balancer can be a software load balancer running in the cluster or a hardware or cloud load balancer running externally. Different load balancers require different Ingress Controller implementations.
In the case of NGINX, the Ingress Controller is deployed in a pod along with the load balancer.
NGINX Ingress Controller works with both NGINX and NGINX Plus and supports the standard Ingress features - content-based routing and TLS/SSL termination.
Additionally, several NGINX and NGINX Plus features are available as extensions to the Ingress resource via annotations and the ConfigMap resource. In addition to HTTP, NGINX Ingress Controller supports load balancing Websocket, gRPC, TCP and UDP applications. See ConfigMap and Annotations docs to learn more about the supported features and customization options.
As an alternative to the Ingress, NGINX Ingress Controller supports the VirtualServer and VirtualServerRoute resources. They enable use cases not supported with the Ingress resource, such as traffic splitting and advanced content-based routing. See VirtualServer and VirtualServerRoute resources doc.
TCP, UDP and TLS Passthrough load balancing is also supported. See the TransportServer resource doc.
Read this doc to learn more about NGINX Ingress Controller with NGINX Plus.
- Install the NGINX Ingress Controller using the Kubernetes manifests or the helm chart.
- Configure load balancing for a simple web application:
- Use the Ingress resource. See the Cafe example.
- Or the VirtualServer resource. See the Basic configuration example.
- See additional configuration examples.
- Learn more about all available configuration and customization in the docs.
We publish Ingress Controller releases on GitHub. See our releases page.
The latest stable release is 3.1.1. For production use, we recommend that you choose the latest stable release.
The edge version is useful for experimenting with new features that are not yet published in a stable release. To use it, choose the edge version built from the latest commit from the main branch.
To use the Ingress Controller, you need to have access to:
- An Ingress Controller image.
- Installation manifests or a Helm chart.
- Documentation and examples.
It is important that the versions of those things above match.
The table below summarizes the options regarding the images, manifests, helm chart, documentation and examples and gives your links to the correct versions:
Version | Description | Image for NGINX | Image for NGINX Plus | Installation Manifests and Helm Chart | Documentation and Examples |
---|---|---|---|---|---|
Latest stable release | For production use | Use the 3.1.1 images from DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io or build your own image. | Use the 3.1.1 images from the F5 Container Registry or the AWS Marketplace or Build your own image. | Manifests. Helm chart. | Documentation. Examples. |
Edge/Nightly | For testing and experimenting | Use the edge or nightly images from DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io or build your own image. | Build your own image. | Manifests. Helm chart. | Documentation. Examples. |
We generate SBOMs for the binaries and the Docker images.
The SBOMs for the binaries are available in the releases page. The SBOMs are generated using syft and are available in SPDX format.
The SBOMs for the Docker images are available in the DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io repositories. The SBOMs are generated using syft and stored as an attestation in the image manifest.
For example to retrieve the SBOM for linux/amd64
from Docker Hub and analyze it using grype you can run the following command:
$ docker buildx imagetools inspect nginx/nginx-ingress:edge --format '{{ json (index .SBOM "linux/amd64").SPDX }}' | grype
We’d like to hear your feedback! If you have any suggestions or experience issues with our Ingress Controller, please create an issue or send a pull request on GitHub. You can contact us directly via kubernetes@nginx.com or on the NGINX Community Slack.
If you'd like to contribute to the project, please read our Contributing guide.
For NGINX Plus customers NGINX Ingress Controller (when used with NGINX Plus) is covered by the support contract.