BestHub
Sign in
Cloud Native 6 min read

How Nginx Ingress Transforms Kubernetes Ingress Resources into Proxy Configurations

This article explains how host‑level Nginx and the nginx‑ingress pod work as reverse proxies, how Ingress YAML definitions are converted into Nginx configuration, and how to expose services via NodePort for scalable traffic handling in Kubernetes.

Efficient Ops
Efficient Ops
Efficient Ops
How Nginx Ingress Transforms Kubernetes Ingress Resources into Proxy Configurations

Host Nginx

Typical Nginx reverse‑proxy configuration uses an upstream block that lists service endpoints and a server block that forwards requests.

upstream order{
    server 192.168.1.10:5001;
    server 192.168.1.11:5001;
}
server {
    listen 80;
    server_name order.example.com;
    access_log /var/log/nginx/order.example.com-access.log;
    error_log  /var/log/nginx/order.example.com-error.log;
    location / {
        proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass http://order;
    }
}

The IP:port pairs are called endpoints, representing concrete services such as the “order” service.

Pod nginx‑ingress

nginx‑ingress runs as a pod that acts as a gateway for all external traffic, converting Ingress resources into Nginx configuration inside the pod. It consists of a controller that watches the Kubernetes API and an Nginx instance that performs the actual reverse proxy.

The controller updates Nginx based on Ingress YAML definitions, for example the official deployment manifest mandatory.yaml from the ingress‑nginx project.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  namespace: ingress-nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/name: ingress-nginx
    spec:
      terminationGracePeriodSeconds: 300
      serviceAccountName: nginx-ingress-serviceaccount
      containers:
        - name: nginx-ingress-controller
          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1
          ports:
            - name: http
              containerPort: 80
            - name: https
              containerPort: 443

The pod exposes ports 80 and 443 via a NodePort service so that external clients can reach the services.

Ingress resource

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: order
spec:
  rules:
  - host: order.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: order
          servicePort: 80

This single rule directs all traffic for order.example.com to the internal order service on port 80. The controller translates it into an Nginx upstream and server block similar to the host‑Nginx example.

How nginx‑ingress serves traffic

Pods can expose services either via a NodePort service or by forwarding ports; the common practice is to create a NodePort service for the ingress pod.

Ingress workflow

Ingress workflow
Ingress workflow

Because a single nginx‑ingress pod proxies all services, scaling the deployment by adding more pod replicas distributes load under high concurrency.

cloud-nativeIngressreverse-proxy
Efficient Ops
Written by

Efficient Ops

This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment