nginx.ingress.kubernetes.io/app-root | string | Redirects requests for the root URL (/) to a specified path in your application. | Not set (no redirection) | nginx.ingress.kubernetes.io/app-root: "/home" - Redirects requests from http://example.com/ to http://example.com/home. |
nginx.ingress.kubernetes.io/affinity | cookie | Sets the type of session affinity. | Not set (no affinity) | nginx.ingress.kubernetes.io/affinity: "cookie" - Enables session affinity using cookies. |
nginx.ingress.kubernetes.io/affinity-mode | "balanced" or "persistent" | Defines the mode of session affinity. | "persistent" (default mode) | nginx.ingress.kubernetes.io/affinity-mode: "balanced" - Uses balanced mode for session affinity. |
nginx.ingress.kubernetes.io/affinity-canary-behavior | "sticky" or "legacy" | Determines the canary behavior in relation to session affinity. | Not set (default behavior not specified) | nginx.ingress.kubernetes.io/affinity-canary-behavior: "sticky" - Ensures canary sessions stick to their respective canary version. |
nginx.ingress.kubernetes.io/auth-realm | string | Sets the authentication realm for basic and digest authentication. | Not set | nginx.ingress.kubernetes.io/auth-realm: "Authentication Required" - Displays a custom message during authentication. |
nginx.ingress.kubernetes.io/auth-secret | string | Specifies the name of the secret that contains the authentication credentials. | Not set | nginx.ingress.kubernetes.io/auth-secret: "my-auth-secret" - Uses 'my-auth-secret' for authentication credentials. |
nginx.ingress.kubernetes.io/auth-tls-verify-client | string | Enables verification of client certificates. | "off" | nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" - Requires a valid client certificate for access. |
nginx.ingress.kubernetes.io/auth-tls-error-page | string | Specifies a custom error page URL when client certificate authentication fails. | Not set | nginx.ingress.kubernetes.io/auth-tls-error-page: "http://example.com/error" - Redirects to a custom error page on authentication failure. |
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream | "true" or "false" | Determines whether to pass the client certificate to the upstream server. | "false" | nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" - Passes the client certificate to the upstream server. |
nginx.ingress.kubernetes.io/auth-tls-match-cn | string | Matches the Common Name (CN) from the client certificate. | Not set | nginx.ingress.kubernetes.io/auth-tls-match-cn: "example.com" - Only allows client certificates with CN matching 'example.com'. |
nginx.ingress.kubernetes.io/auth-url | string | Specifies the URL to use for external authentication. | Not set | nginx.ingress.kubernetes.io/auth-url: "http://auth.example.com/validate" - Redirects authentication requests to the specified URL. |
nginx.ingress.kubernetes.io/auth-cache-key | string | Sets the key to be used for caching the authentication result. | Not set | nginx.ingress.kubernetes.io/auth-cache-key: "$scheme$http_authorization$proxy_host" - Uses a combination of scheme, authorization header, and proxy host for the cache key. |
nginx.ingress.kubernetes.io/auth-cache-duration | string | Defines the duration for caching the authentication result. | "5m" | nginx.ingress.kubernetes.io/auth-cache-duration: "10m" - Caches authentication results for 10 minutes. |
nginx.ingress.kubernetes.io/auth-keepalive | number | Sets the number of keepalive connections to the authentication backend. | Not set | nginx.ingress.kubernetes.io/auth-keepalive: "10" - Maintains 10 keepalive connections. |
nginx.ingress.kubernetes.io/auth-keepalive-share-vars | "true" or "false" | Determines whether to share keepalive connections between different locations. | Not set | nginx.ingress.kubernetes.io/auth-keepalive-share-vars: "true" - Enables sharing of keepalive connections. |
nginx.ingress.kubernetes.io/auth-keepalive-requests | number | Specifies the maximum number of requests to send through a keepalive connection to the authentication backend. | Not set | nginx.ingress.kubernetes.io/auth-keepalive-requests: "100" - Allows 100 requests per keepalive connection. |
nginx.ingress.kubernetes.io/auth-keepalive-timeout | number | Sets the timeout for keepalive connections to the authentication backend. | Not set | nginx.ingress.kubernetes.io/auth-keepalive-timeout: "30" - Sets a timeout of 30 seconds for keepalive connections. |
nginx.ingress.kubernetes.io/auth-proxy-set-headers | string | Specifies the name of the ConfigMap containing custom headers to be passed to the authentication backend. | Not set | nginx.ingress.kubernetes.io/auth-proxy-set-headers: "custom-headers-map" - Uses the 'custom-headers-map' ConfigMap for custom headers. |
nginx.ingress.kubernetes.io/auth-snippet | string | Adds custom configuration to the authentication location block. | Not set | nginx.ingress.kubernetes.io/auth-snippet: "proxy_set_header X-Auth-Request-Redirect $request_uri;" - Adds a custom proxy_set_header directive. |
nginx.ingress.kubernetes.io/enable-global-auth | "true" or "false" | Enables or disables global authentication for all paths under the host. | "false" | nginx.ingress.kubernetes.io/enable-global-auth: "true" - Enables global authentication for all paths. |
nginx.ingress.kubernetes.io/backend-protocol | string | Specifies the protocol used to communicate with the backend service. Value values: HTTP, HTTPS, AUTO_HTTP, GRPC, GRPCS and FCGI | "HTTP" | nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - Communicates with the backend over HTTPS. |
nginx.ingress.kubernetes.io/canary | "true" or "false" | Enables or disables canary deployment for the ingress. | "false" | nginx.ingress.kubernetes.io/canary: "true" - Activates canary deployment for the ingress. |
nginx.ingress.kubernetes.io/canary-by-header | string | Specifies a header name to route requests to the canary service. | Not set | nginx.ingress.kubernetes.io/canary-by-header: "CanaryByHeaderName" - Routes requests with the specified header to the canary. |
nginx.ingress.kubernetes.io/canary-by-header-value | string | Specifies a header value to route requests to the canary service. | Not set | nginx.ingress.kubernetes.io/canary-by-header-value: "DoCanary" - Routes requests with the specified header value to the canary. |
nginx.ingress.kubernetes.io/canary-by-header-pattern | string | Routes requests to the canary service based on a pattern in a specified header. | Not set | nginx.ingress.kubernetes.io/canary-by-header-pattern: "^Canary.*$" - Routes requests with a header matching the regex pattern to the canary. |
nginx.ingress.kubernetes.io/canary-by-cookie | string | Routes requests to the canary service based on the presence of a specified cookie. | Not set | nginx.ingress.kubernetes.io/canary-by-cookie: "CanaryCookie" - Routes requests with the specified cookie to the canary. |
nginx.ingress.kubernetes.io/canary-weight | number | Assigns a weight to the canary service for splitting traffic. | Not set | nginx.ingress.kubernetes.io/canary-weight: "20" - Assigns 20% of the traffic to the canary service. |
nginx.ingress.kubernetes.io/canary-weight-total | number | Sets the total weight for canary deployment, used in conjunction with canary-weight. | Not set | nginx.ingress.kubernetes.io/canary-weight-total: "100" - Sets the total weight for canary deployment to 100. |
nginx.ingress.kubernetes.io/client-body-buffer-size | string | Sets the buffer size for reading client request body. | Not set | nginx.ingress.kubernetes.io/client-body-buffer-size: "16k" - Sets the buffer size to 16 kilobytes. |
nginx.ingress.kubernetes.io/configuration-snippet | string | Adds custom configuration to the NGINX location block. | Not set | nginx.ingress.kubernetes.io/configuration-snippet: "add_header Cache-Control no-cache" - Adds a custom header to the response. |
nginx.ingress.kubernetes.io/custom-http-errors | []int | Defines custom HTTP error codes to be handled by the custom error pages. | Not set | nginx.ingress.kubernetes.io/custom-http-errors: "404,500,502" - Custom error handling for 404, 500, and 502 errors. |
nginx.ingress.kubernetes.io/default-backend | string | Specifies the default backend service to use for requests that don't match any rule. | Not set | nginx.ingress.kubernetes.io/default-backend: "custom-default-backend" - Uses a specific service for default backend responses. |
nginx.ingress.kubernetes.io/enable-cors | "true" or "false" | Enables or disables Cross-Origin Resource Sharing (CORS). | "false" | nginx.ingress.kubernetes.io/enable-cors: "true" - Enables CORS on the ingress. |
nginx.ingress.kubernetes.io/cors-allow-origin | string | Sets the Access-Control-Allow-Origin header for CORS. | "*" (all origins) | nginx.ingress.kubernetes.io/cors-allow-origin: "https://example.com" - Allows CORS requests from 'example.com'. |
nginx.ingress.kubernetes.io/cors-allow-methods | string | Specifies the methods allowed when accessing the resource in response to a preflight request. | "GET, PUT, POST, DELETE, PATCH, OPTIONS" | nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT" - Allows GET, POST, and PUT methods for CORS. |
nginx.ingress.kubernetes.io/cors-allow-headers | string | Indicates which headers can be used during the actual request. | Not set | nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent" - Allows specified headers for CORS requests. |
nginx.ingress.kubernetes.io/cors-expose-headers | string | Indicates which headers are safe to expose to the API of a CORS API specification. | Not set | nginx.ingress.kubernetes.io/cors-expose-headers: "Content-Length,Content-Range" - Exposes Content-Length and Content-Range headers in CORS responses. |
nginx.ingress.kubernetes.io/cors-allow-credentials | "true" or "false" | Indicates whether the response to the request can be exposed when the credentials flag is true. | "false" | nginx.ingress.kubernetes.io/cors-allow-credentials: "true" - Allows credentials for CORS requests. |
nginx.ingress.kubernetes.io/cors-max-age | number | Indicates how long the results of a preflight request can be cached. | "86400" (24 hours) | nginx.ingress.kubernetes.io/cors-max-age: "3600" - Caches the preflight request results for 3600 seconds (1 hour). |
nginx.ingress.kubernetes.io/force-ssl-redirect | "true" or "false" | Forces SSL redirect for all HTTP requests. | "false" | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - Redirects all HTTP requests to HTTPS. |
nginx.ingress.kubernetes.io/from-to-www-redirect | "true" or "false" | Redirects traffic from the non-www to the www version of the URL or vice versa. | "false" | nginx.ingress.kubernetes.io/from-to-www-redirect: "true" - Redirects non-www URLs to their www counterparts. |
nginx.ingress.kubernetes.io/http2-push-preload | "true" or "false" | Enables HTTP/2 server push for resources in the preload link header. | "false" | nginx.ingress.kubernetes.io/http2-push-preload: "true" - Activates HTTP/2 server push. |
nginx.ingress.kubernetes.io/limit-connections | number | Limits the number of concurrent connections allowed from a single IP address. | Not set | nginx.ingress.kubernetes.io/limit-connections: "100" - Limits to 100 concurrent connections per IP. |
nginx.ingress.kubernetes.io/limit-rps | number | Limits the number of requests per second allowed from a single IP address. | Not set | nginx.ingress.kubernetes.io/limit-rps: "10" - Limits to 10 requests per second per IP. |
nginx.ingress.kubernetes.io/global-rate-limit | number | Sets a global rate limit for all requests. | Not set | nginx.ingress.kubernetes.io/global-rate-limit: "100" - Limits the rate to 100 requests per defined window. |
nginx.ingress.kubernetes.io/global-rate-limit-window | duration | Defines the time window for the global rate limit. | Not set | nginx.ingress.kubernetes.io/global-rate-limit-window: "1m" - Sets the rate limit window to 1 minute. |
nginx.ingress.kubernetes.io/global-rate-limit-key | string | Specifies the key used to differentiate clients for global rate limiting. | Not set | nginx.ingress.kubernetes.io/global-rate-limit-key: "binary_remote_addr" - Uses the client's IP address for rate limiting. |
nginx.ingress.kubernetes.io/global-rate-limit-ignored-cidrs | string | Defines CIDRs that are excluded from the global rate limit. | Not set | nginx.ingress.kubernetes.io/global-rate-limit-ignored-cidrs: "192.168.0.0/16" - Ignores the specified CIDR for rate limiting. |
nginx.ingress.kubernetes.io/permanent-redirect | string | Specifies the URL for a permanent redirect (301). | Not set | nginx.ingress.kubernetes.io/permanent-redirect: "http://example.com" - Redirects all requests permanently to the specified URL. |
nginx.ingress.kubernetes.io/permanent-redirect-code | number | Sets the HTTP status code for the permanent redirect. | "301" | nginx.ingress.kubernetes.io/permanent-redirect-code: "308" - Uses HTTP 308 for permanent redirects. |
nginx.ingress.kubernetes.io/temporal-redirect | string | Specifies the URL for a temporary redirect (302). | Not set | nginx.ingress.kubernetes.io/temporal-redirect: "http://temporary.example.com" - Redirects all requests temporarily to the specified URL. |
nginx.ingress.kubernetes.io/preserve-trailing-slash | "true" or "false" | Preserves the trailing slash on URLs. | "false" | nginx.ingress.kubernetes.io/preserve-trailing-slash: "true" - Retains the trailing slash at the end of URLs. |
nginx.ingress.kubernetes.io/proxy-body-size | string | Sets the maximum allowed size of the client request body. | Not set | nginx.ingress.kubernetes.io/proxy-body-size: "8m" - Allows a maximum request body size of 8 megabytes. |
nginx.ingress.kubernetes.io/proxy-cookie-domain | string | Rewrites the domain of Set-Cookie headers in upstream responses. | Not set | nginx.ingress.kubernetes.io/proxy-cookie-domain: "example.com ~^example.org" - Rewrites 'example.com' to 'example.org' in Set-Cookie headers. |
nginx.ingress.kubernetes.io/proxy-cookie-path | string | Rewrites the path of Set-Cookie headers in upstream responses. | Not set | nginx.ingress.kubernetes.io/proxy-cookie-path: "/foo /bar" - Rewrites path '/foo' to '/bar' in Set-Cookie headers. |
nginx.ingress.kubernetes.io/proxy-connect-timeout | number | Sets the timeout for establishing a connection with a proxied server. | Not set | nginx.ingress.kubernetes.io/proxy-connect-timeout: "10" - Sets a connection timeout of 10 seconds. |
nginx.ingress.kubernetes.io/proxy-send-timeout | number | Sets the timeout for transmitting a request to the proxied server. | Not set | nginx.ingress.kubernetes.io/proxy-send-timeout: "20" - Sets a send timeout of 20 seconds. |
nginx.ingress.kubernetes.io/proxy-read-timeout | number | Sets the timeout for reading a response from the proxied server. | Not set | nginx.ingress.kubernetes.io/proxy-read-timeout: "15" - Sets a read timeout of 15 seconds. |
nginx.ingress.kubernetes.io/proxy-next-upstream | string | Specifies the conditions under which a request should be passed to the next upstream server. | "error timeout" | nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout" - Passes the request to the next server on error or timeout. |
nginx.ingress.kubernetes.io/proxy-next-upstream-timeout | number | Limits the time for passing a request to the next upstream server. | Not set | nginx.ingress.kubernetes.io/proxy-next-upstream-timeout: "30" - Limits the time to 30 seconds for trying the next upstream server. |
nginx.ingress.kubernetes.io/proxy-next-upstream-tries | number | Limits the number of tries for passing a request to the next upstream server. | Not set | nginx.ingress.kubernetes.io/proxy-next-upstream-tries: "3" - Limits to 3 attempts to pass the request to the next server. |
nginx.ingress.kubernetes.io/proxy-request-buffering | string | Enables or disables buffering of client request bodies. | "on" | nginx.ingress.kubernetes.io/proxy-request-buffering: "off" - Disables buffering of client request bodies. |
nginx.ingress.kubernetes.io/proxy-redirect-from | string | Specifies the URL to redirect from in the response location header. | Not set | nginx.ingress.kubernetes.io/proxy-redirect-from: "http://old.example.com" - Specifies the old URL for redirection. |
nginx.ingress.kubernetes.io/proxy-redirect-to | string | Specifies the URL to redirect to in the response location header. | Not set | nginx.ingress.kubernetes.io/proxy-redirect-to: "http://new.example.com" - Specifies the new URL for redirection. |
nginx.ingress.kubernetes.io/proxy-http-version | "1.0" or "1.1" | Sets the HTTP version used by the proxy. | "1.1" | nginx.ingress.kubernetes.io/proxy-http-version: "1.1" - Uses HTTP/1.1 for proxy communication. |
nginx.ingress.kubernetes.io/proxy-ssl-secret | string | Specifies the name of the secret that contains SSL certificates for the proxy. | Not set | nginx.ingress.kubernetes.io/proxy-ssl-secret: "my-ssl-secret" - Uses SSL certificates from 'my-ssl-secret' for the proxy. |
nginx.ingress.kubernetes.io/proxy-ssl-ciphers | string | Sets the SSL ciphers for the proxy to use when communicating with the backend. | Not set | nginx.ingress.kubernetes.io/proxy-ssl-ciphers: "DEFAULT:!SSLv2:!RC4" - Specifies custom SSL cipher suites for the proxy. |
nginx.ingress.kubernetes.io/proxy-ssl-name | string | Sets the name that will be used for the SNI (Server Name Indication) extension in SSL proxy connections. | Not set | nginx.ingress.kubernetes.io/proxy-ssl-name: "example.com" - Uses 'example.com' for the SNI extension in SSL connections. |
nginx.ingress.kubernetes.io/proxy-ssl-protocols | string | Specifies the SSL protocols to use when communicating with the backend. | Not set | nginx.ingress.kubernetes.io/proxy-ssl-protocols: "TLSv1 TLSv1.1 TLSv1.2" - Enables specific TLS protocols for the proxy. |
nginx.ingress.kubernetes.io/proxy-ssl-verify | string | Enables or disables verification of the SSL certificate of the proxied server. | "off" | nginx.ingress.kubernetes.io/proxy-ssl-verify: "on" - Enables SSL certificate verification for the proxied server. |
nginx.ingress.kubernetes.io/proxy-ssl-verify-depth | number | Sets the maximum depth of certificate chain verification when verifying SSL certificates. | Not set | nginx.ingress.kubernetes.io/proxy-ssl-verify-depth: "5" - Sets the SSL certificate chain verification depth to 5. |
nginx.ingress.kubernetes.io/proxy-ssl-server-name | string | Enables the use of the server name for the SSL handshake with the backend server. | Not set | nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on" - Uses the server name in the SSL handshake with the backend. |
nginx.ingress.kubernetes.io/enable-rewrite-log | "true" or "false" | Enables or disables logging for the rewrite module. | "false" | nginx.ingress.kubernetes.io/enable-rewrite-log: "true" - Enables logging for the rewrite module. |
nginx.ingress.kubernetes.io/rewrite-target | URI | Changes the path of the request before sending it to the service. | Not set | nginx.ingress.kubernetes.io/rewrite-target: "/newpath" - Rewrites the path to '/newpath'. |
nginx.ingress.kubernetes.io/satisfy | string | Configures how to treat client, IP, or other access restrictions. | "all" | nginx.ingress.kubernetes.io/satisfy: "any" - Allows access if any of the specified conditions are met. |
nginx.ingress.kubernetes.io/server-alias | string | Adds additional names to the server. | Not set | nginx.ingress.kubernetes.io/server-alias: "example.org, www.example.org" - Adds server aliases for 'example.org' and 'www.example.org'. |
nginx.ingress.kubernetes.io/server-snippet | string | Adds custom configuration to the NGINX server block. | Not set | nginx.ingress.kubernetes.io/server-snippet: "client_max_body_size 8M;" - Sets a custom client max body size in the server block. |
nginx.ingress.kubernetes.io/service-upstream | "true" or "false" | Uses the service's cluster IP for the upstream endpoint. | "false" | nginx.ingress.kubernetes.io/service-upstream: "true" - Enables using the service's cluster IP as the upstream. |
nginx.ingress.kubernetes.io/session-cookie-change-on-failure | "true" or "false" | Changes the session cookie if the upstream server fails. | "false" | nginx.ingress.kubernetes.io/session-cookie-change-on-failure: "true" - Changes the session cookie upon upstream server failure. |
nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none | "true" or "false" | Conditionally sets the SameSite attribute of the session cookie to 'None'. | "false" | nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none: "true" - Sets SameSite to 'None' under certain conditions. |
nginx.ingress.kubernetes.io/session-cookie-domain | string | Specifies the domain for the session cookie. | Not set | nginx.ingress.kubernetes.io/session-cookie-domain: "example.com" - Sets the domain of the session cookie to 'example.com'. |
nginx.ingress.kubernetes.io/session-cookie-expires | string | Sets the expiration date for the session cookie. | Not set | nginx.ingress.kubernetes.io/session-cookie-expires: "Tue, 15-Jun-2021 16:00:00 GMT" - Sets a specific expiration date and time for the cookie. |
nginx.ingress.kubernetes.io/session-cookie-max-age | string | Sets the maximum age for the session cookie. | Not set | nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" - Sets the cookie to expire after 3600 seconds. |
nginx.ingress.kubernetes.io/session-cookie-name | string | Sets the name for the session cookie. | "INGRESSCOOKIE" | nginx.ingress.kubernetes.io/session-cookie-name: "MYSESSIONID" - Names the session cookie as 'MYSESSIONID'. |
nginx.ingress.kubernetes.io/session-cookie-path | string | Specifies the path for the session cookie. | "/" | nginx.ingress.kubernetes.io/session-cookie-path: "/app" - Sets the path of the session cookie to '/app'. |
nginx.ingress.kubernetes.io/session-cookie-samesite | string | Sets the SameSite attribute for the session cookie. | "Lax" | nginx.ingress.kubernetes.io/session-cookie-samesite: "Strict" - Sets the SameSite attribute of the cookie to 'Strict'. |
nginx.ingress.kubernetes.io/session-cookie-secure | string | Specifies whether the session cookie should be marked as secure. | "false" | nginx.ingress.kubernetes.io/session-cookie-secure: "true" - Marks the session cookie as secure. |
nginx.ingress.kubernetes.io/ssl-redirect | "true" or "false" | Controls whether to redirect HTTP requests to HTTPS. | "true" | nginx.ingress.kubernetes.io/ssl-redirect: "true" - Redirects all HTTP requests to HTTPS. |
nginx.ingress.kubernetes.io/ssl-passthrough | "true" or "false" | Enables SSL passthrough to send SSL requests directly to the backend instead of terminating at the ingress. | "false" | nginx.ingress.kubernetes.io/ssl-passthrough: "true" - Enables SSL passthrough. |
nginx.ingress.kubernetes.io/stream-snippet | string | Adds custom configuration to the NGINX stream block. | Not set | nginx.ingress.kubernetes.io/stream-snippet: "proxy_buffer_size 128k;" - Sets a custom proxy buffer size in the stream block. |
nginx.ingress.kubernetes.io/upstream-hash-by | string | Sets the key for consistent hashing in load balancing. | Not set | nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri" - Uses the request URI for consistent hashing. |
nginx.ingress.kubernetes.io/x-forwarded-prefix | string | Sets the X-Forwarded-Prefix header. | Not set | nginx.ingress.kubernetes.io/x-forwarded-prefix: "/myprefix" - Sets the X-Forwarded-Prefix header to '/myprefix'. |
nginx.ingress.kubernetes.io/load-balance | string | Specifies the load balancing algorithm. | "round_robin" | nginx.ingress.kubernetes.io/load-balance: "round_robin" - Uses round-robin load balancing. |
nginx.ingress.kubernetes.io/upstream-vhost | string | Sets the virtual host name to use for the upstream server. | Not set | nginx.ingress.kubernetes.io/upstream-vhost: "upstream.example.com" - Sets the upstream virtual host to 'upstream.example.com'. |
nginx.ingress.kubernetes.io/denylist-source-range | CIDR | Blocks access from specific IP addresses or ranges. | Not set | nginx.ingress.kubernetes.io/denylist-source-range: "192.168.1.0/24" - Denies access from the specified IP range. |
nginx.ingress.kubernetes.io/whitelist-source-range | CIDR | Allows access only from specific IP addresses or ranges. | Not set | nginx.ingress.kubernetes.io/whitelist-source-range: "203.0.113.0/24" - Allows access only from the specified IP range. |
nginx.ingress.kubernetes.io/proxy-buffering | string | Enables or disables buffering of responses from the proxied server. | "on" | nginx.ingress.kubernetes.io/proxy-buffering: "on" - Enables proxy buffering. |
nginx.ingress.kubernetes.io/proxy-buffers-number | number | Sets the number of buffers used for reading a response from the proxied server. | Not set | nginx.ingress.kubernetes.io/proxy-buffers-number: "4" - Uses 4 buffers for proxy responses. |
nginx.ingress.kubernetes.io/proxy-buffer-size | string | Sets the size of the buffer used for reading a response from the proxied server. | Not set | nginx.ingress.kubernetes.io/proxy-buffer-size: "8k" - Sets the proxy buffer size to 8 kilobytes. |
nginx.ingress.kubernetes.io/proxy-max-temp-file-size | string | Sets the maximum size of temporary files for proxying. | Not set | nginx.ingress.kubernetes.io/proxy-max-temp-file-size: "1024m" - Limits the size of temp files to 1024 megabytes. |
nginx.ingress.kubernetes.io/ssl-ciphers | string | Specifies the SSL ciphers to use. | Not set | nginx.ingress.kubernetes.io/ssl-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256" - Sets specific SSL ciphers for secure communication. |
nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers | "true" or "false" | Enables or disables the preference for server ciphers over client ciphers. | "false" | nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers: "true" - Prefers server ciphers in the SSL handshake. |
nginx.ingress.kubernetes.io/connection-proxy-header | string | Sets the value of the Connection header to pass to the proxied server. | Not set | nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive" - Sets the Connection header to 'keep-alive'. |
nginx.ingress.kubernetes.io/enable-access-log | "true" or "false" | Enables or disables the access log. | "false" | nginx.ingress.kubernetes.io/enable-access-log: "true" - Enables logging of access requests. |
nginx.ingress.kubernetes.io/enable-opentracing | "true" or "false" | Enables or disables OpenTracing for tracing requests and responses. | "false" | nginx.ingress.kubernetes.io/enable-opentracing: "true" - Activates OpenTracing for the ingress. |
nginx.ingress.kubernetes.io/opentracing-trust-incoming-span | "true" or "false" | Determines whether to trust the incoming span from the tracing header. | "false" | nginx.ingress.kubernetes.io/opentracing-trust-incoming-span: "false" - Does not trust the incoming span, starting a new trace instead. |
nginx.ingress.kubernetes.io/enable-opentelemetry | "true" or "false" | Enables or disables OpenTelemetry for observability and tracing. | "false" | nginx.ingress.kubernetes.io/enable-opentelemetry: "true" - Enables OpenTelemetry for the ingress. |
nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span | "true" or "false" | Indicates whether to trust the incoming span in OpenTelemetry tracing. | "false" | nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span: "true" - Trusts the incoming span for continued tracing. |
nginx.ingress.kubernetes.io/use-regex | bool | Determines whether to interpret paths as regular expressions. | "false" | nginx.ingress.kubernetes.io/use-regex: "true" - Enables regex interpretation in paths. |
nginx.ingress.kubernetes.io/enable-modsecurity | bool | Enables or disables the ModSecurity Web Application Firewall. | "false" | nginx.ingress.kubernetes.io/enable-modsecurity: "true" - Activates ModSecurity. |
nginx.ingress.kubernetes.io/enable-owasp-core-rules | bool | Enables or disables the OWASP ModSecurity Core Rule Set. | "false" | nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true" - Uses the OWASP Core Rule Set for security. |
nginx.ingress.kubernetes.io/modsecurity-transaction-id | string | Sets a custom transaction ID for ModSecurity. | Not set | nginx.ingress.kubernetes.io/modsecurity-transaction-id: "$request_id" - Uses the NGINX request ID as the ModSecurity transaction ID. |
nginx.ingress.kubernetes.io/modsecurity-snippet | string | Adds custom ModSecurity configuration directives. | Not set | nginx.ingress.kubernetes.io/modsecurity-snippet: "SecRuleEngine On" - Turns on the SecRuleEngine in ModSecurity. |
nginx.ingress.kubernetes.io/mirror-request-body | string | Configures mirroring of the request body. | "off" | nginx.ingress.kubernetes.io/mirror-request-body: "on" - Enables request body mirroring. |
nginx.ingress.kubernetes.io/mirror-target | string | Specifies the URL for mirroring requests. | Not set | nginx.ingress.kubernetes.io/mirror-target: "http://mirror.example.com" - Sends mirrored requests to the specified URL. |
nginx.ingress.kubernetes.io/mirror-host | string | Sets the host header for mirrored requests. | Not set | nginx.ingress.kubernetes.io/mirror-host: "mirror.example.com" - Sets the host header for mirrored requests to 'mirror.example.com'. |