Learn how securing NGINX Ingress Controller with NGINX App Protect WAF can help you defend against application-layer attacks in Kubernetes.
Amir Rawdat is a technical marketing engineer at NGINX, where he specializes in content creation of various technical topics. He has a strong background in computer networking, computer programming, troubleshooting, and content creation. Previously, Amir was a customer application engineer at Nokia.
We performance test NGINX Ingress Controller and the default Red Hat OpenShift Router in an OpenShift Cloud Platform cluster while scaling the number of backends up and down. The Router experiences significant latency and errors, but NGINX Ingress Controller almost none.
We compare NGINX performance in bare-metal and virtualized (hypervisor) environments, finding a small but measurable performance cost for hypervisors. We also find that performance in Kubernetes environments is worse for network-bound but not CPU-bound operations.
The Ingress controller is an ideal location for centralized authentication and authorization in Kubernetes. We show how to implement single sign-on with NGINX Ingress Controller as the relaying party and Okta as the identity provider in the OIDC Authorization Code Flow.
We recently updated the NGINX Ingress Controller solution brief with sizing guidelines for Amazon Elastic Kubernetes Service (EKS). In this blog, we explain how we came up with the guidelines, including all the information you need to do similar testing of your own.
NGINX Service Mesh Release 1.1.0 introduces three key enhancements that make it easier to deploy and manage our production-ready service mesh in Kubernetes: Helm support, air-gap installation, and in-place upgrades.
NGINX Ingress Controller now offers enhanced TCP/UDP load balancing with support for snippets, health checks, and multiple TransportServer resources. Release 1.11.0 also introduces a WAF policy for easier configuration of NGINX App Protect, Istio compatibility, and more.
NGINX Ingress Controller now supports single sign-on with OpenID Connect. Release 1.10.0 also introduces new configuration queue metrics, annotations on log entries, better validation of annotations and secrets, support for NGINX App Protect user-defined signatures, and more.