Ingress-nginx Annotation Compatibility
Basic concepts
ingress-nginx is a commonly used Ingress Controller in Kubernetes, and defines many annotations to implement various functions beyond the official ingress definition.
Supported ingress-nginx annotations
| Name | type | Support (v supports x does not support o partially supports or can be achieved by configuration) |
|---|---|---|
| nginx.ingress.kubernetes.io/app-root | string | x |
| nginx.ingress.kubernetes.io/affinity | cookie | o ingress does not support. alb rule can configure cookie hash |
| nginx.ingress.kubernetes.io/use-regex | bool | |
| nginx.ingress.kubernetes.io/affinity-mode | "balanced" or "persistent" | o ingress does not support. alb rule can configure session persistence |
| nginx.ingress.kubernetes.io/affinity-canary-behavior | "sticky" or "legacy" | o ingress does not support. alb rule can configure session persistence |
| nginx.ingress.kubernetes.io/auth-realm | string | v auth |
| nginx.ingress.kubernetes.io/auth-secret | string | v auth |
| nginx.ingress.kubernetes.io/auth-secret-type | string | v auth |
| nginx.ingress.kubernetes.io/auth-type | "basic" or "digest" | v auth |
| nginx.ingress.kubernetes.io/auth-tls-secret | string | x |
| nginx.ingress.kubernetes.io/auth-tls-verify-depth | number | x |
| nginx.ingress.kubernetes.io/auth-tls-verify-client | string | x |
| nginx.ingress.kubernetes.io/auth-tls-error-page | string | x |
| nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream | "true" or "false" | x |
| nginx.ingress.kubernetes.io/auth-tls-match-cn | string | x |
| nginx.ingress.kubernetes.io/auth-url | string | v |
| nginx.ingress.kubernetes.io/auth-cache-key | string | x |
| nginx.ingress.kubernetes.io/auth-cache-duration | string | x |
| nginx.ingress.kubernetes.io/auth-keepalive | number | x |
| nginx.ingress.kubernetes.io/auth-keepalive-share-vars | "true" or "false" | x |
| nginx.ingress.kubernetes.io/auth-keepalive-requests | number | x |
| nginx.ingress.kubernetes.io/auth-keepalive-timeout | number | x |
| nginx.ingress.kubernetes.io/auth-proxy-set-headers | string | v |
| nginx.ingress.kubernetes.io/auth-snippet | string | x |
| nginx.ingress.kubernetes.io/enable-global-auth | "true" or "false" | o auth |
| nginx.ingress.kubernetes.io/backend-protocol | string | v |
| nginx.ingress.kubernetes.io/canary | "true" or "false" | x |
| nginx.ingress.kubernetes.io/canary-by-header | string | x |
| nginx.ingress.kubernetes.io/canary-by-header-value | string | x |
| nginx.ingress.kubernetes.io/canary-by-header-pattern | string | x |
| nginx.ingress.kubernetes.io/canary-by-cookie | string | x |
| nginx.ingress.kubernetes.io/canary-weight | number | x |
| nginx.ingress.kubernetes.io/canary-weight-total | number | x |
| nginx.ingress.kubernetes.io/client-body-buffer-size | string | x |
| nginx.ingress.kubernetes.io/configuration-snippet | string | x |
| nginx.ingress.kubernetes.io/custom-http-errors | []int | x |
| nginx.ingress.kubernetes.io/custom-headers | string | o |
| nginx.ingress.kubernetes.io/default-backend | string | o can use ingress's default-backend |
| nginx.ingress.kubernetes.io/enable-cors | "true" or "false" | v |
| nginx.ingress.kubernetes.io/cors-allow-origin | string | v |
| nginx.ingress.kubernetes.io/cors-allow-methods | string | v |
| nginx.ingress.kubernetes.io/cors-allow-headers | string | v |
| nginx.ingress.kubernetes.io/cors-expose-headers | string | x |
| nginx.ingress.kubernetes.io/cors-allow-credentials | "true" or "false" | x |
| nginx.ingress.kubernetes.io/cors-max-age | number | x |
| nginx.ingress.kubernetes.io/force-ssl-redirect | "true" or "false" | v redirect |
| nginx.ingress.kubernetes.io/from-to-www-redirect | "true" or "false" | x |
| nginx.ingress.kubernetes.io/http2-push-preload | "true" or "false" | x |
| nginx.ingress.kubernetes.io/limit-connections | number | x |
| nginx.ingress.kubernetes.io/limit-rps | number | x |
| nginx.ingress.kubernetes.io/global-rate-limit | number | x |
| nginx.ingress.kubernetes.io/global-rate-limit-window | duration | x |
| nginx.ingress.kubernetes.io/global-rate-limit-key | string | x |
| nginx.ingress.kubernetes.io/global-rate-limit-ignored-cidrs | string | x |
| nginx.ingress.kubernetes.io/permanent-redirect | string | v redirect |
| nginx.ingress.kubernetes.io/permanent-redirect-code | number | v redirect |
| nginx.ingress.kubernetes.io/temporal-redirect | string | v redirect |
| nginx.ingress.kubernetes.io/preserve-trailing-slash | "true" or "false" | x |
| nginx.ingress.kubernetes.io/proxy-body-size | string | x |
| nginx.ingress.kubernetes.io/proxy-cookie-domain | string | x |
| nginx.ingress.kubernetes.io/proxy-cookie-path | string | x |
| nginx.ingress.kubernetes.io/proxy-connect-timeout | number | v timeout |
| nginx.ingress.kubernetes.io/proxy-send-timeout | number | v timeout |
| nginx.ingress.kubernetes.io/proxy-read-timeout | number | v timeout |
| nginx.ingress.kubernetes.io/proxy-next-upstream | string | x |
| nginx.ingress.kubernetes.io/proxy-next-upstream-timeout | number | x |
| nginx.ingress.kubernetes.io/proxy-next-upstream-tries | number | x |
| nginx.ingress.kubernetes.io/proxy-request-buffering | string | x |
| nginx.ingress.kubernetes.io/proxy-redirect-from | string | x |
| nginx.ingress.kubernetes.io/proxy-redirect-to | string | x |
| nginx.ingress.kubernetes.io/proxy-http-version | "1.0" or "1.1" | x |
| nginx.ingress.kubernetes.io/proxy-ssl-secret | string | x |
| nginx.ingress.kubernetes.io/proxy-ssl-ciphers | string | x |
| nginx.ingress.kubernetes.io/proxy-ssl-name | string | x |
| nginx.ingress.kubernetes.io/proxy-ssl-protocols | string | x |
| nginx.ingress.kubernetes.io/proxy-ssl-verify | string | x |
| nginx.ingress.kubernetes.io/proxy-ssl-verify-depth | number | x |
| nginx.ingress.kubernetes.io/proxy-ssl-server-name | string | x |
| nginx.ingress.kubernetes.io/enable-rewrite-log | "true" or "false" | x |
| nginx.ingress.kubernetes.io/rewrite-target | URI | v |
| nginx.ingress.kubernetes.io/satisfy | string | x |
| nginx.ingress.kubernetes.io/server-alias | string | x |
| nginx.ingress.kubernetes.io/server-snippet | string | x |
| nginx.ingress.kubernetes.io/service-upstream | "true" or "false" | x |
| nginx.ingress.kubernetes.io/session-cookie-change-on-failure | "true" or "false" | x |
| nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none | "true" or "false" | x |
| nginx.ingress.kubernetes.io/session-cookie-domain | string | x |
| nginx.ingress.kubernetes.io/session-cookie-expires | string | x |
| nginx.ingress.kubernetes.io/session-cookie-max-age | string | x |
| nginx.ingress.kubernetes.io/session-cookie-name | string | x |
| nginx.ingress.kubernetes.io/session-cookie-path | string | x |
| nginx.ingress.kubernetes.io/session-cookie-samesite | string | x |
| nginx.ingress.kubernetes.io/session-cookie-secure | string | x |
| nginx.ingress.kubernetes.io/ssl-redirect | "true" or "false" | v |
| nginx.ingress.kubernetes.io/ssl-passthrough | "true" or "false" | x |
| nginx.ingress.kubernetes.io/stream-snippet | string | x |
| nginx.ingress.kubernetes.io/upstream-hash-by | string | x |
| nginx.ingress.kubernetes.io/x-forwarded-prefix | string | x |
| nginx.ingress.kubernetes.io/load-balance | string | x |
| nginx.ingress.kubernetes.io/upstream-vhost | string | v |
| nginx.ingress.kubernetes.io/denylist-source-range | CIDR | o can achieve similar effect through modsecurity |
| nginx.ingress.kubernetes.io/whitelist-source-range | CIDR | o can achieve similar effect through modsecurity |
| nginx.ingress.kubernetes.io/proxy-buffering | string | x |
| nginx.ingress.kubernetes.io/proxy-buffers-number | number | x |
| nginx.ingress.kubernetes.io/proxy-buffer-size | string | x |
| nginx.ingress.kubernetes.io/proxy-max-temp-file-size | string | x |
| nginx.ingress.kubernetes.io/ssl-ciphers | string | x |
| nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers | "true" or "false" | x |
| nginx.ingress.kubernetes.io/connection-proxy-header | string | x |
| nginx.ingress.kubernetes.io/enable-access-log | "true" or "false" | o default enable access_log, format is fixed |
| nginx.ingress.kubernetes.io/enable-opentelemetry | "true" or "false" | v otel |
| nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span | "true" or "false" | v otel |
| nginx.ingress.kubernetes.io/enable-modsecurity | bool | v modsecurity |
| nginx.ingress.kubernetes.io/enable-owasp-core-rules | bool | v modsecurity |
| nginx.ingress.kubernetes.io/modsecurity-transaction-id | string | v modsecurity |
| nginx.ingress.kubernetes.io/modsecurity-snippet | string | v modsecurity |
| nginx.ingress.kubernetes.io/mirror-request-body | string | x |
| nginx.ingress.kubernetes.io/mirror-target | string | x |
| nginx.ingress.kubernetes.io/mirror-host | string | x |
ON THIS PAGE