Generate NGINX and Application Gateway ingress manifests for AKS.
Last verified: May 2026
Generate NGINX and Application Gateway ingress manifests for AKS.
Required Fields
apiVersionkindmetadatametadata.namespecOutput will appear here...The builder generates Kubernetes Ingress resource YAML with rules (host, path, pathType, backend service+port), TLS configuration (secretName, hosts), and ingress controller-specific annotations (NGINX or AGIC). For AGIC, it handles annotations like appgw.ingress.kubernetes.io/use-private-ip and appgw.ingress.kubernetes.io/health-probe-path. For NGINX, it handles nginx.ingress.kubernetes.io/* annotations.
The Azure Kubernetes Ingress Builder helps you create ingress configurations for Azure Kubernetes Service (AKS) clusters. Ingress resources define how external HTTP/HTTPS traffic is routed to services within your cluster. This tool supports both the NGINX ingress controller and the Azure Application Gateway Ingress Controller (AGIC), generating YAML manifests with TLS configuration, path-based routing, host-based routing, and annotations for advanced features.
Your team is migrating from a public-IP LoadBalancer service to ingress-based routing for a multi-service AKS cluster. The builder generates an Ingress with host-based routing: api.example.com → api-service, web.example.com → web-service, admin.example.com → admin-service. TLS via cert-manager + Let's Encrypt. AGIC annotations to use a private IP (internal-only API) and custom health probe paths. After deploy, you save the cost of 3 separate LoadBalancers and gain WAF on a single ingress point.
AGIC (Application Gateway Ingress Controller) is the right choice for AKS clusters that need WAF, SSL offloading at the load balancer, and Azure-native integration. NGINX Ingress is the right choice for portability (works the same way on EKS, GKE) and for advanced configuration like custom Lua scripts. Don't try to use both in the same cluster — pick one and stick with it.
TLS termination at the ingress is the right default. Don't try to use SSL passthrough unless you genuinely need end-to-end TLS to backend pods. Passthrough disables most of the ingress's value (no header rewrite, no path routing on TLS streams, no WAF inspection on encrypted traffic).
cert-manager + Let's Encrypt is the standard pattern for free TLS certs in AKS. The catch: rate limits (50 certs/week per registered domain). For wildcard certs spanning many subdomains, use ONE cert per environment with wildcard SAN, not one cert per service.
NGINX is lightweight, runs as pods inside the cluster, and offers extensive configuration flexibility. AGIC integrates with Azure Application Gateway, providing a cloud-managed Layer 7 load balancer with WAF, SSL offloading, and Azure-native monitoring. Choose AGIC for Azure-native integration and NGINX for portability and community ecosystem support.
This tool generates traditional Kubernetes Ingress resources. The Gateway API is a newer Kubernetes standard for traffic routing that provides more expressive configuration. While some AKS ingress controllers support the Gateway API, Ingress resources are still the most widely used and supported approach.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.