Galexrt

Ingress

Kubernetes NGINX Ingress Controller

Installation

You can find the official Installation guides here.

Securing your Endpoints: /healthz, /metrics and Friends

I'm talking about the kubernetes/ingress-nginx controller and not the NGINX Inc one.

With this NGINX server block snippet you can make sure that these endpoints (you can extend the list), can't be accessed from externally.

nginx-snippet.conf
location ~ ^/(healthz|metrics|readiness) {
    deny all;
    return 404;
}

Helm Chart Values

If you want to apply the server-snippet config option globally, you would add it to your Ingress NGINX Helm chart values like this:

values.yaml
controller:
  config:
    server-snippet: |
      location ~ ^/(healthz|metrics|readiness) {
        deny all;
        return 404;
      }

Other Installations

When not using the Helm chart you would need to enable (Example) and add the option to it, example:

configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-configuration
data:
  server-snippet: |
    location ~ ^/(healthz|metrics|readiness) {
        deny all;
        return 404;
    }

::

Snapshots: Save & Restore

kubeadm

Copyright © 2025 Alexander Trost. All rights reserved.