{"id":51225618,"url":"https://github.com/junior/nginx-ingress-probe","last_synced_at":"2026-06-28T11:01:45.633Z","repository":{"id":366978795,"uuid":"1276964988","full_name":"junior/nginx-ingress-probe","owner":"junior","description":"Diagnostics page to verify the NGINX Plus Ingress Controller after an upgrade","archived":false,"fork":false,"pushed_at":"2026-06-24T03:39:26.000Z","size":576,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-24T05:28:15.898Z","etag":null,"topics":["diagnostics","ingress-controller","kubernetes","nginx","nginx-plus"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/junior.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-22T13:06:37.000Z","updated_at":"2026-06-24T03:39:29.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/junior/nginx-ingress-probe","commit_stats":null,"previous_names":["junior/nginx-ingress-probe"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/junior/nginx-ingress-probe","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/junior%2Fnginx-ingress-probe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/junior%2Fnginx-ingress-probe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/junior%2Fnginx-ingress-probe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/junior%2Fnginx-ingress-probe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/junior","download_url":"https://codeload.github.com/junior/nginx-ingress-probe/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/junior%2Fnginx-ingress-probe/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34885802,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-28T02:00:05.809Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["diagnostics","ingress-controller","kubernetes","nginx","nginx-plus"],"created_at":"2026-06-28T11:01:44.621Z","updated_at":"2026-06-28T11:01:45.626Z","avatar_url":"https://github.com/junior.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nginx-ingress-probe\n\nA tiny diagnostics page to **verify the NGINX Plus Ingress Controller after an upgrade**.\nDeploy it as a backend *behind* the controller, open it, and one beautiful page confirms the\ncontroller is routing and shows — the request it forwarded, the Kubernetes version, and (when\npointed at the controller's NGINX Plus API) the nginx version, build, and cache zones. One\nstatic Go binary, standard library only, distroless and non-root.\n\n![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)\n![Go](https://img.shields.io/badge/Go-1.26-00ADD8?logo=go\u0026logoColor=white)\n![image](https://img.shields.io/badge/image-distroless%20%C2%B7%20non--root-009639.svg)\n\n![nginx-ingress-probe screenshot](docs/screenshot.png)\n\n## What it shows\n\n- **Request through the controller** — every header (so the controller's `X-Forwarded-*` /\n  real-IP injections are visible and highlighted), scheme, client-IP chain, TLS. A green banner\n  confirms the request actually arrived via the ingress.\n- **Kubernetes** — the cluster version (from the in-cluster API `/version`), plus pod, namespace,\n  node, and IPs from the downward API.\n- **NGINX Plus Ingress Controller** — set `NGINX_PLUS_API_URL` to the controller's NGINX Plus\n  API and it pulls `/nginx` (nginx version, build, generation, PID) and `/http/caches` (cache\n  zones: used vs. max, cold/warm). This is the data plane you just upgraded.\n- **Prometheus** — set `PROMETHEUS_URL` and it queries the controller's live metrics with **no\n  RBAC**: controller version + git commit, last config-reload status, cache zone sizes, and\n  request rate / active connections. Each row shows only if that metric is being scraped.\n- **Facts** — any `PROBE_FACT_*` env var, for things the data-plane API doesn't expose — the\n  **controller (NIC) version**, **NGINX Instance Manager (NIM) version**, etc.\n\nEndpoints: **`/`** (page) · **`/api/info`** (everything as JSON, great for `curl`) · **`/healthz`**.\n\n## Build \u0026 push to a private registry (Artifactory)\n\nThe probe is a normal OCI image built from the [`Dockerfile`](Dockerfile). Build it and push to\nyour private registry — override `REGISTRY` / `IMAGE` / `TAG`:\n\n```bash\ndocker login artifactory.example.com\nmake buildx REGISTRY=artifactory.example.com/docker-local TAG=0.1.0   # multi-arch: builds + pushes\n# …or single-arch:\nmake build push REGISTRY=artifactory.example.com/docker-local TAG=0.1.0\n```\n\nWithout `make`:\n\n```bash\nREF=artifactory.example.com/docker-local/nginx-ingress-probe:0.1.0\ndocker buildx build --platform linux/amd64,linux/arm64 \\\n  --build-arg VERSION=0.1.0 -t \"$REF\" --push .\n```\n\nThen set that image in [`k8s/deployment.yaml`](k8s/deployment.yaml) and add a pull secret:\n\n```bash\nkubectl create secret docker-registry artifactory \\\n  --docker-server=artifactory.example.com --docker-username=… --docker-password=…\n```\n\n### Optional: GitHub Packages (GHCR) for testing / external consumption\n\n[`.github/workflows/release.yml`](.github/workflows/release.yml) publishes the same multi-arch\nimage to GHCR on a tag (`git tag v0.1.0 \u0026\u0026 git push origin v0.1.0`) — handy for sharing or quick\ntests without the private registry. Artifactory stays the primary home.\n\n## Deploy \u0026 test the controller\n\n```bash\nkubectl apply -f k8s/deployment.yaml   # (edit the image first)\nkubectl apply -f k8s/service.yaml\nkubectl apply -f k8s/ingress.yaml      # set ingressClassName to the controller under test\n```\n\nBrowse the Ingress host — the green banner + forwarded headers confirm the NGINX Plus Ingress\nController routed to the pod. Or, quickly, without the ingress:\n\n```bash\nkubectl port-forward deploy/nginx-ingress-probe 8080:8080   # → http://localhost:8080\n```\n\nPoint it at the controller's NGINX Plus API to see the upgraded nginx version + caches\n(uncomment in `k8s/deployment.yaml`):\n\n```yaml\n- name: NGINX_PLUS_API_URL\n  value: \"http://nginx-ingress.nginx-ingress.svc:8080/api\"   # the controller's NGINX Plus API\n- name: PROBE_FACT_Controller_Version    # NIC version isn't in the data-plane API — inject it\n  value: \"4.0.1\"\n```\n\n## Configuration\n\n| Variable | Default | Purpose |\n|----------|---------|---------|\n| `PORT` | `8080` | listen port |\n| `NGINX_PLUS_API_URL` | — | the controller's NGINX Plus API base; enables the version + cache-zone card |\n| `NGINX_PLUS_API_INSECURE` | `false` | skip TLS verification for a self-signed Plus API |\n| `PROMETHEUS_URL` | — | Prometheus base URL; pulls the controller's live metrics (version, reload, caches, traffic) — no RBAC |\n| `PROMETHEUS_TOKEN` · `PROMETHEUS_INSECURE` | — | bearer auth / skip TLS verify for a secured Prometheus |\n| `PROBE_FACT_*` | — | each becomes a row in the **Facts** card (e.g. `PROBE_FACT_NIM_Version`) |\n| `PROBE_DEMO` | `false` | fill sample K8s / controller values for local previews (clearly flagged) |\n\nPod identity is wired from the Kubernetes downward API in the Deployment.\n\n## Security\n\nSingle static binary on `distroless/static:nonroot` — **uid 65532**, **read-only root\nfilesystem**, **all capabilities dropped**, `RuntimeDefault` seccomp, no shell (~10 MB). The\ncluster version uses the pod's service-account token against `/version` (readable by any\nauthenticated account — no extra RBAC).\n\n## Develop\n\n```bash\nmake run            # PROBE_DEMO=1 go run . → http://localhost:8080\nmake test\nmake lint\n```\n\n## License\n\n[MIT](LICENSE) — built by [Adao Oliveira Jr](https://adao.dev).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjunior%2Fnginx-ingress-probe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjunior%2Fnginx-ingress-probe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjunior%2Fnginx-ingress-probe/lists"}