This guide covers running Angie or NGINX from the myguard repository on Kubernetes — using the myguard Docker images, configuring production Helm values for the ingress-nginx controller, writing Ingress resources with ModSecurity WAF, GeoIP2, HTTP/3 QUIC, and managing TLS with Angie’s native ACME client or cert-manager.
All myguard images are rebuilt daily, ship with 50+ dynamic modules, and are compiled with -O3 -flto, zlib-ng, jemalloc and OpenSSL+quic — the same high-performance binary used on bare metal, but ready to drop into any Kubernetes cluster.
Why run Angie or NGINX from myguard on Kubernetes?
- Daily-rebuilt images — always on the latest Angie or NGINX mainline from deb.myguard.nl
- 50+ dynamic modules selectable at runtime via the
NGX_MODULESenvironment variable — no custom Dockerfile needed - HTTP/3 and QUIC built in via OpenSSL+quic
- ModSecurity WAF, GeoIP2, Brotli, Zstd, Lua, njs, PageSpeed — all included
- Performance-optimized: -O3 -flto, zlib-ng native mode, jemalloc allocator, kTLS, TCP Fast Open
- Drop-in replacement for the official nginx image — same ports, same config layout, same Ingress annotations
Available Docker images for Kubernetes
All images are published on Docker Hub (eilandert). Every tag is available for both nginx and angie:
eilandert/angie:deb-latest # latest Angie, no PHP
eilandert/angie:deb-php8.3 # Angie + PHP-FPM 8.3
eilandert/angie:deb-php8.2
eilandert/angie:deb-multi # all PHP versions in one image
eilandert/nginx:deb-latest
eilandert/nginx:deb-php8.3Quick start: run Angie as a Kubernetes Pod
The simplest way to try the myguard Angie image on Kubernetes — a single Pod with modules loaded at runtime:
apiVersion: v1
kind: Pod
metadata:
name: angie
spec:
containers:
- name: angie
image: eilandert/angie:deb-latest
ports:
- containerPort: 80
- containerPort: 443
env:
- name: NGX_MODULES
value: mod-http-brotli,mod-http-headers-more-filter,mod-http-geoip2
- name: MALLOC
value: jemalloc
- name: TZ
value: Europe/AmsterdamDeployment, ConfigMap and Service
A production-style Deployment with a ConfigMap for nginx.conf, resource requests/limits, liveness and readiness probes:
apiVersion: v1
kind: ConfigMap
metadata:
name: angie-config
data:
nginx.conf: |
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 4096;
use epoll;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
brotli on;
brotli_comp_level 6;
server {
listen 80;
server_name _;
root /var/www/html;
index index.html;
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: angie
labels:
app: angie
spec:
replicas: 3
selector:
matchLabels:
app: angie
template:
metadata:
labels:
app: angie
spec:
containers:
- name: angie
image: eilandert/angie:deb-latest
ports:
- containerPort: 80
name: http
- containerPort: 443
name: https
env:
- name: NGX_MODULES
value: mod-http-brotli,mod-http-modsecurity,mod-http-geoip2,mod-http-headers-more-filter
- name: MALLOC
value: jemalloc
volumeMounts:
- name: config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 1000m
memory: 512Mi
livenessProbe:
httpGet:
path: /healthz
port: 80
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: /healthz
port: 80
initialDelaySeconds: 3
periodSeconds: 5
volumes:
- name: config
configMap:
name: angie-config
---
apiVersion: v1
kind: Service
metadata:
name: angie
spec:
selector:
app: angie
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
type: ClusterIPHelm values for ingress-nginx with Angie
Use the official ingress-nginx Helm chart and override the controller image with the myguard Angie build. All existing nginx.ingress.kubernetes.io/ annotations continue to work unchanged.