CRE-2025-0120

NGINX Ingress ConfigMap Size Limit ExceededCritical

CRE-2025-0120View on GitHub

NGINX IngressConfigMap LimitConfiguration ManagementKubernetes Limits

Description

The NGINX Ingress Controller fails to load or update its configuration because the ConfigMap containing the nginx.conf exceeds Kubernetes' 1MB size limit. This prevents new Ingress resources from being applied and can cause routing failures for new services.\n

Mitigation

Immediate:\n- Split large configurations across multiple ConfigMaps\n- Remove unused Ingress resources and their generated server blocks\n- Optimize repeated configurations using snippets or templates\n\nLong-term:\n- Implement configuration sharding based on namespaces or labels\n- Use [ingress-nginx configuration snippets](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#configuration-snippet) to reduce duplication\n- Consider using separate ingress controllers for different application tiers\n- Monitor ConfigMap size proactively with alerts at 80% threshold\n- Implement automated cleanup of orphaned configurations\n

References

• https://github.com/kubernetes/kubernetes/issues/19781
• https://kubernetes.github.io/ingress-nginx/troubleshooting/#configmap-size-limit
• https://kubernetes.io/docs/concepts/configuration/configmap/#motivation