CRE-2025-0120

NGINX Ingress ConfigMap Size Limit ExceededCritical

Impact: 9/10

Mitigation: 7/10

CRE-2025-0120View on GitHub

NGINX IngressConfigMap LimitConfiguration ManagementKubernetes Limits

Description

The NGINX Ingress Controller fails to load or update its configuration because the ConfigMap containing the nginx.conf exceeds Kubernetes' 1MB size limit. This prevents new Ingress resources from being applied and can cause routing failures for new services.

Cause

• Accumulation of server blocks from many Ingress resources over time
• Complex annotations and custom configurations adding overhead
• Large number of domains, paths, or middleware configurations
• Kubernetes ConfigMap hard limit of 1048576 bytes (1MB)

Mitigation

Immediate:

• Split large configurations across multiple ConfigMaps
• Remove unused Ingress resources and their generated server blocks
• Optimize repeated configurations using snippets or templates

Long-term:

• Implement configuration sharding based on namespaces or labels
• Use ingress-nginx configuration snippets to reduce duplication
• Consider using separate ingress controllers for different application tiers
• Monitor ConfigMap size proactively with alerts at 80% threshold
• Implement automated cleanup of orphaned configurations

References

• https://github.com/kubernetes/kubernetes/issues/19781
• https://kubernetes.github.io/ingress-nginx/troubleshooting/#configmap-size-limit
• https://kubernetes.io/docs/concepts/configuration/configmap/#motivation