longhorn · derekbit · Jan 9, 2026 · Jan 5, 2026 · Jan 5, 2026 · Jan 5, 2026
@@ -168,4 +168,4 @@ You will need to create an ELB (Elastic Load Balancer) to expose the nginx Ingre
 2. Create an ELB by following [these steps.](https://kubernetes.github.io/ingress-nginx/deploy/#aws)
 
 ## References
-https://kubernetes.github.io/ingress-nginx/
+https://kubernetes.github.io/ingress-nginx/
@@ -9,6 +9,8 @@ These instructions assume that Longhorn is installed.
 
 If you installed Longhorn YAML manifest, you'll need to set up an Ingress controller to allow external traffic into the cluster, and authentication will not be enabled by default. This applies to Helm and kubectl installations. For information on creating an NGINX Ingress controller with basic authentication, refer to [this section.](./longhorn-ingress) Alternatively, you can use [Gateway API HTTPRoute](./longhorn-httproute) as a modern approach to expose the Longhorn UI.
 
+> **Note**: As of November 2025, the Kubernetes project has [announced the retirement of the ingress-nginx controller](https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/).
+
 If Longhorn was installed as a Rancher catalog app, Rancher automatically created an Ingress controller for you with access control (the rancher-proxy).
 
 ## Accessing the Longhorn UI

@@ -1,42 +1,46 @@
 ---
-  title:  Create an Ingress with Basic Authentication (nginx)
+  title:  Exposing the Longhorn UI
   weight: 1
 ---
 
-If you install Longhorn on a Kubernetes cluster with kubectl or Helm, you will need to create an Ingress to allow external traffic to reach the Longhorn UI.
+Exposing the Longhorn UI allows external access to the management console. It is important to note that the choice of Ingress controller (for example, **ingress-nginx**, **Traefik**, **HAProxy**) only affects how the UI is accessed; it has **no impact on the Longhorn backend, storage operations, or data integrity**.
 
-Authentication is not enabled by default for kubectl and Helm installations. In these steps, you'll learn how to create an Ingress with basic authentication using annotations for the nginx ingress controller.
+If you change your Ingress controller, you only need to reconfigure the Ingress object or the corresponding Helm values to match the new controller's requirements.
 
-1. Create a basic auth file `auth`. It's important the file generated is named auth (actually - that the secret has a key `data.auth`), otherwise the Ingress returns a 503.
-    ```
+> **Note**: For Helm installations, the preferred method is to configure the `ingress` section in the [Longhorn Helm chart values.yaml](https://github.com/longhorn/longhorn/blob/master/chart/values.yaml).
+
+### Basic Authentication Example (NGINX)
+
+The following steps demonstrate how to expose the UI with Basic Authentication using the **ingress-nginx** controller as an example. If you use a different controller, refer to its specific documentation for authentication annotations.
+
+> **Note**: As of November 2025, the Kubernetes project has [announced the retirement of the ingress-nginx controller](https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/). While it is used here as a configuration example, users are encouraged to explore maintained alternatives such as Traefik, HAProxy, or other Gateway API-compliant controllers.
+
+1. **Create a basic auth file**: The file must be named `auth` so the secret key is correctly identified.
+    ```bash
     $ USER=<USERNAME_HERE>; PASSWORD=<PASSWORD_HERE>; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth
     ```
-2. Create a secret:
-    ```
+2. **Create the secret**:
+    ```bash
     $ kubectl -n longhorn-system create secret generic basic-auth --from-file=auth
     ```
-3. Create an Ingress manifest `longhorn-ingress.yml` :
-    > Since v1.2.0, Longhorn supports uploading backing image from the UI, so please specify `nginx.ingress.kubernetes.io/proxy-body-size: 10000m` as below to ensure uploading images work as expected.
+3. **Create the Ingress manifest** (`longhorn-ingress.yml`):
+    > **Note**: Since v1.2.0, Longhorn supports uploading backing images via the UI. Ensure your controller is configured for large body sizes. For Nginx, use `proxy-body-size`.
 
-    ```
+    ```yaml
     apiVersion: networking.k8s.io/v1
     kind: Ingress
     metadata:
       name: longhorn-ingress
       namespace: longhorn-system
       annotations:
-        # type of authentication
+        # NGINX Example Annotations
         nginx.ingress.kubernetes.io/auth-type: basic
-        # prevent the controller from redirecting (308) to HTTPS
-        nginx.ingress.kubernetes.io/ssl-redirect: 'false'
-        # name of the secret that contains the user/password definitions
         nginx.ingress.kubernetes.io/auth-secret: basic-auth
-        # message to display with an appropriate context why the authentication is required
-        nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
-        # custom max body size for file uploading like backing image uploading
+        nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
         nginx.ingress.kubernetes.io/proxy-body-size: 10000m
+        nginx.ingress.kubernetes.io/ssl-redirect: 'false'
     spec:
-      ingressClassName: nginx
+      ingressClassName: nginx # Replace with your controller's class (for example, traefik)
       rules:
       - http:
           paths:
@@ -49,12 +53,14 @@ Authentication is not enabled by default for kubectl and Helm installations. In
                   number: 80
     ```
 4. Create the Ingress:
-    ```
+    ```bash
     $ kubectl -n longhorn-system apply -f longhorn-ingress.yml
     ```
 
-e.g.:
-```
+<details>
+<summary><b>Click to see a full CLI example (NGINX)</b></summary>
+
+```bash
 $ USER=foo; PASSWORD=bar; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth
 $ cat auth
 foo:$apr1$FnyKCYKb$6IP2C45fZxMcoLwkOwf7k0
@@ -158,14 +164,32 @@ $ curl -v http://97.107.142.125/ -u foo:bar
 <html lang="en">
 ......
 ```
+</details>
+
+### Verification
 
-## Additional Steps for AWS EKS Kubernetes Clusters
+Regardless of the controller used, you can verify authentication via `curl`. Replace `<EXTERNAL_IP>` with your access point.
 
-You will need to create an ELB (Elastic Load Balancer) to expose the nginx Ingress controller to the Internet. Additional costs may apply.
+* **Unauthorized Access (Expected)**:
+    ```bash
+    $ curl -I http://<EXTERNAL_IP>/
+    HTTP/1.1 401 Unauthorized
+    ```
+* **Authorized Access (Expected)**:
+    ```bash
+    $ curl -I http://<EXTERNAL_IP>/ -u foo:bar
+    HTTP/1.1 200 OK
+    ```
 
-1. Create pre-requisite resources according to the [nginx ingress controller documentation.](https://kubernetes.github.io/ingress-nginx/deploy/#prerequisite-generic-deployment-command)
+## Additional Steps for AWS EKS
 
-2. Create an ELB by following [these steps.](https://kubernetes.github.io/ingress-nginx/deploy/#aws)
+Exposing the UI on AWS usually requires a Load Balancer. Additional costs may apply.
+
+1. Refer to your specific [Ingress controller's AWS guide](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/).
+2. For Nginx, see the [official Nginx AWS deployment documentation](https://kubernetes.github.io/ingress-nginx/deploy/#aws).
 
 ## References
-https://kubernetes.github.io/ingress-nginx/
+
+- [Longhorn Helm Chart Ingress Configuration](https://github.com/longhorn/longhorn/blob/master/chart/values.yaml)
+- [Kubernetes Ingress Overview](https://kubernetes.io/docs/concepts/services-networking/ingress/)
+- [Ingress-NGINX Retirement Announcement](https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/)