ZenoIngress Logo

The World's Fastest Kubernetes Ingress Controller

Built in Rust. Designed for Performance. Ready for Production.

ZenoIngress is a high-performance Kubernetes Gateway API controller built from the ground up in Rust. No compromises. No legacy baggage. Just pure speed.

Get Started Contact Sales

Starter €500 (1 production cluster) · Enterprise €5,000/year (unlimited clusters, includes updates)

World-Leading Performance

The world's fastest ingress controller. Built with Rust, hyper, and tokio. Zero-cost abstractions. No garbage collection pauses.

34,000+
Requests/sec

vs ~15,000 req/s industry standard

< 3.2ms
P99 Latency

vs 10-50ms typical

~5 MB
Memory Footprint

vs 50-200MB typical

< 0.05ms
Proxy Overhead

vs 1-5ms typical

World's Fastest: 30-50% lower latency · 40-60% lower memory · 2-3x higher throughput

Built for the Modern Stack

Kubernetes Gateway API from day one. No retrofitting. No legacy baggage.

Native Gateway API

Built for the Kubernetes Gateway API from day one—not retrofitted from legacy Ingress. Modern, expressive, and future-proof.

  • GatewayClass, Gateway, HTTPRoute
  • TLS termination with SNI
  • Traffic splitting & canary deployments
  • Request/response header modification
  • URL rewrites and redirects
🚀

Zero-Cost Abstractions

Written in Rust using hyper and tokio. Performance of hand-tuned C with safety guarantees of a modern language. No GC pauses.

  • Memory-safe (no buffer overflows)
  • Zero garbage collection pauses
  • Async I/O with work-stealing scheduler
  • Compile-time guarantees
🛡️

Production Ready

Enterprise-grade reliability with health-aware routing, circuit breakers, and graceful draining for zero-downtime deployments.

  • Health-aware routing with automatic failover
  • Circuit breakers prevent cascade failures
  • Connection pooling with intelligent reuse
  • Graceful draining for zero-downtime
📊

Observable

Comprehensive observability with Prometheus metrics, structured JSON logging, and OpenTelemetry distributed tracing out of the box.

  • Prometheus metrics endpoint
  • Structured JSON logging
  • OpenTelemetry distributed tracing
  • Real-time health checks
🔐

Secure by Design

Memory-safe Rust eliminates entire classes of vulnerabilities. Battle-tested cryptography with rustls. No OpenSSL dependency.

  • No buffer overflows or use-after-free
  • Pure Rust TLS with rustls
  • TLS 1.2+ with strong cipher suites
  • Runs as non-root (UID 65534)
☁️

Cloud Native

Designed for Kubernetes from the start. No external dependencies, no sidecars, no complexity. Just install and run.

  • Helm chart for easy installation
  • ConfigMap-based configuration
  • Leader election for HA
  • Horizontal pod autoscaling ready
🔗

Hybrid Ingress Mode

Run ingress anywhere—even behind NAT or firewalls. Proxies connect outbound to our edge servers, enabling ingress without inbound network access.

  • Outbound tunnel connections (no port forwarding)
  • Yamux multiplexing for efficient streaming
  • Automatic reconnection with backoff
  • Edge server for global distribution
  • Works with restrictive firewalls
🌐

Edge Server

Deploy edge servers globally to terminate TLS close to users. Tunnel connections route traffic back to your origin proxies securely.

  • Global edge presence
  • TLS termination at edge
  • O(1) hostname routing
  • Token-based authentication
  • Prometheus metrics & health checks

Clean Architecture

Clear separation between control plane and data plane. Proven pattern used by Envoy, Linkerd, and modern proxies.

Control Plane

The controller watches Gateway API resources and generates configuration for the proxy.

  • GatewayClass reconciler
  • Gateway reconciler
  • HTTPRoute reconciler
  • Config publisher (ConfigMap)
  • Leader election for HA

Data Plane

The proxy handles all traffic, routing requests to backend services with minimal overhead.

  • O(1) hostname matching
  • Prefix-tree path matching
  • Weighted round-robin load balancing
  • Connection pooling (32 conns/endpoint)
  • Circuit breakers & health checks

Edge Server

Global edge infrastructure for hybrid mode deployments. Terminates TLS and routes to origin proxies.

  • Control plane for tunnel registration (port 7844)
  • Data plane for HTTPS traffic (port 443)
  • Yamux multiplexing for efficient streams
  • DashMap session registry (O(1) lookup)
  • Token-based authentication

Tunnel Mode

Proxies behind firewalls connect outbound to edge servers. No inbound ports required.

  • Outbound-only connections (NAT-friendly)
  • Automatic reconnection with exponential backoff
  • Graceful shutdown with connection draining
  • Transport abstraction layer
  • Works through restrictive firewalls

Technology Stack

Rust

Memory safety, zero-cost abstractions, no GC

Tokio

Best-in-class async I/O runtime

Hyper

Fastest Rust HTTP implementation

Rustls

Pure Rust TLS, no OpenSSL

kube-rs

Native async Kubernetes client

Prometheus

Industry standard metrics

Yamux

Stream multiplexing for tunnels

Get Started in Minutes

Three simple steps to the fastest ingress controller in Kubernetes.

# Step 1: Install Gateway API CRDs kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml # Step 2: Install ZenoIngress helm install zenoingress oci://ghcr.io/jimmytoenners/zenoingress # Step 3: Create your first Gateway kubectl apply -f - <<EOF apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: my-gateway spec: gatewayClassName: zenoingress listeners: - name: http port: 80 protocol: HTTP EOF # That's it! You're running the fastest ingress controller in Kubernetes.
View Pricing Contact Sales

Ready for the World's Fastest Ingress?

Deploy ZenoIngress today and experience the performance of pure Rust in your Kubernetes cluster.

View Pricing Contact Sales