All Insights
Insights

The End of an Era: NGINX Ingress is Retiring. What’s next for keeping your Clusters ingress secure?

In a seismic shift for the cloud-native community, the Kubernetes project maintainers group has announced it is officially retiring the ubiquitous Ingress NGINX controller.

A recent article from The Register confirms the news that has been rumoured for months: maintenance for the project will cease, and it will be fully retired by March 2026.

For years, NGINX Ingress has been the default, go-to solution for managing external access to services in a Kubernetes cluster. Its flexibility and provider-agnostic nature made it incredibly popular.

So, why is it being retired, and what should you do next?

Why is Ingress NGINX Being Retired?

According to the report, the decision stems from a combination of factors that have made the project unsustainable.

  • Insurmountable Technical Debt: The very flexibility that made NGINX Ingress so popular has become its greatest weakness. The codebase has become complex and unwieldy, making it difficult to maintain and secure.
  • Serious Security Flaws: The project has been hit by several significant vulnerabilities over the years, including a critical flaw discovered in March 2025. These security issues are symptomatic of the deeper codebase problems.
  • Lack of Maintainers: The project has been critically under-resourced, often relying on the goodwill of just one or two developers working in their spare time.

The bottom line is clear: come March 2026, Ingress NGINX will receive no further updates or security patches. Continuing to use it past this date will expose your clusters to significant and unnecessary risk. Now is the time to plan your migration.

The Migration Options

Cloud-Native Replacements

For organisations committed to a specific cloud service provider, the most seamless transition is often to the provider’s native ingress solution. These are deeply integrated into their respective ecosystems, offering managed security, better performance, and dedicated support from the cloud provider.

At Mobilise, we specialise in helping clients leverage these native tools for optimal performance.

  • AWS: AWS Load Balancer Controller

This controller is the natural successor for anyone running EKS. It provisions and manages AWS Application Load Balancers (ALBs) and Network Load Balancers (NLBs) to handle ingress traffic. This approach offloads traffic management to a highly available, managed AWS service, simplifying your cluster’s operations.

  • Azure: Azure Application Gateway Ingress Controller (AGIC)

For AKS users, AGIC is the official solution. It configures Azure’s powerful Application Gateway to act as the ingress for your Kubernetes cluster. This allows you to use robust Web Application Firewall (WAF) features and global load balancing, all managed through the Azure control plane.

  • GCP: GKE Ingress Controller

For Google Kubernetes Engine (GKE) users can leverage the built-in GKE Ingress controller, which provisions Google’s global HTTP(S) Load Balancers. This provides a single, global IP for your services, high-performance content delivery, and seamless integration with Google Cloud Armor for security.

Powerful Third-Party Alternatives

If you operate in a multi-cloud environment or require features not available in the native controllers, several excellent third-party solutions are ready to take NGINX’s place.

  • Traefik has established itself as a leading cloud-native ingress controller, designed specifically for the dynamic nature of microservices. It’s known for its simplicity, automatic service discovery, and built-in support for Let’s Encrypt, making TLS certificate management effortless.
  • Istio Ingress Gateway, whilst Istio is a full-service mesh, its Ingress Gateway is a secure, feature-rich component for controlling all north-south traffic. It unlocks fine-grained traffic management (like canary releases and A/B testing), robust security policies, and deep observability out of the box.

Don’t Wait Until It’s Too Late

The March 2026 deadline may seem distant, but migrating your ingress controller is a critical piece of infrastructure work that requires careful planning, testing, and execution.

The retirement of NGINX Ingress is a turning point, pushing the community towards more secure, manageable, and cloud-native solutions.

How Mobilise Cloud Can Help

This is not just a simple component swap. At Mobilise Cloud, our team of cloud-native experts can help you:

  • Assess your current Ingress NGINX configuration.
  • Analyse your traffic patterns and security requirements.
  • Recommend the best-fit replacement, whether it’s a cloud-native solution or a third-party alternative.
  • Execute a seamless, zero-downtime migration.

Contact us today to start planning your migration away from NGINX Ingress and ensure your Kubernetes workloads remain secure, performant, and future-proof.

Other Insights

The End of an Era: NGINX Ingress is Retiring. What's next for keeping your Clusters ingress secure?

ServerlessDays Cardiff 2025 - Reflections from an Organiser and Sponsor

EKS Auto Mode: Effortless Kubernetes for AWS Workloads

EKS Auto Mode: Effortless Kubernetes for AWS Workloads

Enterprise and public sector trust Mobilise to securely transform their tech, teams and how they do business.

Say hello to your independence with our project enablement approach.

Read more
Home
About Us
About Us
Our Team
Social Values
Services
DevOps & Architecture
Data, Visualisation & AI
Agile Delivery & Product Management
Development
Managed Services
How To Engage
Certifications & Partnerships
AWS Advanced Consulting Partner
Microsoft Gold Partner
Redhat Advanced Partner
Case Studies
News & Insights
Company News
Tech Blog
Insights
Careers
Contact Us

Cookie Note. We use cookies to assist you with navigation and analyse site traffic. If you continue to use this site, you consent to our use of cookies.

Learn more
Accept all