Ingress‑NGINX retirement deadline
What happened
Ingress‑NGINX is being retired and the Kubernetes project released Ingress2Gateway 1.0 to accelerate migration to the Gateway API — migration is now a security imperative, not just an operational upgrade. The Gateway API gives finer policy control and integrates better with compliance automation for DoD workloads. (kubernetes.io)
Why it matters
Ingress2Gateway 1.0 was published on March 20, 2026 and credited to Beka Modebadze (Google) and Steven Jin (Microsoft). The 1.0 changelog introduces a pluggable emitter architecture and ships emitters for the Standard output, Envoy Gateway, and Kgateway. Release notes enumerate expanded translation for common ingress-nginx annotations including header manipulation, CORS, redirects, timeouts, path rewrite, backend TLS, buffer sizing, and IP-range control. ingress2gateway now exposes a CLI, a Web UI and a GitHub Action that convert Ingress and provider CRDs into Gateway API resources via an intermediate representation to preserve vendor-specific behaviors. The Kubernetes project has set March 2026 as the retirement window for the community kubernetes/ingress-nginx controller and gave notice that no further releases, bug fixes, or security updates will be produced after that date. Gateway API enforces a role-oriented model (GatewayClass → Gateway for infra, HTTPRoute for app routing) and supports attachable policy types and policy-controller integrations such as TLSPolicy examples and Gatekeeper/OPA enforcement, enabling route-level TLS and policy automation workflows.
Key numbers
- Ingress‑NGINX is being retired and the Kubernetes project released Ingress2Gateway 1.0 to accelerate migration to the Gateway API — migration is now a security imperative, not just an operational upgrade.
- (kubernetes.io) Ingress2Gateway 1.0 was published on March 20, 2026 and credited to Beka Modebadze (Google) and Steven Jin (Microsoft).
- The 1.0 changelog introduces a pluggable emitter architecture and ships emitters for the Standard output, Envoy Gateway, and Kgateway.
- ingress2gateway now exposes a CLI, a Web UI and a GitHub Action that convert Ingress and provider CRDs into Gateway API resources via an intermediate representation to preserve vendor-specific behaviors.
What happens next
- The Kubernetes project has set March 2026 as the retirement window for the community kubernetes/ingress-nginx controller and gave notice that no further releases, bug fixes, or security updates will be produced after that date.
Sources
Quick answers
What happened in Ingress‑NGINX retirement deadline?
Ingress‑NGINX is being retired and the Kubernetes project released Ingress2Gateway 1.0 to accelerate migration to the Gateway API — migration is now a security imperative, not just an operational upgrade. The Gateway API gives finer policy control and integrates better with compliance automation for DoD workloads. (kubernetes.io)
Why does Ingress‑NGINX retirement deadline matter?
Ingress2Gateway 1.0 was published on March 20, 2026 and credited to Beka Modebadze (Google) and Steven Jin (Microsoft). The 1.0 changelog introduces a pluggable emitter architecture and ships emitters for the Standard output, Envoy Gateway, and Kgateway. Release notes enumerate expanded translation for common ingress-nginx annotations including header manipulation, CORS, redirects, timeouts, path rewrite, backend TLS, buffer sizing, and IP-range control. ingress2gateway now exposes a CLI, a Web UI and a GitHub Action that convert Ingress and provider CRDs into Gateway API resources via an intermediate representation to preserve vendor-specific behaviors. The Kubernetes project has set March 2026 as the retirement window for the community kubernetes/ingress-nginx controller and gave notice that no further releases, bug fixes, or security updates will be produced after that date. Gateway API enforces a role-oriented model (GatewayClass → Gateway for infra, HTTPRoute for app routing) and supports attachable policy types and policy-controller integrations such as TLSPolicy examples and Gatekeeper/OPA enforcement, enabling route-level TLS and policy automation workflows.
