Ingress NGINX Enters Final Month of Support as Migration Deadline Approaches
With Ingress NGINX's end-of-maintenance date set for March 2026, the Kubernetes community faces a critical migration window — roughly half of all cloud-native environments still depend on the retiring controller, and many have not yet begun transitioning to Gateway API alternatives.
Ingress NGINX, the most widely deployed Kubernetes ingress controller, enters its final month of support in March 2026. After this month, the project will receive no further releases, bug fixes, or security patches — and the repository will be archived as read-only. Yet surveys indicate that roughly half of all Kubernetes deployments still rely on it.
Why It's Retiring
The Kubernetes project announced Ingress NGINX's retirement in November 2025, citing the shift to the Gateway API as the preferred mechanism for traffic routing in Kubernetes. The Gateway API provides richer routing capabilities, better multi-tenancy support, and a more extensible architecture than the Ingress resource that Ingress NGINX implements. SIG Network and the Security Response Committee have recommended that all Ingress NGINX users begin migration immediately.
Migration Options
Organizations migrating away from Ingress NGINX have several alternatives. The Gateway API, now supported by multiple implementations including Envoy Gateway, Istio, and Cilium, is the Kubernetes project's recommended path. NGINX Inc. also offers its own NGINX Ingress Controller (a separate project from the community Ingress NGINX) that will continue to be maintained. Other options include Traefik, HAProxy, and Kong, each with their own strengths for different use cases.
Migration Challenges
The primary migration challenge is not technical but operational: Ingress NGINX configurations often contain years of accumulated customizations, annotations, and workarounds that may not have direct equivalents in alternative controllers. Organizations need to audit their Ingress resources, identify custom annotations, and test equivalent configurations in their target controller before making the switch. The Kubernetes project has published a migration guide, but the effort required depends heavily on the complexity of existing configurations. Organizations that have not started migration should prioritize it immediately — after March 2026, any security vulnerability discovered in Ingress NGINX will remain unpatched indefinitely.
Related Articles
GitHub Expands Developer Platform with Actions Artifacts v5 and Copilot Extensions GA
GitHub has shipped Actions Artifacts v5 with immutable storage and artifact attestation for tamper-proof build outputs, alongside the general availability of Copilot Extensions that let third-party tools integrate directly into the Copilot chat experience. The platform also expanded GitHub Models with seven new providers.
Docker Engine 29.3 Ships with Native gRPC Support and BuildKit v0.28
Docker Engine 29.3.0 introduces native gRPC support on listening sockets, BuildKit v0.28.0, and a new bind-create-src option for flexible volume mounting. The release lowers the minimum API version to v1.40 for broader backward compatibility and fixes DNS configuration corruption during daemon reloads.
GitHub Adds Dependabot Pre-Commit Support and 28 New Secret Scanning Detectors
GitHub has shipped two major supply chain security features: Dependabot now parses .pre-commit-config.yaml files and opens PRs to update hook versions, while secret scanning gains 28 new detectors from 15 providers including Snowflake, Supabase, and Vercel. Push protection is now enabled by default for 39 secret types.