"The Kubernetes SIG Network and the Security Response Committee has announced the retirement of Ingress NGINX, one of the most widely deployed ingress controllers in the ecosystem. Best-effort maintenance will continue until March 2026, after which there will be no further releases, bug fixes, or security updates, according to an announcement made at Kubecon NA 2025. The decision will have significant implications for many organisations running Kubernetes clusters, as Ingress NGINX has been a foundational component for directing network traffic to workloads for many years. The controller became popular early in Kubernetes history due to its flexibility, extensive features, and independence from specific cloud providers."
"The announcement post explains that the project has suffered from a maintainer shortage which has ultimately become unsustainable. Ingress NGINX had only one or two people doing development work on their own time, after work hours and on weekends. Efforts to find additional support to make continuing the project viable have failed. The breadth of Ingress NGINX's functionality was once considered one of it's key strengths, but it has evolved into what the project maintainers now describe as insurmountable technical debt. Features such as being able to use arbitrary NGINX configuration directives through "snippets" annotations, initially valued for their flexibility, have come to be viewed as serious security vulnerabilities in the context of modern cloud native software."
Kubernetes SIG Network and the Security Response Committee announced retirement of Ingress NGINX with best-effort maintenance until March 2026 and no further releases or security updates after that date. Ingress NGINX has been widely deployed as a flexible, feature-rich, cloud-agnostic ingress controller that directed network traffic to workloads. The project became unsustainable due to a severe maintainer shortage, with one or two people doing development in off-hours and failed efforts to recruit additional support. The controller accumulated insurmountable technical debt; features like arbitrary NGINX directive "snippets" are now seen as security vulnerabilities. A replacement named InGate failed to gain sufficient interest.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]