Ingress NGINX Controller for Kubernetes Retires – Where to Go From Here

The retirement of the Ingress NGINX controller marks a pivotal shift in the Kubernetes landscape. While existing deployments will keep running, the lack of future bug fixes and vulnerability patches creates a growing attack surface. Organizations must assess their exposure and prioritize a mitigation strategy before March 2026. Options range from adopting a commercial ingress solution—leveraging vendor support and guaranteed CVE remediation—to embracing Chainguard’s community‑driven fork, which offers a drop‑in replacement without immediate migration effort.

For enterprises seeking a sustainable path, the industry is coalescing around the Kubernetes Gateway API. This newer standard decouples traffic management from the legacy Ingress model, enabling richer routing, role‑based controls, and seamless integration with modern data planes such as Envoy and Istio. Migrating to the Gateway API not only future‑proofs infrastructure but also aligns with broader service‑mesh strategies, delivering higher performance and observability. Companies that delay this transition risk accruing technical debt and facing costly re‑architectures later.

Fastly positions itself as a strategic partner throughout this journey. In the short term, Fastly monitors Chainguard’s fork and plans to bundle it with its security agent, offering customers a low‑friction bridge. For the long term, Fastly provides expertise in moving to the Gateway API or swapping to alternatives like HAProxy, which it fully supports within its Next‑Gen WAF. By combining advisory services with hands‑on implementation support, Fastly helps organizations mitigate immediate risks while laying the groundwork for a resilient, modern ingress architecture.