Transitioning from NGINX Ingress Controller to Kubernetes Gateway API
search cancel

Transitioning from NGINX Ingress Controller to Kubernetes Gateway API

book

Article ID: 434334

calendar_today

Updated On:

Products

Symantec Identity Security Platform - IDSP (formerly VIP Authentication Hub)

Issue/Introduction

As of March 31, 2026, the Kubernetes community-maintained Ingress NGINX Controller (kubernetes/ingress-nginx) has officially reached its end-of-life for security updates and bug fixes. While existing deployments will continue to function, the project will no longer receive patches for newly discovered vulnerabilities (CVEs), posing a security risk to production environments. This article outlines the risks of remaining on the deprecated controller and provides the recommendation to migrate to the Kubernetes Gateway API.

While the NGINX Ingress Controller was long considered the industry standard, its architectural design—heavily reliant on vendor-specific annotations—and limited contributor resources can no longer meet modern enterprise security and scalability standards.

The Kubernetes Gateway API has been established as the official successor, offering significant improvements:

  • Role-Oriented Design: Provides a clear separation of concerns between infrastructure providers, cluster operators, and application developers.
  • Standardization: Native support for advanced features like header-based routing and traffic splitting, eliminating the need for "annotation sprawl."
  • Future-Proofing: Full alignment with the long-term Kubernetes networking roadmap and active community support.

Critical Deadline

[!IMPORTANT] Key Deadline: March 31, 2026 After this date, the NGINX Ingress Controller will no longer receive security patches, bug fixes, or compatibility updates for new Kubernetes releases. While existing deployments will continue to function, they may be vulnerable to newly discovered CVEs.

Environment

Symantec Identity Security Platform (IDSP) - formerly VIP Authentication Hub

Resolution

To ensure long-term security, Broadcom recommends that all customers currently utilizing the NGINX Ingress Controller begin planning their migration to the Gateway API immediately.

Migration Steps

  1. Review the Migration Guide: Detailed technical steps for transitioning your specific workloads are provided in the attached documentation.
  2. Lower Environment Testing: Perform a full migration in a development or staging environment to validate routing rules and application behavior.
  3. Production Rollout: Once validated, schedule the production transition.

Note:

IDSP version 4.0.2 will have the Gateway API support and it is tentatively expected by mid-April 2026.

Attachments

gateway-api-migration 1.2.1.pdf get_app
Powered by Wolken Software