TL;DR: Kubernetes SIG Network has announced the retirement of Ingress NGINX, with best-effort maintenance ending in March 2026 and no future fixes after that, according to Kong. The practical issue is not just migration timing but the security and governance debt created by keeping critical ingress paths on a component with no ongoing vulnerability response.
At a glance
What this is: Kong argues that Ingress NGINX retirement makes Gateway API migration the safer long-term path for Kubernetes networking and API governance.
Why it matters: IAM and platform teams need to treat ingress migration as an access and control-plane governance issue because routing, policy enforcement, and operational ownership all change with the move to Gateway API.
By the numbers:
👉 Read Kong's analysis of Ingress NGINX retirement and Gateway API migration
Context
Ingress NGINX retirement creates a governance gap, not just a tooling change. When a core ingress layer stops receiving releases, bug fixes, and security updates, teams have to decide how they will preserve control over traffic routing, policy enforcement, and operational accountability across Kubernetes estates.
The shift matters to identity practitioners because the networking layer is where API access, service exposure, and platform boundaries are enforced. Gateway API moves those responsibilities into a more explicit model, which affects how platform teams separate duties, manage change, and maintain traceability across application and infrastructure teams.
For teams already carrying large Ingress deployments, the issue is typical rather than exceptional. Most enterprises are under pressure to modernise a legacy routing model while avoiding service disruption and preserving existing governance assumptions.
Key questions
Q: How should teams migrate from Ingress NGINX to Gateway API without breaking existing traffic?
A: Treat the move as a phased control-plane migration, not a simple YAML translation. Start with low-risk services, validate routing parity, compare observability outputs, and keep a rollback path until the new model has proven stable. The main goal is preserving service continuity while ownership, policy, and traffic rules are re-established.
Q: What happens when a Kubernetes ingress component reaches end of maintenance?
A: The main risk is lifecycle exposure. Once upstream maintenance ends, security fixes and bug fixes stop arriving, so even stable deployments inherit unbounded vulnerability and compatibility risk. Teams should treat that date as a governance deadline for ownership, inventory, and migration planning rather than waiting for a failure.
Q: What do platform teams get wrong about ingress migration?
A: They often treat it as a technical rewrite instead of an operational ownership problem. The hard part is not converting resources, but deciding who approves changes, who validates policy behaviour, and how exceptions are tracked while old and new routing models coexist.
Q: Who should be accountable for retiring legacy ingress in Kubernetes?
A: Accountability should sit with the team that owns platform networking governance, with security, SRE, and application owners sharing review responsibilities. The critical point is that retirement is a managed lifecycle event, so it needs an explicit owner, a migration plan, and a decommission date.
Technical breakdown
Why Gateway API changes Kubernetes traffic governance
Gateway API replaces a single ingress abstraction with distinct resources such as GatewayClass, Gateway, and HTTPRoute. That matters because routing intent becomes more explicit and portable, while policy decisions can be separated from application deployment logic. In practice, this reduces ambiguity in who owns traffic rules, how changes are reviewed, and where operational boundaries sit between platform and app teams.
Practical implication: map current ingress responsibilities to explicit Gateway API ownership before migration so routing, policy, and approval paths do not collapse into ad hoc exceptions.
Ingress NGINX retirement and the security lifecycle problem
A component retirement is a lifecycle event, not a feature release. Once updates stop, the control plane becomes frozen in place, which means newly discovered vulnerabilities and compatibility issues will no longer be addressed by upstream maintenance. For Kubernetes operators, that shifts risk from implementation quality to lifecycle exposure, because even a stable deployment can become an unsupported dependency overnight.
Practical implication: track ingress components as governed assets with ownership, support status, and retirement dates, not as static cluster plumbing.
Dual-API support as a migration architecture
Supporting both Ingress and Gateway API during transition is an architectural pattern for reducing migration friction. It lets teams move workloads in phases instead of forcing a flag-day cutover, while preserving continuity for existing routes and operational processes. The technical value is not just compatibility, but a controlled overlap period where old and new models can be validated side by side.
Practical implication: design migration waves around validation checkpoints, not wholesale replacement, so security and availability teams can verify parity before decommissioning the old path.
NHI Mgmt Group analysis
Ingress retirement is a lifecycle governance event, not an infrastructure footnote. Once an ingress component loses upstream security maintenance, the organisation inherits support risk as well as migration risk. That changes the governance question from "what features do we need" to "which access path is now operating outside an active security lifecycle". Practitioners should treat unsupported ingress as an exposure class in its own right.
Gateway API is becoming the control boundary that legacy ingress never fully provided. The move matters because it creates clearer separation between platform ownership and application routing intent. That separation improves reviewability, but it also forces teams to formalise responsibility where Ingress NGINX often allowed informal practice. The implication is that Kubernetes networking governance will increasingly be measured by explicit ownership, not by routing convenience.
Dual-API migration is the right pattern when change management, not capability, is the real constraint. Large estates fail on transition orchestration more often than on missing functionality. A phased overlap model reduces operational shock, but it also exposes whether the organisation has a real inventory of ingress dependencies. Practitioners should read migration tooling as a governance enabler, not merely an accelerator.
Identity and API governance are converging at the Kubernetes edge. As APIs become the primary interface for applications and automation, the ingress layer becomes part of the identity control surface. That means access, routing, and telemetry decisions are no longer separable concerns. Practitioners should align platform networking plans with broader API governance and lifecycle management.
Ingress NGINX’s retirement sharpens the runtime governance gap. The underlying assumption was that widely deployed infrastructure can be maintained indefinitely through inertia. That assumption fails when the ecosystem decides to end support, because the operational model depends on a living upstream. The implication is that teams need retirement-aware governance for every critical control-plane dependency.
From our research:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
- For a governance baseline that spans machine and agent identity, see NHI Lifecycle Management Guide for lifecycle controls that matter before a control plane is retired.
What this signals
Gateway API migration should be treated as a control-plane governance programme, not a one-time platform refresh. Teams that inventory owners, route dependencies, and rollback paths now will be better positioned to manage the next wave of Kubernetes networking change without creating hidden exposure.
Lifecycle drift: unsupported infrastructure is often still operational when the governance model around it has already failed. That is the real lesson for practitioners planning ingress retirement, because ownership gaps become visible only when support ends and the work is already overdue.
For practitioners
- Inventory every Ingress NGINX dependency Identify clusters, namespaces, routes, and application owners that still rely on Ingress NGINX, then classify each dependency by business criticality and replacement complexity.
- Assign retirement ownership for ingress components Create a named owner for ingress lifecycle decisions, including support status, migration sequencing, exception handling, and decommission sign-off.
- Pilot Gateway API on low-risk services first Use a limited workload set to validate routing parity, policy behaviour, and observability before moving high-traffic or regulated services.
- Preserve a phased overlap window for migration Keep legacy ingress and Gateway API running in parallel long enough to compare config translation, rollback behaviour, and operational visibility.
Key takeaways
- Ingress NGINX retirement turns a routing decision into a lifecycle governance problem because unsupported control planes accumulate risk even when they remain functional.
- Gateway API changes Kubernetes networking by making ownership, policy, and routing intent more explicit, which improves governance but requires a more disciplined operating model.
- Teams that inventory dependencies, assign retirement owners, and migrate in phases will reduce disruption and avoid turning a platform transition into an ungoverned outage.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST CSF 2.0, NIST Zero Trust (SP 800-207) and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | GV.OC-01 | Ingress retirement changes ownership and operating context for a core control-plane dependency. |
| NIST Zero Trust (SP 800-207) | PR.AC-4 | Gateway routing affects how access and policy are enforced at the service boundary. |
| NIST CSF 2.0 | PR.IP-12 | Retirement planning depends on formal change management and dependency tracking. |
Define ownership for ingress lifecycle decisions and record retirement status in governance registers.
Key terms
- Gateway API: A Kubernetes networking standard that separates traffic routing intent from implementation details. It gives platform teams more explicit resources for gateways, routes, and classes, which improves ownership clarity and makes policy enforcement easier to govern across large clusters.
- Ingress NGINX: A widely used Kubernetes ingress controller that has historically translated external traffic into cluster services. In governance terms, it is a control-plane dependency whose support lifecycle matters as much as its routing functionality.
- Lifecycle governance: The discipline of managing a technology component from adoption through support, retirement, and decommissioning. In identity and platform security, it means support status, ownership, and transition planning are treated as security controls rather than administrative afterthoughts.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by Kong: Farewell Ingress NGINX: Explore a Better Path Forward with Kong. Read the original.
Published by the NHIMG editorial team on 2025-11-14.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
