本文由 AI 分析生成
建立時間: 2026-03-28 來源: https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/
Summary
Official Kubernetes announcement (November 2025) of Ingress NGINX retirement. Best-effort maintenance through March 2026, then no further releases, bugfixes, or security patches. Users recommended to migrate to Gateway API or an alternative Ingress controller immediately.
Kubernetes 官方公告(2025 年 11 月)宣布 Ingress NGINX 退役。最大努力維護至 2026 年 3 月,之後不再發布版本、修復錯誤或安全補丁。建議用戶立即遷移到 Gateway API 或其他 Ingress 控制器。
Key Points
- End date: March 2026 — maintenance halted, GitHub repo becomes read-only
- No security fixes after March 2026: any vulnerabilities discovered post-retirement will not be patched
- Existing deployments continue to work: no breaking change; artifacts (Helm charts, container images) remain available
- Root cause of retirement: chronically insufficient maintainership (1-2 people, after hours/weekends); “snippets” annotations became a security liability; InGate replacement never reached maturity
- Check if you’re affected:
kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx - Migration path: Gateway API (official modern replacement) or any of the alternative Ingress controllers listed in Kubernetes docs
Insights
The Ingress NGINX retirement is a significant operational event for the Kubernetes ecosystem — Ingress NGINX is one of the most widely deployed components, present in countless homelabs, managed cloud platforms, and enterprise clusters. The maintainer burnout story is important: a project serving billions of requests was sustained by 1-2 volunteer maintainers in their spare time. The “snippets” annotation security issue illustrates a general pattern: flexible escape hatches (arbitrary NGINX config) become security liabilities at scale. Teams using Ingress NGINX in production should begin migration planning; the March 2026 EOL creates a hard deadline for anyone who cares about security patches.
Connections
Raw Excerpt
SIG Network and the Security Response Committee recommend that all Ingress NGINX users begin migration to Gateway API or another Ingress controller immediately. After March 2026, there will be no further releases, no bugfixes, and no updates to resolve any security vulnerabilities that may be discovered.