Kubernetes SIG Network and the Security Response Committee have announced the retirement of the Community Ingress NGINX Controller — a decision that will impact a large part of the Kubernetes ecosystem. 

“Best effort” maintenance will continue until March 2026. After that, the project will no longer receive updates, bug fixes, or security patches. 

While existing deployments will continue to run, they will do so without any security or support guarantees — raising important questions for organizations relying on it in production. 

What is changing — and why it matters.

Ingress NGINX has long been a core component for exposing Kubernetes applications. 

From March 2026 onward, the Community Ingress NGINX project will no longer receive: 

• security patches  
• vulnerability remediation (CVE fixes)  
• functional updates  

Kubernetes SIG Network recommends starting a migration now, either toward the Gateway API or another supported Ingress controller. 

From a security and governance perspective, continuing to run an unmaintained component introduces increasing risk over time. 

No immediate disruption — but increasing risk.

It’s important to clarify:
applications will not suddenly stop working in March 2026. 

However, the situation will evolve progressively: 

• no future vulnerabilities will be fixed  
• compatibility with future Kubernetes versions becomes uncertain  
• security teams lose visibility and control  

For critical, exposed, or regulated environments, this quickly becomes a strategic decision — not just a technical one. 

What are your options?

Organizations essentially have two main paths. 

1. Move to the Kubernetes Gateway API

The Gateway API is the long-term direction recommended by Kubernetes. It brings: 

• role-oriented architecture  
• standardized APIs  
• improved portability  

Many implementations already exist: https://gateway-api.sigs.k8s.io/implementations/ 

That said, this is a significant architectural shift, which can be complex for existing environments. 

2. Adopt a supported Ingress alternative

Community Ingress NGINX is not the only Ingress Controller available. 

Several actively maintained alternatives exist, including those listed by Kubernetes: https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/ 

For teams already using NGINX, F5 NGINX Ingress Controller (OSS) offers a natural and sustainable evolution: 

• open source (Apache 2.0)  
• actively maintained  
• technological continuity  
• compatible with future Gateway API adoption  

A pragmatic approach to migration.

There is no one-size-fits-all path. 

In practice, successful migrations are: 

• progressive  
• controlled  
• aligned with business and security priorities  

Most organizations benefit from stabilizing their current environments first, securing them properly, and then planning a gradual transition. 

What should you do next?

If you are: 

• running Kubernetes or OpenShift in production  
• evaluating Gateway API  
• or looking to reduce your security exposure  

Now is the right time to assess your situation and define a clear migration strategy. 

Cybersecurity is no longer a luxury – it’s a vital necessity. In Switzerland, cyberattacks are on the rise: over 2,700 companies were targeted by ransomware in a single year, and one-third of SMEs suffered attacks in 2021. In response to this growing threat, Geneva-based cybersecurity specialist e-Xpert Solutions, with over 20 years of experience, offers a proactive defense solution: AT-Defense, a managed Security Operations Center (SOC) designed to meet today’s challenges.

Why choose AT-Defense ?

24/7 Continuous Monitoring

Thanks to a dedicated team of security experts, AT-Defense provides real-time threat detection, immediate incident response, and full crisis management. The service operates around the clock, with a guaranteed response time of under one hour in 24/7 mode.

Offensive and Defensive Expertise

The SOC is powered by a certified multidisciplinary team (GCIH, GCFA, GREM), with expertise in incident response, forensic analysis, threat hunting, and vulnerability research. e-Xpert Solutions’ experts are also key contributors to the cybersecurity community (MITRE ATT&CK, publications, etc.).

Turnkey Managed Service

With rapid deployment (2 days on-site), intuitive dashboards via Splunk, centralized log management, honeypots, darknet leak detection, and weekly reports, AT-Defense is designed for simplicity and efficiency. The service includes a strict quality control process (false positive review, four-eyes principle).

Reduced Operational Burden

By outsourcing security monitoring, organizations free themselves from operational complexity while maintaining full control through a personalized monitoring portal.

ISO 27001 Certified Solution

Our SOC has been ISO 27001 certified since 2021 – a guarantee of compliance with the highest international information security standards.

Cutting-Edge Technology, Proven Expertise

AT-Defense leverages top-tier technologies: real-time SIEM correlation, attacker-trapping honeypots, advanced sensors, threat hunting capabilities, and more.

Behind the infrastructure, a team of 10 certified security experts (GCIH, GCFA, GREM) ensures high-level monitoring, backed by their experience in both offensive and defensive security, and their recognized contributions (MITRE ATT&CK, publications, conferences…).

Fast, Agile, and Tailored Response

✔️ Deployed in just 2 days with on-site assistance
✔️ Responsive SLA with under 1-hour reaction time (24×7 mode)
✔️ Easy integration into client environments
✔️ Scalable services: IRaaS, managed XDR, advanced threat detection, etc.

Why choose e-Xpert Solutions?

Founded in 2001, e-Xpert Solutions is an independent Swiss company recognized for the quality of its services and its commitment to cybersecurity. AT-Defense is a clear reflection of this vision: a reliable, expert-driven, quickly deployed solution with controlled costs, low internal impact, and a high level of protection.