21. January | Platform

Ingress-NGINX is being discontinued: Traefik, Gateway API, Service Mesh, or API Gateway?

The Ingress-NGINX project will be officially discontinued in March 2026. Until then, only "best-effort" maintenance will be performed – after that, there will be no more releases, bug fixes, or security updates. What decisions do platform teams need to make now?

Table of Contents

The Ingress-NGINX project will be officially discontinued in March 2026. Until then, only “best-effort” maintenance will be performed – after that, there will be no more releases, bug fixes, or security updates. Existing deployments are expected to continue to function, but without maintenance or security guarantees. For many companies, this is not a minor technical issue, but a strategic risk:

An unpatched, internet-exposed edge component quickly becomes a compliance and operational problem.

What exactly will change from March 2026?

Ingress-NGINX has been one of the most widely used Ingress controllers in the Kubernetes ecosystem for years – accordingly, the affected area in productive environments is large.

From March 2026:

No Security Fixes
No Bugfixes
No Community Maintenance
Increasing operational, audit, and compliance risk

FULLSTACKS therefore expressly recommends starting the migration now – either towards Gateway API or to an alternative Ingress controller.

Why “letting it continue to run” is not an option!

Even if a system appears stable in the short term:
As soon as security vulnerabilities occur, upstream patches will be missing after March 2026. This has typical consequential effects:

Security & Compliance
ISO/audit requirements, internal security policies, or regulatory requirements often do not allow “unpatched”.

Operational Stability
Kubernetes continues to evolve – an unmaintained controller will sooner or later become a hindrance.

Dependencies on EOL Software
Releases, risk reviews, and incident analyses become significantly more difficult.

In short: Ingress-NGINX changes from an infrastructure component to a business risk.

What we recommend by March 2026 at the latest

K8S Cluster with Ingress-NGINX

Successive migration according to the migration plan
Completion by March 2026 at the latest, in order not to risk the loss of security updates

Extended support windows with SUSE

With a SUSE Enterprise Support Subscription, there is the possibility for RKE2/Rancher setups to rely on extended support (e.g. Rancher Prime LTS). This can give you additional time because security and maintenance issues are covered longer within the SUSE support window (until the end of 2027) – and migrations therefore fit better into planned change and release cycles.

Nevertheless, it remains important:
This is not a “we can ignore it” topic, but a buffer for environments with tight change windows.

The strategic direction remains clear:

Replacement of Ingress-NGINX and modernization of the Ingress/Gateway architecture – but in a controlled manner and with more planning flexibility as well as a strong manufacturer partner – SUSE – and FULLSTACKS as a partner who takes responsibility for your project.

Platform and architecture variants

Ingress/Gateway is rarely “one size fits all.”
Therefore, we derive the decision along your platform and architecture standards:

Standard Platforms:
Traefik as a uniform Ingress/Gateway layer

Service-Mesh-oriented architectures:
Gateway selection derived from mesh requirements (mTLS, East-West, L7 Policies)

Enterprise API-Management-centered Setups: Integration of a central API Gateway (AuthN/Z, Quotas, Developer Portal, API Lifecycle)

Platform-specific alternatives:
e.g. Cilium, if network/policy functions are closely coupled

Recommended Immediate Checks: In 3 Steps to a Resilient Decision

1. INVENTORY

Where is Ingress-NGINX in use (cluster/namespaces)?
Which version and which deployment (Helm/Manifests/Operator)?
Which special cases: Annotations, TLS, WAF, Auth, Rate-Limits, Custom Snippets?

2. DEFINE MIGRATION PATH

K8S: Migration according to plan, completion before March 2026
RKE2: Assess timing and dependencies (incl. support window)

3. TECHNICAL PREPARATION

Mapping Ingress-NGINX → Traefik (Annotations/Middlewares/Routing)
Check certificates & TLS handling (e.g. cert-manager)
Cleanly take along observability/logging/tracing as well as security/policy requirements

Our offer:

Clarity, predictability and a migration without failure

If you operate Ingress-NGINX productively or need to make a strategic decision in the short term, we would be happy to support you with:

Impact Assessment
of your Ingress/Gateway landscape

Decision Template
(Ingress via Traefik, alternatives, Gateway API, …)

Implementable
Migration and phase plan
incl. pilot, rollback and change windows

The right time is now: This is how an OpenSource community announcement becomes a plannable platform modernization – before March 2026 becomes an acute risk.