Why Ingress NGINX Is Retiring and How to Migrate to the Modern Gateway API

What Is Ingress NGINX?

Ingress NGINX is a widely used Ingress controller that watches Ingress objects in a Kubernetes cluster and programs NGINX to route external traffic to internal services.

Example Ingress manifest:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  namespace: default
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: example-service
            port:
              number: 80

This configuration routes traffic for example.com to the example-service on port 80.

Why Choose Gateway API?

Ingress NGINX suffers from inconsistent vendor behavior due to heavy reliance on annotations, which can cause unpredictable migration issues and have led to several CVE vulnerabilities. It also lacks robust status fields, making troubleshooting difficult.

Since 2019 the Kubernetes community has been evolving the Ingress API, and the Gateway API reached GA in October 2023 with stable core resources such as Gateway, GatewayClass, and HTTPRoute.

Gateway API Advantages

Scalability : Customizable traffic policies, rate limiting, and other extensions.

Status fields : Clear indication of acceptance, configuration success, and errors.

Example using a core Gateway and an extended TrafficPolicy resource:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: http
spec:
  gatewayClassName: kgateway
  listeners:
  - protocol: HTTP
    port: 80
    name: http
---
apiVersion: gateway.kgateway.dev/v1alpha1
kind: TrafficPolicy
metadata:
  name: transformation
spec:
  targetRefs:
  - group: gateway.networking.k8s.io
    kind: HTTPRoute
    name: http
  transformation:
    request:
      add:
      - name: x-forwarded-uri
        value: 'https://{{ request_header(":authority") }}{{ request_header(":path") }}'

After deployment, each resource’s status fields show whether the configuration is accepted and any errors, e.g., status: "True", reason: Accepted.

Envoy Proxy

Many Gateway API implementations use Envoy as the data plane—projects such as Istio, kgateway, Contour, Cilium, Envoy Gateway, and Emissary‑Ingress all rely on Envoy for high‑performance traffic handling. While small deployments are straightforward, large‑scale setups (e.g., 20 000 routes generating 500 000 lines of Envoy config) demand an efficient and scalable control plane.

Gateway API Performance Benchmarks

Performance is critical across bare‑metal, virtual, cloud, Kubernetes, and serverless environments. John Howard’s v2 benchmark provides reproducible test scripts and results for evaluating control‑plane scalability.

Inference and Agentic AI

According to the CNCF Cloud‑Native Development Report, about one‑third of cloud‑native developers are already using AI. For AI workloads, a unified Gateway that handles both Ingress traffic and inference/agentic AI traffic is recommended. The CNCF Tech Radar rates gateways for AI use cases, helping teams choose suitable solutions.

Summary

Adopt the Kubernetes Gateway API as a replacement for Ingress NGINX.

Provides stable performance for both a few and thousands of routes.

Open‑source and preferably hosted by a neutral foundation.

Backed by an active community.

Supports inference and agentic AI workloads.

Easy to use and extend.

Consider additional evaluation criteria for gateways and reach out to the kgateway or Istio maintainers for assistance.