Skip to content

Overview

Ingress controllers have long served as the primary mechanism for routing external HTTP/HTTPS traffic into applications running inside Kubernetes clusters. They provide a programmable, declarative method to expose services, enforce routing rules, handle TLS termination, and implement security policies at the cluster edge.

As Kubernetes adoption grew, ingress controllers became a foundational component of platform engineering, DevOps, and application delivery workflows. Whether you're operating multi-tenant clusters, running hybrid workloads, or building enterprise platforms, ingress controllers play an essential role in connecting users to services.

However, the Kubernetes networking landscape is evolving. With the End-of-Life (EOL) of the community-maintained Ingress NGINX Controller in early 2026 and the gradual deprecation of older Ingress APIs, teams should understand the current state of ingress technology and the path forward.

Important

Please read this important blog on the EOL of the community Ingress NGINX Controller (early 2026) and the deprecation of legacy Ingress APIs. This impacts long-term supportability, security posture, and recommended architecture patterns for Kubernetes networking.

What Is an Ingress Controller?

An Ingress Controller is a Kubernetes component that implements the Ingress API and configures an underlying proxy (such as NGINX, Envoy, HAProxy, or Traefik) to route traffic based on user-defined rules.

Typical features include:

  • HTTP/HTTPS routing and path-based rules
  • TLS termination and certificate management
  • Request rewriting, header manipulation, redirects
  • Load balancing to backend Kubernetes Services
  • Access control, rate-limiting, WAF, and security enforcement
  • Support for multi-tenant routing and namespace isolation

Although the Ingress API has served the ecosystem for years, growing demands such as multi-protocol traffic, advanced routing, and separation of duties have highlighted limitations in the original API design. This has accelerated the shift toward more modern traffic management frameworks.

Ingress Controllers and Rafay Kubernetes Management

Using Rafay Kubernetes Management, platform teams can easily deploy, manage, and lifecycle ingress controllers across fleets of clusters—whether on-premises, public cloud, or at edge locations.

Rafay provides:

  • Blueprint-based deployment of ingress controllers
  • Lifecycle management (updates, configuration, and policy enforcement)
  • Multi-cluster governance across heterogeneous environments
  • GitOps-driven workflows to ensure consistency and repeatability
  • Integration with certificate management, secrets management, and cluster add-ons

Rafay supports both traditional ingress controllers and the next-generation Gateway API ecosystem, enabling teams to modernize at their own pace.

The Transition Toward Gateway API

Kubernetes SIG Network has developed the Gateway API as the long-term successor to the Ingress API. Unlike traditional Ingress resources, Gateway API provides:

  • A richer and more extensible routing model
  • Support for multiple protocols (HTTP, TCP, UDP, gRPC, TLS)
  • Clear separation of roles (platform operator vs. application developer)
  • Stronger conformance testing and standardized behaviors
  • Better integration with service mesh and advanced networking

Because the Ingress NGINX Controller is entering EOL and the Ingress API is largely feature-frozen, the Kubernetes community strongly recommends adopting Gateway API for new workloads and planning migration for existing ones.

Supported Ingress Controllers

Rafay enables customers to deploy and manage a wide range of ingress and gateway controllers, including:

  • NGINX Ingress Controller (commercial F5/NGINX version)
  • Traefik Proxy
  • HAProxy Ingress/Gateway
  • Contour (Envoy-based)
  • Envoy Gateway (Gateway API native)
  • NGINX Gateway Fabric
  • Istio and Cilium Gateways

This flexibility allows teams to choose the right controller based on performance, security, compliance, or organizational standards.

When to Use an Ingress Controller vs. Gateway API

Use Ingress when:

  • You have simple HTTP/HTTPS routing needs
  • You rely on existing Ingress YAMLs and annotations
  • You require backward compatibility for legacy apps

Use Gateway API when:

  • You need multi-protocol support
  • You want a scalable model for multi-team clusters
  • You require advanced routing, policies, and extensions
  • You are migrating off EOL controllers like Ingress NGINX
  • You want future-proof Kubernetes networking aligned with the community roadmap

Rafay supports both approaches and enables smooth transition strategies across your clusters.

Summary

Ingress controllers continue to play a pivotal role in Kubernetes traffic management. However, the community’s shift toward the Gateway API and the EOL of the Ingress NGINX Controller make it essential for platform teams to reassess their networking architectures.

Rafay Kubernetes Management provides a robust foundation to deploy, manage, migrate, and scale both legacy ingress controllers and modern Gateway API-based solutions across any infrastructure footprint.

Whether you are maintaining existing workloads or planning your transition to Gateway API, Rafay ensures a secure, reliable, and future-ready approach to Kubernetes ingress management.