// the find
kubernetes/ingress-nginx
Ingress NGINX Controller for Kubernetes
The canonical NGINX-based ingress controller for Kubernetes, which handled HTTP routing for a massive fraction of production clusters for the better part of a decade. It is now officially retired — no new features, no bugfixes, and critically, no security patches after March 2026. If you have this deployed, you need a migration plan; if you don't, the README tells you not to start.
The kubectl plugin (ingress-nginx) is genuinely useful for debugging running deployments — you can inspect live backends, dump the rendered nginx.conf, and view TLS certs without exec-ing into the pod. The Helm chart is one of the most thoroughly tested in the ecosystem, with CI value files covering daemonset, deployment, HPA, KEDA, metrics, and webhook permutations. The annotation system (via Lua) lets you apply per-route rate limiting, auth, and header manipulation without touching the global config, which was the right tradeoff for its era. Build and release process is well-documented with explicit version compatibility tables that actually tell you which k8s versions are tested.
It's dead. No security fixes after March 2026 means any CVE discovered in NGINX or the controller itself after that date stays open forever in your cluster. The multi-tenant security model is broken by design — the project itself warns that anyone who can create Ingress objects effectively has cluster-admin influence over routing, making it unsafe for shared clusters. The nginx.conf generation is a Go-templated string blob patched with Lua snippets; when something generates wrong config, you're debugging three languages simultaneously with no good tooling. Migration to Gateway API is the recommended path but there's no automated tooling for it — you're rewriting ingress manifests by hand and the two models differ enough that it's not mechanical.