Kubernetes maintainers have decided it’s not worth trying to save Ingress NGINX and will instead stop work on the project and retire it in March 2026.

Ingress NGINX is an ingress controller – a class of tool that allows external HTTP/S access to Kubernetes clusters and the applications they run.

Yesterday’s flexibility has become today’s insurmountable technical debt

According to Tabitha Sable, a staff engineer at Datadog who is also co-chair of the Kubernetes special interest group for security, “It became very popular due to its tremendous flexibility, breadth of features, and independence from any particular cloud or infrastructure provider.”

While developers have created alternatives, Sable feels “Ingress NGINX has continued to be one of the most popular, deployed as part of many hosted Kubernetes platforms and within innumerable independent users’ clusters.”

While popular, the tool is also problematic.

In March 2025, researchers at Wiz found Ingress NGINX had serious vulnerabilities that could allow complete takeover of Kubernetes clusters.

The project was already in trouble before that revelation. Researchers had previously found and fixed several major security flaws. Its maintainers last year announced they would stop adding core features and focus their efforts on a project called “InGate” that aimed to create a new ingress controller that also acted as a Gateway API controller – another means of connecting K8s clusters to the world.

On Wednesday, the Kubernetes Security Response Committee (SRC) decided to pull the plug on Ingress NGINX.

“The breadth and flexibility of Ingress NGINX has caused maintenance challenges,” Sable wrote. “Changing expectations about cloud native software have also added complications. What were once considered helpful options have sometimes come to be considered serious security flaws … Yesterday’s flexibility has become today’s insurmountable technical debt.”

Sable also wrote that Ingress NGINX “has always struggled with insufficient or barely-sufficient maintainership. For years, the project has had only one or two people doing development work, on their own time, after work hours and on weekends.”

When Wiz revealed its findings on Ingress NGINX flaws, it could find around 6,000 implementations of the tool. Come March 2026, any remaining instances will continue to work but developers will not deliver any updates.

So hop to it, K8s admins: You have a short period of time in which to consider if it’s possible to develop compensating controls that allow you to run abandonware, or pick an alternative and plan a migration. ®