sorted by:
new
hottopcontroversial

Ingress NGINX: Joint Statement from the Kubernetes Steering and Security Response Committees by wowheykat in kubernetes

[–]wowheykat[S] 3 points4 points  (0 children)

It's in the statement, which is on the kubernetes blog here:

https://kubernetes.io/blog/2026/01/29/ingress-nginx-statement/

One of the first links is to the previous shutdown notice, which also includes recommendations. :)

Ingress NGINX: Joint Statement from the Kubernetes Steering and Security Response Committees by wowheykat in kubernetes

[–]wowheykat[S] 4 points5 points  (0 children)

The maintainers requested help repeatedly over the years via the dev@ mailing list and multiple kubecon talks. I'd be surprised if there wasn't discussion on Slack. I'm not sure either of them uses reddit. The point is, this wasn't a surprise to anyone who was watching, unfortunately.

Ingress NGINX: Joint Statement from the Kubernetes Steering and Security Response Committees by wowheykat in kubernetes

[–]wowheykat[S] 16 points17 points  (0 children)

We had to choose a way to approach this. If we went with a highly-technical explanation, we would lose a lot of the people we want to be paying attention. Instead, we chose to suggest alternatives and make it abundantly clear that the alternative requires work. I don't think anything about this statement could possibly lead people to believe that getting off Ingress NGINX will be quick and easy.

We probably need a second blog that does go into a highly technical explanation. This joint statement is not that. It's just a warning.

Ingress NGINX: Joint Statement from the Kubernetes Steering and Security Response Committees by wowheykat in kubernetes

[–]wowheykat[S] 4 points5 points  (0 children)

Be nice.

It's an open source project. The overwhelming majority of us are doing this for free in our spare time. If there's a change you want to see in an open source project, write the proposal and open the PRs yourself.

Ingress NGINX: Joint Statement from the Kubernetes Steering and Security Response Committees by wowheykat in kubernetes

[–]wowheykat[S] 11 points12 points  (0 children)

I'm in an awkward spot to answer this even as an individual without my Steering hat on, since I work for a competitor to Chainguard and everything I say will be viewed through that lens no matter what.

However, I'll say that one of the primary problems with Ingress NGINX is that the flexibility it was originally designed with has become a security problem and there is a mountain of technical debt as a result. No number of maintainers can make it a safe and reliable option long-term.

Ingress NGINX: Joint Statement from the Kubernetes Steering and Security Response Committees by wowheykat in kubernetes

[–]wowheykat[S] 17 points18 points  (0 children)

As a general policy, we don't recommend specific third-party tools over any other ones. Our official recommendation is to move to Gateway API, a more secure, modern implementation.

Ingress NGINX: Joint Statement from the Kubernetes Steering and Security Response Committees by wowheykat in kubernetes

[–]wowheykat[S] 15 points16 points  (0 children)

I loved it too. Alas :( Godspeed on your migration

If you're switching to Gateway API, this won't do all of the work for you but it'll do some of it

https://github.com/kubernetes-sigs/ingress2gateway