Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Kubernetes community recently announced that Ingress NGINX, one of the most widely used Ingress controllers, will be retired. This change means teams need to plan for a secure, modern, and future-proof alternative for managing Kubernetes traffic. The Kubernetes SIG Network and the Security Response Committee confirmed that the project will only receive basic maintenance until March 2026. After that, there will be no new releases, bug fixes, or security updates.

If you’ve managed traffic in Kubernetes, you’ve likely navigated the world of Ingress controllers. For years, Ingress has been the standard way of getting our HTTP/S services exposed. But let’s be honest, it often felt like a compromise. We wrestled with controller-specific annotations to unlock critical features, blurred the lines between infrastructure and application concerns, and sometimes wished for richer protocol support or a more standardized approach.

Calico has used eBPF as one of its dataplanes since version 3.13, released more than five years ago. At the time, this was an exciting step forward, introducing a new, innovative data plane that quickly gained traction within the Calico community. Since then, there have been many changes and continued evolution, all thanks to the many adopters of the then-new data plane.