if you're running one of the half of all Kubernetes clusters that's still running Ingress NGINX (I *really* hope that figure has changed already!) then this is the month to get off what @tabbysable.bsky.social memorably describes as a neverending vulnerability piñata because it's officially retiring

@strongjz.bsky.social @kat.lol @breakawaybilly.bsky.social Nico Vibert from @isovalent.bsky.social @ofirc.com from Wiz: everyone I talked to said it's time to get off Ingress NGINX. They didn't all agree on what you should use instead, but that Gateway API is clearly the future and why migrate twice

I wanted to understand if this was the familiar under-resourced open source project story. in some ways it is: @strongjz.bsky.social was clear about how long Ingress INGINX had been asking for help and not getting long term community support. But the *real* problem is the fragility of annotations

those annotations are what will make your migration harder or easier and they're what makes not just Ingress NGINX but the Ingress project itself unsustainable; Gateway API takes a different approach but the community still needs to engage so it covers the breadth of what annotations did, safely