## Summary Cloud Native GitLab uses NGINX Ingress to expose GitLab via HTTP(S) and SSH (for Git). NGINX Ingress was announced to be retires in March 2026. After this date, no bug or security fixes will be available for NGINX Ingress. >>> Best-effort maintenance will continue until March 2026. Afterward, there will be no further releases, no bugfixes, and no updates to resolve any security vulnerabilities that may be discovered. Existing deployments of Ingress NGINX will continue to function and installation artifacts will remain available. We recommend migrating to one of the many alternatives. Consider migrating to Gateway API, the modern replacement for Ingress. >>> https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/ Gateway API is an Kubernetes project focused on superseding the Ingress API and GA since [October 2023](https://kubernetes.io/blog/2023/10/31/gateway-api-ga/). To accommodate the sudden retirement of NGINX Ingress, Cloud Native GitLab should support Gateway API and make it the new default. Cloud Native GitLab can continue to support Ingress, but should not ship/enable a deprecated Ingress controller (like NGINX Ingress) by default. ### **WiP** Roadmap #### Stage 1: Initial Gateway API support * [x] Initial support for Gateway API in GitLab chart * [x] Basic validation of Gateway API with QA in CI * [x] Certificate automation with certmanager. * [x] Decide if we should bundle a Gateway API controller (e.g. Envoy Gateway) #### Stage 2: NGINX Ingress Deprecation and full Gateway support * [ ] Support and validation of Gateway API in advanced scenarios like: * [ ] [Multiple webservice deployments](https://docs.gitlab.com/charts/charts/gitlab/webservice/#deployments-settings). * [ ] [Smartcard traffic](https://docs.gitlab.com/administration/auth/smartcard/). * [ ] GitLab Geo * [ ] GRPC for KAS (see https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/issues/766) * [ ] Support Gateway API with GitLab Operator * [ ] Document transition from (NGINX) Ingress to Gateway API * [ ] Announce GitLab's deprecation of NGINX Ingress * [ ] Assist GitLab owned infrastructure to migrate to Gateway API * [ ] Investigate FIPS options (Dedicated for Gov) * [ ] Assist migrating .com infrastructure * [ ] Assist migrating Dedicated infrastructure #### Stage 3: Make Gateway API the default * [ ] Change Cloud Native GitLab to default to Gateway API. * [ ] Drop all bundled Ingress controllers (NGINX, HAProxy, Traefik) ### References * NGINX Ingress retirement: https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/ * https://gitlab.com/gitlab-com/gl-infra/software-delivery/operate/team-tasks/-/issues/13+ * Gateway API docs: https://gateway-api.sigs.k8s.io/ ### Notes * .com mainly uses HAProxy and only a portion of the traffic goes through NGINX Ingress: https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4637#note_2912169290 * rollout to .com should be evaluated in `preprod` which is networking very similar to gstg and prod: https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4637#note_2912868937 * Dedicates uses NGINX Ingress only: https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4637#note_2913610109 --- <!-- STATUS NOTE START --> ## Status 2026-02-17 :clock1: **total hours spent this week by all contributors**: 25 :tada: **achievements**: * Breaking change request was approved and user-facing deprecations have merged: * https://docs.gitlab.com/update/deprecations/#support-for-nginx-ingress-haproxy-and-traefik-charts * https://docs.gitlab.com/update/deprecations/#support-for-nginx-ingress * Blockers to Envoy Gateway to rollout to `pre` identified and mostly solved * GitLab Geo via Gateway API: * Support for unified URLs via Gateway API merged * Validation of SSH+Geo+Gateway API is collaboration with ~"group::geo" progresses * Integration of Envoy via GET progresses, validation passed but a few edge cases yet need to be handled :issue-blocked: **blockers**: No blockers at the moment. :arrow_forward: **next**: * Complete Geo, GET, and Operator work. * Commit to FIPS timeline in https://gitlab.com/gitlab-org/build/team-tasks/-/work_items/144. _Copied from https://gitlab.com/groups/gitlab-com/gl-infra/software-delivery/operate/-/epics/5#note_3088067432_ <!-- STATUS NOTE END -->