Fork Yeah: We’re keeping ingress-nginx alive
Ingress-nginx is officially being retired upstream.
As one of the original ingress networking solutions for Kubernetes, it has a large user base that will be impacted by this change.
The project is planned to be archived in March 2026. Without intervention, come March 2026, when the project is archived, it will be unmaintained and slowly become unpatched and unsafe to run.
As this would heavily impact the community, including Chainguard users and customers, we have taken action to commit to continuous maintenance of ingress-nginx through our EmeritOSS program — the same way we did with Kaniko.
Our fork is available today on GitHub.
What's up with ingress-nginx?
Ingress was the original way to direct traffic to services running in Kubernetes. It requires the use of an Ingress Controller, and ingress-nginx was one of the earliest production-ready solutions.
Maintenance and development of the ingress-nginx project has been difficult for some time, with a lack of maintainers placing an unfair burden on existing maintainers who were often working out-of-hours and unpaid on the project. With no new maintainers joining the project, this eventually led to the decision to wind it down.
Ingress-nginx is a critical component in clusters, enabling external traffic to be routed correctly into the cluster. As such, it is exposed to user input, and security is of heightened importance. It is critical that organizations do not allow unmaintained and degrading software to run in such a position.
For the most part, ingress has been superseded by the Gateway API. And for users still on ingress, there are multiple other solutions, including NGINX Ingress Controller. Our EmeritOSS program extends the working lives of core open source projects to support users who still rely on them while they consider their next steps.
What is Chainguard doing?
We need to be clear that we are not continuing the development of ingress-nginx. We are maintaining a working version based on the latest release. This support is intended to help buy users time to move to a different solution. We’re giving users time to evaluate options and develop migration strategies without risking the security of their clusters.
We will keep the project moving forward and up to date with fresh versions of libraries. If CVEs are identified, we will address them on a best-efforts basis.
We also have commercial ingress-nginx container images for users who require low CVE images with SLAs or FIPS versions.
EmeritOSS exists for exactly this moment
EmeritOSS provides stability-focused maintenance for select unmaintained and archived open source projects so teams who depend on these projects can plan their next steps.
We successfully trialled this idea with the Kaniko project and are now extending the project with Kubeapps and ingress-nginx.
If your organization depends on an archived or unmaintained project, we invite you to submit it for consideration so we can help keep essential OSS running safely for as long as you need it.
Share this article
Related articles
- open source
The State of Trusted Open Source: December 2025
Ed Sawma, VP of Product Marketing, and Sasha Itkis, Product Analyst
- open source
Introducing Chainguard EmeritOSS: Sustainable stewardship for mature open source
Erin Glass, Staff Product Manager, Dan Lorenc, CEO and Co-founder, and Kim Lewandowski, CSO and Co-founder
- open source
Fork Yeah: We’re Bringing Kaniko Back
Priya Wadhwa, Senior Engineering Manager, Kim Lewandowski, Co-founder & CPO, and Dan Lorenc, Co-founder & CEO
- open source
Guardcraft: A Minecraft Java Server with Zero CVEs
Erika Heidi, Staff Developer Experience Engineer
- open source
Wolfi: a new paradigm in Linux for containers
Erika Heidi, Developer Experience Engineer
- open source
Kubeburned out? Navigating the world of Kubernetes without losing your spark
Carlos Panato, Staff Software Engineer and Sascha Grunert, Senior Software Engineer, Red Hat