Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
chuckadams 4 days ago

Ingress is frozen, not deprecated. Gateway does more, but Ingress isn’t going anywhere. It’s a stable API, which is the opposite of churn.

physicsguy 4 days ago | parent | next [-]

Til there's a security issue, right? Nginx is a big target.

chuckadams 3 days ago | parent [-]

The API of Ingress is not Nginx's API. The spec itself is basically a yaml schema, it's hard to have a vulnerability in that.

physicsguy 2 days ago | parent [-]

There have been critical vulns in nginx-ingress (the part which is deprecated) like this: https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025...

If you're using it after it's dead, you're at risk of further problems of this nature that aren't in the underly nginx reverse proxy but in the code wrapping it.

chuckadams 2 days ago | parent [-]

That's one reason I've always used Traefik as my Ingress (I work mostly with K3S, which uses it by default). Which appears to have had its own security issues too, but it still looks like an implementation issue, not a weakness designed in by the spec.

On EKS I'm using whatever AWS has brewed up to integrate ELB/ALB, but I'll tend to trust it ... though maybe I shouldn't, given all the troubles I have with other integrations like secrets management.

SOLAR_FIELDS 3 days ago | parent | prev [-]

Would love to use Gateway! Every time I spin up a new cluster it goes like this:

- New cluster setup, time to use gateway! Yay!

- Oh crap, like 80% of the helm chart and other existing configurations I need for the softwares I'm trying to deploy STILL doesn't use gateway, this new API that's been out for... like half a decade at least.

- Even core networking things like Istio/Envoy only have limited gateway support compared to ingress

- Sigh. Ingress again.

It's been like this since gateway's inception and every time I check the needle has moved like 2% towards gateway. So I'm looking forward to year 2050 when I can use gateway!

The problem, as CNCF knows, if they pushed Gateway and deprecated ingress the world would revolt due to the amount of work involved to migrate stuff. Therefore, they leave it up to "the people" to do the extra work themselves, who have no incentive to do so since for many usecases it's not materially better.