Kubernetes project announced the retirement of the Ingress NGINX Controller. This leaves many Kubernetes ingress installations without a supported path forward and gives customers only five months to migrate to an alternative controller.
While the retirement of Ingress NGINX is disruptive, it can also become a catalyst for modernizing Kubernetes ingress. VMware Avi Load Balancer for Kubernetes (Avi) can help you turn this forced migration into an architectural upgrade with additional unique operational and security capabilities not available in alternative open-source or vendor offerings.
Avi is a turnkey secure ingress solution for enterprises that demand scale, reliability, and consistent performance. Deployed by Fortune 100 organizations (including banks, telecommunications providers, government/defense agencies and national retailers), Avi’s software-defined & distributed load-balancing fabric ensures predictable throughput, resilience, and performance even during peak demand. Trusted and deployed in the world’s largest and most complex environments across diverse verticals, Avi delivers a level of elastic scale-out, deep visibility and enterprise-grade stability that goes far beyond traditional solutions like Ingress NGINX and legacy architectures.
Here are 7 compelling reasons to choose Avi:
Truly Software-Defined: Elastic, Automated, Active-active and Self-Healing
The end of life for Ingress NGINX presents an opportunity to transition to a modern software-defined networking solution like Avi. Avi is the only hybrid cloud load balancer in the world that is software-defined (with a decoupled centralized control plane and distributed data plane). Avi offers full automation with advanced analytics, programmability, and integrated security, designed for dynamic Kubernetes environments. This makes it not only a more agile and efficient choice but also future-proof, supporting the growing demands of generative AI and other advanced technologies that require high-performant, scalable, intelligent load balancing solutions.
Key Avi capabilities include:
- Elastic scale-out and scale-in based on real traffic patterns
- Self-healing service engines that automatically redeploy when unhealthy
- Dynamic resource optimization
- N-way active-active high availability
- Centralized management for multi-cluster deployments
Future-proof Kubernetes Investments with Comprehensive Gateway API support
Support for the Kubernetes Gateway API is essential for customers seeking a modern, flexible, and scalable approach to traffic management. The Gateway API offers advanced routing, improved security, and better role-based control, ensuring teams can manage complex, multi-cloud environments efficiently. Embracing Gateway API support helps future-proof infrastructure by providing a standardized, extensible foundation that meets the demands of evolving technologies and dynamic application needs.
Avi is Gateway API–ready today, offering:
- Advanced L4–L7 traffic management
- Guaranteed long-term support and patch cycles
- Production-validated integration with VMware Cloud Foundation (VCF), VMware vSphere Kubernetes Service (VKS), and on-prem environments
Fortify Web Security with Integrated WAF and Automated mTLS
With Ingress NGINX reaching end of life, now is a great opportunity to invest in a unified security solution rather than managing multiple separate products. An integrated approach with built-in Web Application Firewall (WAF) and mutual TLS (mTLS) support offers simpler deployment and consistent protection. It eliminates the complexity and gaps that often come with point solutions. This streamlined security model ensures compliance (PCI DSS, NIST, GDPR), easier management and stronger defense for modern Kubernetes environments.
Avi’s fully integrated WAF provides:
- Application layer protection at cluster ingress
- OWASP Top 10 Protection
- BOT Detection
- DDoS Protection
- Behavioral and signature-based detection
- API protection capabilities
- Rate Limiting
Avi simplifies and automates mTLS across services with:
- Central certificate lifecycle management
- Identity-based trust between microservices
- Policy-driven enforcement mechanisms
Stay Ahead of Quantum Threats with PQC-enabled Protection
While Ingress NGINX did not offer Post Quantum Cryptography (PQC) support and is approaching end-of-life, now is a crucial time to invest in a solution that includes this advanced security. Moving to a platform with built-in PQC capabilities ensures future-proof protection against emerging quantum threats. This proactive step strengthens your security posture and aligns with the evolving standards in Kubernetes environments.
Avi is among the first load-balancing platforms to offer:
- PQC-ready cipher support
- Hybrid cryptographic mode options
- Transition pathways aligned with NIST guidance
Reduce MTTR with Real-time Application Visibility for Kubernetes
Ingress NGINX traditionally offered limited observability, forcing teams to rely on fragmented open-source or expensive vendor tools. Now is the perfect time to consider a more comprehensive security and observability solution with built-in analytics. While Ingress NGINX has traditionally provided sparse visibility and required multiple separate tools, Avi delivers deep, unified analytics directly in the platform. This includes end-to-end latency tracking, microservice flow insights, real-time anomaly detection, and detailed security event visibility per pod, service, and client. Transitioning now ensures not only ongoing security but also richer, easier-to-manage application and security insights for Kubernetes environment
Avi Analytics helps VMware Cloud Foundation (VCF) & Infra Cloud Admins & DevOps teams:
- Troubleshoot faster
- Identify root-cause issues (network, app, TLS, or backend)
- Detect attack patterns and suspicious behaviors
- Close visibility gaps that exist across open-source ingress tools
- Ability to delegate Avi-analytics to Dev Ops team using granular RBAC reducing cross team triaging
Avi analytics is an unmatched differentiator that significantly reduces MTTR and improves operational safety.
Ensure Application Resiliency with Multi-Cluster GSLB support & Migration
Traditional ingress controllers are designed for single-cluster environments and lack native support for multi-cluster or multi-site traffic management. This means organizations must manually configure external load balancing and failover mechanisms to achieve cross-cluster resiliency. In contrast, Avi provides built-in multi-cluster, multi-AZ, and multi-site capabilities, offering centralized control, intelligent global load balancing, and seamless failover across distributed environments.
Migration: A unique benefit of Avi’s Kubernetes-native GSLB integration is its ability to enable seamless, zero-downtime workload migration across clusters. Because traffic steering is driven directly through Kubernetes objects, teams can shift applications between clusters—or even between different Kubernetes distributions like vSphere Kubernetes Service (VKS)—without disruption. This Kubernetes-driven traffic management makes cluster migrations smoother, safer, and far more automated.
Avi’s Global Server Load Balancing (GSLB) provides:
- Cross-cluster traffic distribution
- Automated failover between AZs or datacenters
- Cluster- and site-level health monitoring
- Global DNS-based routing
- Service-level load sharing across regions
- Migration of workloads between clusters, K8s flavors and more
This empowers organizations to:
- Run active-active or active-standby Kubernetes clusters
- Survive cluster, AZ, or site failures without disruption
- Seamlessly shift traffic for maintenance, upgrades and migrations.
- Enable multi-cluster applications or global microservices
With multi-cluster GSLB, Avi extends Kubernetes networking beyond the boundaries of a single cluster, giving enterprises true high availability and business continuity
Plug and Play Integration with VCF
Avi tightly integrates with VCF to provide automated, scalable, and multi-tenant L4-L7 load balancing and Kubernetes ingress services for both VM and container workloads in Kubernetes environments managed by VCF. Avi’s software-defined architecture enables seamless deployment, traffic management, and observability, simplifying operations and accelerating application delivery on Kubernetes within VCF.
Avi offers first-party integration across the VMware ecosystem:
- Avi Kubernetes Operator (AKO) embedded and fully lifecycle-managed
- Automatic VIP creation, routing, and service publishing
- VCF + VKS automation for networks, clusters, policies, and upgrades
- Consistent L4–L7 operations across VMs and containers
This drastically simplifies operations for private cloud customers.
What Should Organizations Do Now?
With only five months before Ingress NGINX archival, teams should begin their migration plans immediately:
- Inventory all clusters using Ingress NGINX
- Assess Gateway API readiness
- Evaluate enterprise-grade alternatives (Avi, VKS)
- Run a migration workshop or pilot
- Establish long-term, supported Kubernetes networking architecture
Avi aligns directly with Kubernetes’s future direction while delivering unmatched operational visibility and multi-cluster resiliency.
