The Event
March 2026. The funeral for `ingress-nginx`.
No more security patches. No more updates.
If you are SOC2 or ISO compliant, this isn’t optional. Running unpatched ingress controllers is an automatic audit failure.
Every DevOps team is currently scrambling to migrate to the Kubernetes Gateway API.
Most see this as a chore. A forced “refactor” that adds zero business value.
The Opportunity
I see a loophole.
You have to touch your routing layer anyway. You have the budget, the mandate, and the maintenance window.
This is the perfect excuse to change your architecture without asking for permission.
The Pivot
Don’t just swap the controller. Use the new capabilities.
The old Ingress object required “Annotation Hell” to do traffic splitting.
The new Gateway API makes it native.
Define a single `HTTPRoute`. Add two `backendRefs` with simple weights:
- Weight 99: Traffic goes to your existing AWS instances (Safe. Expensive).
- Weight 1: Traffic goes to a single Hetzner dedicated server running K3s (The Experiment).
This is the “Hybrid Canary.”
If the 1% fails? You revert the weight in seconds.
If the 1% works? You just proved you can run production workloads for 80% less cost, with zero risk to the business.
The CTA
Don’t waste a good crisis.
Use the mandatory migration to dip your toe into Bare Metal.
See the “Hybrid Canary” `HTTPRoute` config (Terraform snippet): [Link to Gist/Guide]
*(Comment 1)*
Proof I’m not making this up: The official Kubernetes deprecation timeline for Ingress-Nginx. Get moving. [Link to k8s.io blog]
Ready to see your savings? Our Cloud Exit Calculator compares AWS vs Hetzner in 30 seconds. Or get an Infrastructure Audit ($495) for a migration blueprint.
Curious about your potential savings?
Most teams save 40–60% on cloud compute. Use our free calculator to see exactly how much you could save.
