NGINX Ingress Controller to Traefik Migration Guide

2025-12-03 17:04:06 +00:00 · 2025-12-03 17:04:06 +00:00 · 4b50f27d6e
commit 4b50f27d6e
parent ef03ed5875
4 changed files with 683 additions and 66 deletions
--- a/docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress-nginx.md
+++ b/docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress-nginx.md
@ -13,6 +13,8 @@ It also supports many of the [ingress-nginx](https://kubernetes.github.io/ingres
    The Kubernetes NGINX Ingress Controller project has announced its retirement in **March 2026** and will no longer receive updates or security patches.
    Traefik provides a migration path by supporting NGINX annotations, allowing you to transition your workloads without rewriting all your Ingress configurations.

+    **→ See the [NGINX to Traefik Migration Guide](../../../../migrate/nginx-to-traefik.md) for step-by-step instructions.**
+
    For more information about the NGINX Ingress Controller retirement, see the [official Kubernetes blog announcement](https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement).

 ## Ingress Discovery
@ -32,11 +34,6 @@ You can enable the Kubernetes Ingress NGINX provider as detailed below:
 ```yaml tab="File (YAML)"
 providers:
  kubernetesIngressNGINX:
-    endpoint: "https://kubernetes.default.svc"
-    token: "mytoken"
-    certAuthFilePath: "/path/to/ca.crt"
-    throttleDuration: "2s"
-
    # Namespace discovery
    watchNamespace: "default"
    # OR use namespace selector (mutually exclusive with watchNamespace)
@ -47,25 +44,10 @@ providers:
    controllerClass: "k8s.io/ingress-nginx"
    watchIngressWithoutClass: false
    ingressClassByName: false
-
-    # Status updates
-    publishService: "kube-system/traefik"
-    publishStatusAddress: "203.0.113.42"
-
-    # Default backend
-    defaultBackendService: "default/default-backend"
-
-    # Security
-    disableSvcExternalName: false
 ```

 ```toml tab="File (TOML)"
 [providers.kubernetesIngressNGINX]
-  endpoint = "https://kubernetes.default.svc"
-  token = "mytoken"
-  certAuthFilePath = "/path/to/ca.crt"
-  throttleDuration = "2s"
-
  # Namespace discovery
  watchNamespace = "default"
  # OR use namespace selector (mutually exclusive with watchNamespace)
@ -76,33 +58,15 @@ providers:
  controllerClass = "k8s.io/ingress-nginx"
  watchIngressWithoutClass = false
  ingressClassByName = false
-
-  # Status updates
-  publishService = "kube-system/traefik"
-  publishStatusAddress = "203.0.113.42"
-
-  # Default backend
-  defaultBackendService = "default/default-backend"
-
-  # Security
-  disableSvcExternalName = false
 ```

 ```bash tab="CLI"
 --providers.kubernetesingressnginx=true
--providers.kubernetesingressnginx.endpoint=https://kubernetes.default.svc
--providers.kubernetesingressnginx.token=mytoken
--providers.kubernetesingressnginx.certauthfilepath=/path/to/ca.crt
--providers.kubernetesingressnginx.throttleduration=2s
 --providers.kubernetesingressnginx.watchnamespace=default
 --providers.kubernetesingressnginx.ingressclass=nginx
 --providers.kubernetesingressnginx.controllerclass=k8s.io/ingress-nginx
 --providers.kubernetesingressnginx.watchingresswithoutclass=false
 --providers.kubernetesingressnginx.ingressclassbyname=false
--providers.kubernetesingressnginx.publishservice=kube-system/traefik
--providers.kubernetesingressnginx.publishstatusaddress=203.0.113.42
--providers.kubernetesingressnginx.defaultbackendservice=default/default-backend
--providers.kubernetesingressnginx.disablesvcexternalname=false
 ```

 ```yaml tab="Helm Chart Values"
@ -111,18 +75,6 @@ providers:
    # -- Enable Kubernetes Ingress NGINX provider
    enabled: true

-    # -- Kubernetes server endpoint (required for external cluster client)
-    endpoint: "https://kubernetes.default.svc"
-
-    # -- Kubernetes bearer token (not needed for in-cluster client)
-    token: "mytoken"
-
-    # -- Kubernetes certificate authority file path (not needed for in-cluster client)
-    certAuthFilePath: "/path/to/ca.crt"
-
-    # -- Ingress refresh throttle duration
-    throttleDuration: "2s"
-
    # Namespace discovery
    # -- Namespace the controller watches for updates to Kubernetes objects
    # When using rbac.namespaced, it will watch helm release namespace and namespaces listed in this array
@ -140,22 +92,6 @@ providers:
    watchIngressWithoutClass: false
    # -- Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class
    ingressClassByName: false
-
-    # Status updates
-    # -- Service fronting the Ingress controller
-    publishService:
-      enabled: true
-      pathOverride: "kube-system/traefik"
-    # -- Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects
-    publishStatusAddress: "203.0.113.42"
-
-    # Default backend
-    # -- Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'
-    defaultBackendService: "default/default-backend"
-
-    # Security
-    # -- Disable support for Services of type ExternalName
-    disableSvcExternalName: false
 ```

 This provider watches for incoming Ingress events and automatically translates NGINX annotations into Traefik's dynamic configuration, creating the corresponding routers, services, middlewares, and other components needed to route traffic to your cluster services.