Cilium on Danilo Falcão da Silva

The Kubernetes Ingress Landscape in 2026: Nginx Isn't the Center Anymore

Thu, 21 May 2026 17:50:00 -0300

For about a decade, “Kubernetes ingress” effectively meant one thing: ingress-nginx, the community-maintained controller that wrapped the Nginx engine behind the Kubernetes Ingress resource. It was fine. It was the default everyone reached for. It was also, quietly, the wrong long-term shape for the problem.

That era ended in 2026. The community ingress-nginx project reached end-of-life in March 2026. The Kubernetes Gateway API, which graduated to GA on the v1.2 line, is now the forward-looking standard. Envoy Gateway is the CNCF reference implementation. Cilium does L7 routing in eBPF without a sidecar or an extra proxy. RKE2 flipped to Traefik by default in v1.36 and removes ingress-nginx entirely in v1.37.

eBPF Is Eating Kubernetes' iptables Plumbing

Wed, 20 May 2026 19:30:00 -0300

For most of Kubernetes’ life, the cluster data path has been a tower of iptables rules. Pod-to-service routing, NAT, network policy, even the way kube-proxy programs a Service IP — all of it expressed as netfilter chains evaluated linearly on every packet. It worked. It also aged badly.

In 2026, the answer the ecosystem has converged on is eBPF, and the project doing most of the convergence is Cilium. The shift is no longer aspirational: kube-proxy itself shipped an nftables mode that is expected to go GA in Kubernetes 1.33, the old IPVS backend is deprecated as of v1.35, and the major managed Kubernetes providers (EKS, GKE, AKS) all offer a Cilium-powered data plane as a first-class option. Azure CNI Powered by Cilium is GA on K8s 1.33.