diff --git a/content/operate/kubernetes/7.22/networking/_index.md b/content/operate/kubernetes/7.22/networking/_index.md
index b13b6ddbe3..b4e9c3e7b5 100644
--- a/content/operate/kubernetes/7.22/networking/_index.md
+++ b/content/operate/kubernetes/7.22/networking/_index.md
@@ -24,7 +24,7 @@ Connect applications to your Redis Enterprise databases:
Choose the appropriate method for your environment to enable external access:
-- [Ingress routing]({{< relref "/operate/kubernetes/7.22/networking/ingress" >}}) - Use NGINX or HAProxy ingress controllers with `ingress` API resources
+- [Ingress routing]({{< relref "/operate/kubernetes/7.22/networking/ingress" >}}) - Use HAProxy ingress controller with `ingress` API resources (the community NGINX ingress controller is retired)
- [Istio ingress routing]({{< relref "/operate/kubernetes/7.22/networking/istio-ingress" >}}) - Use Istio service mesh with `Gateway` and `VirtualService` API resources
- [OpenShift routes]({{< relref "/operate/kubernetes/7.22/networking/routes" >}}) - Use OpenShift-specific route resources for external traffic
diff --git a/content/operate/kubernetes/7.22/networking/database-connectivity.md b/content/operate/kubernetes/7.22/networking/database-connectivity.md
index 4b9012e1e7..224b693228 100644
--- a/content/operate/kubernetes/7.22/networking/database-connectivity.md
+++ b/content/operate/kubernetes/7.22/networking/database-connectivity.md
@@ -109,9 +109,9 @@ To access databases from outside the Kubernetes cluster, you need to configure e
Redis Enterprise for Kubernetes only supports the following ingress controllers for external database access:
-- NGINX Ingress - Supports SSL passthrough for Redis connections
-- HAProxy Ingress - Built-in SSL passthrough support
-- Istio Gateway - Service mesh integration with advanced traffic management
+- HAProxy Ingress - Built-in SSL passthrough support.
+- Istio Gateway - Service mesh integration with advanced traffic management.
+- Ingress-NGINX - SSL passthrough is off by default; start the controller with `--enable-ssl-passthrough`. The community `kubernetes/ingress-nginx` project is retired (maintenance ended March 2026); existing deployments only.
See [Ingress routing]({{< relref "/operate/kubernetes/7.22/networking/ingress" >}}) for detailed configuration steps.
diff --git a/content/operate/kubernetes/7.22/networking/ingress.md b/content/operate/kubernetes/7.22/networking/ingress.md
index 036b2fde68..0fad581842 100644
--- a/content/operate/kubernetes/7.22/networking/ingress.md
+++ b/content/operate/kubernetes/7.22/networking/ingress.md
@@ -12,18 +12,21 @@ weight: 5
url: '/operate/kubernetes/7.22/networking/ingress/'
---
+{{}}
+The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio as shown below, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation.
+{{}}
+
## Prerequisites
Before creating an Ingress, you'll need:
- A RedisEnterpriseDatabase (REDB) with TLS enabled for client connections
- - A supported Ingress controller with `ssl-passthrough` enabled
- - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/)
- - Be sure to use the `kubernetes/ingress-nginx` controller and NOT the `nginxinc/kubernetes-ingress` controller.
+ - An Ingress controller with `ssl-passthrough` enabled. Options include:
- [HAProxy Ingress](https://haproxy-ingress.github.io/docs/getting-started/)
+ - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/) (retired; existing deployments only)
- To use Istio for your Ingress resources, see [Configure Istio for external routing]({{< relref "/operate/kubernetes/7.22/networking/istio-ingress" >}})
-{{}}Make sure your Ingress controller has `ssl-passthrough`enabled. This is enabled by default for HAProxy, but disabled by default for NGINX. See the [NGINX User Guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details. {{}}
+{{}}Make sure your Ingress controller has `ssl-passthrough` enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the `--enable-ssl-passthrough` flag. See the [Ingress-NGINX TLS guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details.{{}}
## Create an Ingress resource
@@ -45,7 +48,7 @@ Before creating an Ingress, you'll need:
1. Create a DNS entry that resolves your chosen database hostname to the IP address for the Ingress controller's LoadBalancer.
-1. Create the Ingress resource YAML file.
+1. Create the Ingress resource YAML file.
``` YAML
apiVersion: networking.k8s.io/v1
@@ -55,6 +58,7 @@ Before creating an Ingress, you'll need:
annotations:
spec:
+ ingressClassName:
rules:
- host:
http:
@@ -66,23 +70,23 @@ Before creating an Ingress, you'll need:
name:
port:
name: redis
- ```
+ ```
- For HAProxy, insert the following into the `annotations` section:
+ Set `ingressClassName` to match the `IngressClass` your controller installed. The deprecated `kubernetes.io/ingress.class` annotation is no longer accepted by recent controller versions, so use `ingressClassName` instead.
+
+ For HAProxy, add the following annotation:
``` YAML
- kubernetes.io/ingress.class: haproxy
- ingress.kubernetes.io/ssl-passthrough: "true"
+ ingress.kubernetes.io/ssl-passthrough: "true"
```
- For NGINX, insert the following into the `annotations` section:
+ For Ingress-NGINX, add the following annotation:
``` YAML
- kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
- ```
+ ```
- The `ssl-passthrough` annotation is required to allow access to the database. The specific format changes depending on your Ingress controller and any additional customizations. See [NGINX Configuration annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress Options](https://www.haproxy.com/documentation/kubernetes/latest/configuration/ingress/) for updated annotation formats.
+ The `ssl-passthrough` annotation is required to allow access to the database. The exact format depends on your Ingress controller and any additional customizations. See [Ingress-NGINX annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress configuration keys](https://haproxy-ingress.github.io/docs/configuration/keys/) for current annotation formats.
## Test your external access
diff --git a/content/operate/kubernetes/7.22/networking/ingressorroutespec.md b/content/operate/kubernetes/7.22/networking/ingressorroutespec.md
index a9747e0927..ef5899325f 100644
--- a/content/operate/kubernetes/7.22/networking/ingressorroutespec.md
+++ b/content/operate/kubernetes/7.22/networking/ingressorroutespec.md
@@ -12,25 +12,29 @@ url: '/operate/kubernetes/7.22/networking/ingressorroutespec/'
---
An Ingress is an API resource that provides a standardized and flexible way to manage external access to services running within a Kubernetes cluster.
+{{}}
+The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation.
+{{}}
+
## Install Ingress controller
Redis Enterprise for Kubernetes supports the Ingress controllers below:
* [HAProxy](https://haproxy-ingress.github.io/)
-* [NGINX](https://kubernetes.github.io/ingress-nginx/)
* [Istio](https://istio.io/latest/docs/setup/getting-started/)
+* [Ingress-NGINX](https://kubernetes.github.io/ingress-nginx/) (retired; existing deployments only)
OpenShift users can use [routes]({{< relref "/operate/kubernetes/7.22/networking/routes" >}}) instead of an Ingress.
-Install your chosen Ingress controller, making sure `ssl-passthrough` is enabled. `ssl-passthrough` is turned off by default for NGINX but enabled by default for HAProxy.
+Install your chosen Ingress controller, making sure `ssl-passthrough` is enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the `--enable-ssl-passthrough` flag.
## Configure DNS
-1. Choose the hostname (FQDN) you will use to access your database according to the recommended naming conventions below, replacing `` with your own values.
+1. Choose the API hostname and database hostname suffix you will use, replacing `` with your own values. The recommended formats are:
+
+ * REC API hostname (`apiFqdnUrl`): `api--.`
+ * Database hostname suffix (`dbFqdnSuffix`): `-db--.`
- REC API hostname: `api--.`
- REAADB hostname: `-db--.`
-
- We recommend using a wildcard (`*`) in place of the database name, followed by the hostname suffix.
+ The operator appends each database name to `dbFqdnSuffix` to build the per-database hostname. For example, a database named `mydb` with the suffix above resolves to `mydb-db--.`. For the wildcard DNS record, use `*` in place of the database name followed by the suffix.
1. Retrieve the `EXTERNAL-IP` of your Ingress controller's `LoadBalancer` service.
@@ -60,17 +64,18 @@ Edit the RedisEnterpriseCluster (REC) spec to add the `ingressOrRouteSpec` field
* Add any additional annotations required for your ingress controller. See [NGINX docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) or [HAproxy docs](https://haproxy-ingress.github.io/docs/configuration/keys/) for more information.
```sh
-kubectl patch rec --type merge --patch "{\"spec\": \
+kubectl patch rec --type merge --patch "{\"spec\": \
{\"ingressOrRouteSpec\": \
{\"apiFqdnUrl\": \"api--.example.com\", \
\"dbFqdnSuffix\": \"-db--.example.com\", \
\"ingressAnnotations\": \
- {\".io/ingress.class\": \
- \"\", \
- \"/ssl-passthrough\": \ \"true\"}, \
+ {\"kubernetes.io/ingress.class\": \"\", \
+ \"/ssl-passthrough\": \"true\"}, \
\"method\": \"ingress\"}}}"
```
+Set `` to `haproxy` or `nginx`. The operator validates that `ingressAnnotations` includes `kubernetes.io/ingress.class` and is the only annotation key it requires; add any other controller-specific annotations alongside it.
+
### OpenShift routes
* Define the REC API hostname (`apiFqdnUrl`) and database hostname suffix (`dbFqdnSuffix`) you chose when configuring DNS.
diff --git a/content/operate/kubernetes/7.22/networking/istio-ingress.md b/content/operate/kubernetes/7.22/networking/istio-ingress.md
index 50ea707a00..a46ac9d6ee 100644
--- a/content/operate/kubernetes/7.22/networking/istio-ingress.md
+++ b/content/operate/kubernetes/7.22/networking/istio-ingress.md
@@ -57,7 +57,7 @@ To configure Istio to work with the Redis Kubernetes operator, we will use two c
1. On a different namespace from `istio-system`, create a `Gateway` custom resource file (`redis-gateway.yaml` in this example).
- Replace `.istio.k8s.my.example.com` with the domain that matches your DNS record.
- - Replace `` with the label set on your Istio ingress gateway pod (most common is `istio: ingress`).
+ - Replace `` with the label set on your Istio ingress gateway pod. A default `istioctl install` deploys the gateway with label `istio: ingressgateway`.
- TLS passthrough mode is required to allow secure access to the database.
```yaml
@@ -72,9 +72,9 @@ To configure Istio to work with the Redis Kubernetes operator, we will use two c
- hosts:
- '*.istio.k8s.my.example.com'
port:
- name: https
+ name: tls
number: 443
- protocol: HTTPS
+ protocol: TLS
tls:
mode: PASSTHROUGH
```
diff --git a/content/operate/kubernetes/7.4.6/networking/_index.md b/content/operate/kubernetes/7.4.6/networking/_index.md
index 79f84192e5..9f8496fbc8 100644
--- a/content/operate/kubernetes/7.4.6/networking/_index.md
+++ b/content/operate/kubernetes/7.4.6/networking/_index.md
@@ -14,7 +14,7 @@ url: '/operate/kubernetes/7.4.6/networking/'
Redis Enterprise for Kubernetes supports several ways to route external traffic to your RedisEnterpriseCluster:
-- Ingress controllers [HAProxy](https://haproxy-ingress.github.io/) and [NGINX](https://kubernetes.github.io/ingress-nginx/) require an `ingress` API resource.
+- Ingress controllers [HAProxy](https://haproxy-ingress.github.io/) and [Ingress-NGINX](https://kubernetes.github.io/ingress-nginx/) (retired; existing deployments only) require an `ingress` API resource.
- [Istio](https://istio.io/latest/docs/setup/getting-started/) requires `Gateway` and `VirtualService` API resources.
- OpenShift uses [routes]({{< relref "/operate/kubernetes/7.4.6/networking/routes.md" >}}) to route external traffic.
- The RedisEnterpriseActiveActiveDatabase (REAADB) requires any of the above routing methods to be configured in the RedisEnterpriseCluster (REC) with the `ingressOrRouteSpec` field.
@@ -27,7 +27,7 @@ Redis Enterprise supports three [types of services](https://kubernetes.io/docs/c
By default, the operator creates a `ClusterIP` type service, which exposes a cluster-internal IP and that can only be accessed from within the K8s cluster. For requests to be routed from outside the K8s cluster, you need an [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) (or [route](https://docs.openshift.com/container-platform/4.12/networking/routes/route-configuration.html) if you are using OpenShift). See [kubernetes.io](https://kubernetes.io/docs/) for more details on [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) and [Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/).
-* To use NGINX or HAProxy Ingress controllers, see [Ingress routing]({{< relref "/operate/kubernetes/7.4.6/networking/ingress.md" >}}).
+* To use HAProxy as an Ingress controller, see [Ingress routing]({{< relref "/operate/kubernetes/7.4.6/networking/ingress.md" >}}). The community NGINX ingress controller is retired.
* To use OpenShift routes, see [OpenShift routes]({{< relref "/operate/kubernetes/7.4.6/networking/routes.md" >}}).
* To use Istio as an Ingress controller, see [Istio Ingress routing]({{< relref "/operate/kubernetes/7.4.6/networking/istio-ingress.md" >}})
diff --git a/content/operate/kubernetes/7.4.6/networking/ingress.md b/content/operate/kubernetes/7.4.6/networking/ingress.md
index 6c7f30ee57..b5b535c142 100644
--- a/content/operate/kubernetes/7.4.6/networking/ingress.md
+++ b/content/operate/kubernetes/7.4.6/networking/ingress.md
@@ -12,18 +12,21 @@ weight: 5
url: '/operate/kubernetes/7.4.6/networking/ingress/'
---
+{{}}
+The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio as shown below, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation.
+{{}}
+
## Prerequisites
Before creating an Ingress, you'll need:
- A RedisEnterpriseDatabase (REDB) with TLS enabled for client connections
- - A supported Ingress controller with `ssl-passthrough` enabled
- - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/)
- - Be sure to use the `kubernetes/ingress-nginx` controller and NOT the `nginxinc/kubernetes-ingress` controller.
+ - An Ingress controller with `ssl-passthrough` enabled. Options include:
- [HAProxy Ingress](https://haproxy-ingress.github.io/docs/getting-started/)
+ - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/) (retired; existing deployments only)
- To use Istio for your Ingress resources, see [Configure Istio for external routing]({{< relref "/operate/kubernetes/7.4.6/networking/istio-ingress.md" >}})
-{{}}Make sure your Ingress controller has `ssl-passthrough`enabled. This is enabled by default for HAProxy, but disabled by default for NGINX. See the [NGINX User Guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details. {{}}
+{{}}Make sure your Ingress controller has `ssl-passthrough` enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the `--enable-ssl-passthrough` flag. See the [Ingress-NGINX TLS guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details.{{}}
## Create an Ingress resource
@@ -45,7 +48,7 @@ Before creating an Ingress, you'll need:
1. Create a DNS entry that resolves your chosen database hostname to the IP address for the Ingress controller's LoadBalancer.
-1. Create the Ingress resource YAML file.
+1. Create the Ingress resource YAML file.
``` YAML
apiVersion: networking.k8s.io/v1
@@ -55,6 +58,7 @@ Before creating an Ingress, you'll need:
annotations:
spec:
+ ingressClassName:
rules:
- host:
http:
@@ -66,23 +70,23 @@ Before creating an Ingress, you'll need:
name:
port:
name: redis
- ```
+ ```
- For HAProxy, insert the following into the `annotations` section:
+ Set `ingressClassName` to match the `IngressClass` your controller installed. The deprecated `kubernetes.io/ingress.class` annotation is no longer accepted by recent controller versions, so use `ingressClassName` instead.
+
+ For HAProxy, add the following annotation:
``` YAML
- kubernetes.io/ingress.class: haproxy
- ingress.kubernetes.io/ssl-passthrough: "true"
+ ingress.kubernetes.io/ssl-passthrough: "true"
```
- For NGINX, insert the following into the `annotations` section:
+ For Ingress-NGINX, add the following annotation:
``` YAML
- kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
- ```
+ ```
- The `ssl-passthrough` annotation is required to allow access to the database. The specific format changes depending on your Ingress controller and any additional customizations. See [NGINX Configuration annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress Options](https://www.haproxy.com/documentation/kubernetes/latest/configuration/ingress/) for updated annotation formats.
+ The `ssl-passthrough` annotation is required to allow access to the database. The exact format depends on your Ingress controller and any additional customizations. See [Ingress-NGINX annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress configuration keys](https://haproxy-ingress.github.io/docs/configuration/keys/) for current annotation formats.
## Test your external access
diff --git a/content/operate/kubernetes/7.4.6/networking/ingressorroutespec.md b/content/operate/kubernetes/7.4.6/networking/ingressorroutespec.md
index daf1ca803c..45d659336f 100644
--- a/content/operate/kubernetes/7.4.6/networking/ingressorroutespec.md
+++ b/content/operate/kubernetes/7.4.6/networking/ingressorroutespec.md
@@ -12,25 +12,29 @@ url: '/operate/kubernetes/7.4.6/networking/ingressorroutespec/'
---
An Ingress is an API resource that provides a standardized and flexible way to manage external access to services running within a Kubernetes cluster.
+{{}}
+The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation.
+{{}}
+
## Install Ingress controller
Redis Enterprise for Kubernetes supports the Ingress controllers below:
* [HAProxy](https://haproxy-ingress.github.io/)
-* [NGINX](https://kubernetes.github.io/ingress-nginx/)
* [Istio](https://istio.io/latest/docs/setup/getting-started/)
+* [Ingress-NGINX](https://kubernetes.github.io/ingress-nginx/) (retired; existing deployments only)
OpenShift users can use [routes]({{< relref "/operate/kubernetes/7.4.6/networking/routes.md" >}}) instead of an Ingress.
-Install your chosen Ingress controller, making sure `ssl-passthrough` is enabled. `ssl-passthrough` is turned off by default for NGINX but enabled by default for HAProxy.
+Install your chosen Ingress controller, making sure `ssl-passthrough` is enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the `--enable-ssl-passthrough` flag.
## Configure DNS
-1. Choose the hostname (FQDN) you will use to access your database according to the recommended naming conventions below, replacing `` with your own values.
+1. Choose the API hostname and database hostname suffix you will use, replacing `` with your own values. The recommended formats are:
+
+ * REC API hostname (`apiFqdnUrl`): `api--.`
+ * Database hostname suffix (`dbFqdnSuffix`): `-db--.`
- REC API hostname: `api--.`
- REAADB hostname: `-db--.`
-
- We recommend using a wildcard (`*`) in place of the database name, followed by the hostname suffix.
+ The operator appends each database name to `dbFqdnSuffix` to build the per-database hostname. For example, a database named `mydb` with the suffix above resolves to `mydb-db--.`. For the wildcard DNS record, use `*` in place of the database name followed by the suffix.
1. Retrieve the `EXTERNAL-IP` of your Ingress controller's `LoadBalancer` service.
@@ -60,17 +64,18 @@ Edit the RedisEnterpriseCluster (REC) spec to add the `ingressOrRouteSpec` field
* Add any additional annotations required for your ingress controller. See [NGINX docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) or [HAproxy docs](https://haproxy-ingress.github.io/docs/configuration/keys/) for more information.
```sh
-kubectl patch rec --type merge --patch "{\"spec\": \
+kubectl patch rec --type merge --patch "{\"spec\": \
{\"ingressOrRouteSpec\": \
{\"apiFqdnUrl\": \"api--.example.com\", \
\"dbFqdnSuffix\": \"-db--.example.com\", \
\"ingressAnnotations\": \
- {\".io/ingress.class\": \
- \"\", \
- \"/ssl-passthrough\": \ \"true\"}, \
+ {\"kubernetes.io/ingress.class\": \"\", \
+ \"/ssl-passthrough\": \"true\"}, \
\"method\": \"ingress\"}}}"
```
+Set `` to `haproxy` or `nginx`. The operator validates that `ingressAnnotations` includes `kubernetes.io/ingress.class` and is the only annotation key it requires; add any other controller-specific annotations alongside it.
+
### OpenShift routes
* Define the REC API hostname (`apiFqdnUrl`) and database hostname suffix (`dbFqdnSuffix`) you chose when configuring DNS.
diff --git a/content/operate/kubernetes/7.4.6/networking/istio-ingress.md b/content/operate/kubernetes/7.4.6/networking/istio-ingress.md
index e1e09ec859..8a1f504b31 100644
--- a/content/operate/kubernetes/7.4.6/networking/istio-ingress.md
+++ b/content/operate/kubernetes/7.4.6/networking/istio-ingress.md
@@ -57,7 +57,7 @@ To configure Istio to work with the Redis Kubernetes operator, we will use two c
1. On a different namespace from `istio-system`, create a `Gateway` custom resource file (`redis-gateway.yaml` in this example).
- Replace `.istio.k8s.my.example.com` with the domain that matches your DNS record.
- - Replace `` with the label set on your Istio ingress gateway pod (most common is `istio: ingress`).
+ - Replace `` with the label set on your Istio ingress gateway pod. A default `istioctl install` deploys the gateway with label `istio: ingressgateway`.
- TLS passthrough mode is required to allow secure access to the database.
```yaml
@@ -72,9 +72,9 @@ To configure Istio to work with the Redis Kubernetes operator, we will use two c
- hosts:
- '*.istio.k8s.my.example.com'
port:
- name: https
+ name: tls
number: 443
- protocol: HTTPS
+ protocol: TLS
tls:
mode: PASSTHROUGH
```
diff --git a/content/operate/kubernetes/7.8.4/networking/_index.md b/content/operate/kubernetes/7.8.4/networking/_index.md
index 8b9b5de4e8..1006c1581f 100644
--- a/content/operate/kubernetes/7.8.4/networking/_index.md
+++ b/content/operate/kubernetes/7.8.4/networking/_index.md
@@ -14,7 +14,7 @@ url: '/operate/kubernetes/7.8.4/networking/'
Redis Enterprise for Kubernetes supports several ways to route external traffic to your RedisEnterpriseCluster:
-- Ingress controllers [HAProxy](https://haproxy-ingress.github.io/) and [NGINX](https://kubernetes.github.io/ingress-nginx/) require an `ingress` API resource.
+- Ingress controllers [HAProxy](https://haproxy-ingress.github.io/) and [Ingress-NGINX](https://kubernetes.github.io/ingress-nginx/) (retired; existing deployments only) require an `ingress` API resource.
- [Istio](https://istio.io/latest/docs/setup/getting-started/) requires `Gateway` and `VirtualService` API resources.
- OpenShift uses [routes]({{< relref "/operate/kubernetes/7.8.4/networking/routes.md" >}}) to route external traffic.
- The RedisEnterpriseActiveActiveDatabase (REAADB) requires any of the above routing methods to be configured in the RedisEnterpriseCluster (REC) with the `ingressOrRouteSpec` field.
@@ -27,7 +27,7 @@ Redis Enterprise supports three [types of services](https://kubernetes.io/docs/c
By default, the operator creates a `ClusterIP` type service, which exposes a cluster-internal IP and that can only be accessed from within the K8s cluster. For requests to be routed from outside the K8s cluster, you need an [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) (or [route](https://docs.openshift.com/container-platform/4.12/networking/routes/route-configuration.html) if you are using OpenShift). See [kubernetes.io](https://kubernetes.io/docs/) for more details on [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) and [Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/).
-* To use NGINX or HAProxy Ingress controllers, see [Ingress routing]({{< relref "/operate/kubernetes/7.8.4/networking/ingress.md" >}}).
+* To use HAProxy as an Ingress controller, see [Ingress routing]({{< relref "/operate/kubernetes/7.8.4/networking/ingress.md" >}}). The community NGINX ingress controller is retired.
* To use OpenShift routes, see [OpenShift routes]({{< relref "/operate/kubernetes/7.8.4/networking/routes.md" >}}).
* To use Istio as an Ingress controller, see [Istio Ingress routing]({{< relref "/operate/kubernetes/7.8.4/networking/istio-ingress.md" >}})
diff --git a/content/operate/kubernetes/7.8.4/networking/ingress.md b/content/operate/kubernetes/7.8.4/networking/ingress.md
index db6514c1cc..8af0e8f53a 100644
--- a/content/operate/kubernetes/7.8.4/networking/ingress.md
+++ b/content/operate/kubernetes/7.8.4/networking/ingress.md
@@ -12,18 +12,21 @@ weight: 5
url: '/operate/kubernetes/7.8.4/networking/ingress/'
---
+{{}}
+The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio as shown below, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation.
+{{}}
+
## Prerequisites
Before creating an Ingress, you'll need:
- A RedisEnterpriseDatabase (REDB) with TLS enabled for client connections
- - A supported Ingress controller with `ssl-passthrough` enabled
- - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/)
- - Be sure to use the `kubernetes/ingress-nginx` controller and NOT the `nginxinc/kubernetes-ingress` controller.
+ - An Ingress controller with `ssl-passthrough` enabled. Options include:
- [HAProxy Ingress](https://haproxy-ingress.github.io/docs/getting-started/)
+ - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/) (retired; existing deployments only)
- To use Istio for your Ingress resources, see [Configure Istio for external routing]({{< relref "/operate/kubernetes/7.8.4/networking/istio-ingress.md" >}})
-{{}}Make sure your Ingress controller has `ssl-passthrough`enabled. This is enabled by default for HAProxy, but disabled by default for NGINX. See the [NGINX User Guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details. {{}}
+{{}}Make sure your Ingress controller has `ssl-passthrough` enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the `--enable-ssl-passthrough` flag. See the [Ingress-NGINX TLS guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details.{{}}
## Create an Ingress resource
@@ -45,7 +48,7 @@ Before creating an Ingress, you'll need:
1. Create a DNS entry that resolves your chosen database hostname to the IP address for the Ingress controller's LoadBalancer.
-1. Create the Ingress resource YAML file.
+1. Create the Ingress resource YAML file.
``` YAML
apiVersion: networking.k8s.io/v1
@@ -55,6 +58,7 @@ Before creating an Ingress, you'll need:
annotations:
spec:
+ ingressClassName:
rules:
- host:
http:
@@ -66,23 +70,23 @@ Before creating an Ingress, you'll need:
name:
port:
name: redis
- ```
+ ```
- For HAProxy, insert the following into the `annotations` section:
+ Set `ingressClassName` to match the `IngressClass` your controller installed. The deprecated `kubernetes.io/ingress.class` annotation is no longer accepted by recent controller versions, so use `ingressClassName` instead.
+
+ For HAProxy, add the following annotation:
``` YAML
- kubernetes.io/ingress.class: haproxy
- ingress.kubernetes.io/ssl-passthrough: "true"
+ ingress.kubernetes.io/ssl-passthrough: "true"
```
- For NGINX, insert the following into the `annotations` section:
+ For Ingress-NGINX, add the following annotation:
``` YAML
- kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
- ```
+ ```
- The `ssl-passthrough` annotation is required to allow access to the database. The specific format changes depending on your Ingress controller and any additional customizations. See [NGINX Configuration annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress Options](https://www.haproxy.com/documentation/kubernetes/latest/configuration/ingress/) for updated annotation formats.
+ The `ssl-passthrough` annotation is required to allow access to the database. The exact format depends on your Ingress controller and any additional customizations. See [Ingress-NGINX annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress configuration keys](https://haproxy-ingress.github.io/docs/configuration/keys/) for current annotation formats.
## Test your external access
diff --git a/content/operate/kubernetes/7.8.4/networking/ingressorroutespec.md b/content/operate/kubernetes/7.8.4/networking/ingressorroutespec.md
index 22b0cd394d..b61c84c049 100644
--- a/content/operate/kubernetes/7.8.4/networking/ingressorroutespec.md
+++ b/content/operate/kubernetes/7.8.4/networking/ingressorroutespec.md
@@ -12,25 +12,29 @@ url: '/operate/kubernetes/7.8.4/networking/ingressorroutespec/'
---
An Ingress is an API resource that provides a standardized and flexible way to manage external access to services running within a Kubernetes cluster.
+{{}}
+The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation.
+{{}}
+
## Install Ingress controller
Redis Enterprise for Kubernetes supports the Ingress controllers below:
* [HAProxy](https://haproxy-ingress.github.io/)
-* [NGINX](https://kubernetes.github.io/ingress-nginx/)
* [Istio](https://istio.io/latest/docs/setup/getting-started/)
+* [Ingress-NGINX](https://kubernetes.github.io/ingress-nginx/) (retired; existing deployments only)
OpenShift users can use [routes]({{< relref "/operate/kubernetes/7.8.4/networking/routes.md" >}}) instead of an Ingress.
-Install your chosen Ingress controller, making sure `ssl-passthrough` is enabled. `ssl-passthrough` is turned off by default for NGINX but enabled by default for HAProxy.
+Install your chosen Ingress controller, making sure `ssl-passthrough` is enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the `--enable-ssl-passthrough` flag.
## Configure DNS
-1. Choose the hostname (FQDN) you will use to access your database according to the recommended naming conventions below, replacing `` with your own values.
+1. Choose the API hostname and database hostname suffix you will use, replacing `` with your own values. The recommended formats are:
+
+ * REC API hostname (`apiFqdnUrl`): `api--.`
+ * Database hostname suffix (`dbFqdnSuffix`): `-db--.`
- REC API hostname: `api--.`
- REAADB hostname: `-db--.`
-
- We recommend using a wildcard (`*`) in place of the database name, followed by the hostname suffix.
+ The operator appends each database name to `dbFqdnSuffix` to build the per-database hostname. For example, a database named `mydb` with the suffix above resolves to `mydb-db--.`. For the wildcard DNS record, use `*` in place of the database name followed by the suffix.
1. Retrieve the `EXTERNAL-IP` of your Ingress controller's `LoadBalancer` service.
@@ -60,17 +64,18 @@ Edit the RedisEnterpriseCluster (REC) spec to add the `ingressOrRouteSpec` field
* Add any additional annotations required for your ingress controller. See [NGINX docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) or [HAproxy docs](https://haproxy-ingress.github.io/docs/configuration/keys/) for more information.
```sh
-kubectl patch rec --type merge --patch "{\"spec\": \
+kubectl patch rec --type merge --patch "{\"spec\": \
{\"ingressOrRouteSpec\": \
{\"apiFqdnUrl\": \"api--.example.com\", \
\"dbFqdnSuffix\": \"-db--.example.com\", \
\"ingressAnnotations\": \
- {\".io/ingress.class\": \
- \"\", \
- \"/ssl-passthrough\": \ \"true\"}, \
+ {\"kubernetes.io/ingress.class\": \"\", \
+ \"/ssl-passthrough\": \"true\"}, \
\"method\": \"ingress\"}}}"
```
+Set `` to `haproxy` or `nginx`. The operator validates that `ingressAnnotations` includes `kubernetes.io/ingress.class` and is the only annotation key it requires; add any other controller-specific annotations alongside it.
+
### OpenShift routes
* Define the REC API hostname (`apiFqdnUrl`) and database hostname suffix (`dbFqdnSuffix`) you chose when configuring DNS.
diff --git a/content/operate/kubernetes/7.8.4/networking/istio-ingress.md b/content/operate/kubernetes/7.8.4/networking/istio-ingress.md
index 2b8869a237..3625ef5e66 100644
--- a/content/operate/kubernetes/7.8.4/networking/istio-ingress.md
+++ b/content/operate/kubernetes/7.8.4/networking/istio-ingress.md
@@ -57,7 +57,7 @@ To configure Istio to work with the Redis Kubernetes operator, we will use two c
1. On a different namespace from `istio-system`, create a `Gateway` custom resource file (`redis-gateway.yaml` in this example).
- Replace `.istio.k8s.my.example.com` with the domain that matches your DNS record.
- - Replace `` with the label set on your Istio ingress gateway pod (most common is `istio: ingress`).
+ - Replace `` with the label set on your Istio ingress gateway pod. A default `istioctl install` deploys the gateway with label `istio: ingressgateway`.
- TLS passthrough mode is required to allow secure access to the database.
```yaml
@@ -72,9 +72,9 @@ To configure Istio to work with the Redis Kubernetes operator, we will use two c
- hosts:
- '*.istio.k8s.my.example.com'
port:
- name: https
+ name: tls
number: 443
- protocol: HTTPS
+ protocol: TLS
tls:
mode: PASSTHROUGH
```
diff --git a/content/operate/kubernetes/7.8.6/networking/_index.md b/content/operate/kubernetes/7.8.6/networking/_index.md
index 430cd2bd33..435c3c5967 100644
--- a/content/operate/kubernetes/7.8.6/networking/_index.md
+++ b/content/operate/kubernetes/7.8.6/networking/_index.md
@@ -14,7 +14,7 @@ url: '/operate/kubernetes/7.8.6/networking/'
Redis Enterprise for Kubernetes supports several ways to route external traffic to your RedisEnterpriseCluster:
-- Ingress controllers [HAProxy](https://haproxy-ingress.github.io/) and [NGINX](https://kubernetes.github.io/ingress-nginx/) require an `ingress` API resource.
+- Ingress controllers [HAProxy](https://haproxy-ingress.github.io/) and [Ingress-NGINX](https://kubernetes.github.io/ingress-nginx/) (retired; existing deployments only) require an `ingress` API resource.
- [Istio](https://istio.io/latest/docs/setup/getting-started/) requires `Gateway` and `VirtualService` API resources.
- OpenShift uses [routes]({{< relref "/operate/kubernetes/7.8.6/networking/routes.md" >}}) to route external traffic.
- The RedisEnterpriseActiveActiveDatabase (REAADB) requires any of the above routing methods to be configured in the RedisEnterpriseCluster (REC) with the `ingressOrRouteSpec` field.
@@ -27,7 +27,7 @@ Redis Enterprise supports three [types of services](https://kubernetes.io/docs/c
By default, the operator creates a `ClusterIP` type service, which exposes a cluster-internal IP and that can only be accessed from within the K8s cluster. For requests to be routed from outside the K8s cluster, you need an [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) (or [route](https://docs.openshift.com/container-platform/4.12/networking/routes/route-configuration.html) if you are using OpenShift). See [kubernetes.io](https://kubernetes.io/docs/) for more details on [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) and [Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/).
-* To use NGINX or HAProxy Ingress controllers, see [Ingress routing]({{< relref "/operate/kubernetes/7.8.6/networking/ingress.md" >}}).
+* To use HAProxy as an Ingress controller, see [Ingress routing]({{< relref "/operate/kubernetes/7.8.6/networking/ingress.md" >}}). The community NGINX ingress controller is retired.
* To use OpenShift routes, see [OpenShift routes]({{< relref "/operate/kubernetes/7.8.6/networking/routes.md" >}}).
* To use Istio as an Ingress controller, see [Istio Ingress routing]({{< relref "/operate/kubernetes/7.8.6/networking/istio-ingress.md" >}})
diff --git a/content/operate/kubernetes/7.8.6/networking/ingress.md b/content/operate/kubernetes/7.8.6/networking/ingress.md
index 56e1de50b1..39e18c6b76 100644
--- a/content/operate/kubernetes/7.8.6/networking/ingress.md
+++ b/content/operate/kubernetes/7.8.6/networking/ingress.md
@@ -12,18 +12,21 @@ weight: 5
url: '/operate/kubernetes/7.8.6/networking/ingress/'
---
+{{}}
+The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio as shown below, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation.
+{{}}
+
## Prerequisites
Before creating an Ingress, you'll need:
- A RedisEnterpriseDatabase (REDB) with TLS enabled for client connections
- - A supported Ingress controller with `ssl-passthrough` enabled
- - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/)
- - Be sure to use the `kubernetes/ingress-nginx` controller and NOT the `nginxinc/kubernetes-ingress` controller.
+ - An Ingress controller with `ssl-passthrough` enabled. Options include:
- [HAProxy Ingress](https://haproxy-ingress.github.io/docs/getting-started/)
+ - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/) (retired; existing deployments only)
- To use Istio for your Ingress resources, see [Configure Istio for external routing]({{< relref "/operate/kubernetes/7.8.6/networking/istio-ingress.md" >}})
-{{}}Make sure your Ingress controller has `ssl-passthrough`enabled. This is enabled by default for HAProxy, but disabled by default for NGINX. See the [NGINX User Guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details. {{}}
+{{}}Make sure your Ingress controller has `ssl-passthrough` enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the `--enable-ssl-passthrough` flag. See the [Ingress-NGINX TLS guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details.{{}}
## Create an Ingress resource
@@ -45,7 +48,7 @@ Before creating an Ingress, you'll need:
1. Create a DNS entry that resolves your chosen database hostname to the IP address for the Ingress controller's LoadBalancer.
-1. Create the Ingress resource YAML file.
+1. Create the Ingress resource YAML file.
``` YAML
apiVersion: networking.k8s.io/v1
@@ -55,6 +58,7 @@ Before creating an Ingress, you'll need:
annotations:
spec:
+ ingressClassName:
rules:
- host:
http:
@@ -66,23 +70,23 @@ Before creating an Ingress, you'll need:
name:
port:
name: redis
- ```
+ ```
- For HAProxy, insert the following into the `annotations` section:
+ Set `ingressClassName` to match the `IngressClass` your controller installed. The deprecated `kubernetes.io/ingress.class` annotation is no longer accepted by recent controller versions, so use `ingressClassName` instead.
+
+ For HAProxy, add the following annotation:
``` YAML
- kubernetes.io/ingress.class: haproxy
- ingress.kubernetes.io/ssl-passthrough: "true"
+ ingress.kubernetes.io/ssl-passthrough: "true"
```
- For NGINX, insert the following into the `annotations` section:
+ For Ingress-NGINX, add the following annotation:
``` YAML
- kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
- ```
+ ```
- The `ssl-passthrough` annotation is required to allow access to the database. The specific format changes depending on your Ingress controller and any additional customizations. See [NGINX Configuration annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress Options](https://www.haproxy.com/documentation/kubernetes/latest/configuration/ingress/) for updated annotation formats.
+ The `ssl-passthrough` annotation is required to allow access to the database. The exact format depends on your Ingress controller and any additional customizations. See [Ingress-NGINX annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress configuration keys](https://haproxy-ingress.github.io/docs/configuration/keys/) for current annotation formats.
## Test your external access
diff --git a/content/operate/kubernetes/7.8.6/networking/ingressorroutespec.md b/content/operate/kubernetes/7.8.6/networking/ingressorroutespec.md
index 787bf64f25..bb258fcc7e 100644
--- a/content/operate/kubernetes/7.8.6/networking/ingressorroutespec.md
+++ b/content/operate/kubernetes/7.8.6/networking/ingressorroutespec.md
@@ -12,25 +12,29 @@ url: '/operate/kubernetes/7.8.6/networking/ingressorroutespec/'
---
An Ingress is an API resource that provides a standardized and flexible way to manage external access to services running within a Kubernetes cluster.
+{{}}
+The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation.
+{{}}
+
## Install Ingress controller
Redis Enterprise for Kubernetes supports the Ingress controllers below:
* [HAProxy](https://haproxy-ingress.github.io/)
-* [NGINX](https://kubernetes.github.io/ingress-nginx/)
* [Istio](https://istio.io/latest/docs/setup/getting-started/)
+* [Ingress-NGINX](https://kubernetes.github.io/ingress-nginx/) (retired; existing deployments only)
OpenShift users can use [routes]({{< relref "/operate/kubernetes/7.8.6/networking/routes.md" >}}) instead of an Ingress.
-Install your chosen Ingress controller, making sure `ssl-passthrough` is enabled. `ssl-passthrough` is turned off by default for NGINX but enabled by default for HAProxy.
+Install your chosen Ingress controller, making sure `ssl-passthrough` is enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the `--enable-ssl-passthrough` flag.
## Configure DNS
-1. Choose the hostname (FQDN) you will use to access your database according to the recommended naming conventions below, replacing `` with your own values.
+1. Choose the API hostname and database hostname suffix you will use, replacing `` with your own values. The recommended formats are:
+
+ * REC API hostname (`apiFqdnUrl`): `api--.`
+ * Database hostname suffix (`dbFqdnSuffix`): `-db--.`
- REC API hostname: `api--.`
- REAADB hostname: `-db--.`
-
- We recommend using a wildcard (`*`) in place of the database name, followed by the hostname suffix.
+ The operator appends each database name to `dbFqdnSuffix` to build the per-database hostname. For example, a database named `mydb` with the suffix above resolves to `mydb-db--.`. For the wildcard DNS record, use `*` in place of the database name followed by the suffix.
1. Retrieve the `EXTERNAL-IP` of your Ingress controller's `LoadBalancer` service.
@@ -60,17 +64,18 @@ Edit the RedisEnterpriseCluster (REC) spec to add the `ingressOrRouteSpec` field
* Add any additional annotations required for your ingress controller. See [NGINX docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) or [HAproxy docs](https://haproxy-ingress.github.io/docs/configuration/keys/) for more information.
```sh
-kubectl patch rec --type merge --patch "{\"spec\": \
+kubectl patch rec --type merge --patch "{\"spec\": \
{\"ingressOrRouteSpec\": \
{\"apiFqdnUrl\": \"api--.example.com\", \
\"dbFqdnSuffix\": \"-db--.example.com\", \
\"ingressAnnotations\": \
- {\".io/ingress.class\": \
- \"\", \
- \"/ssl-passthrough\": \ \"true\"}, \
+ {\"kubernetes.io/ingress.class\": \"\", \
+ \"/ssl-passthrough\": \"true\"}, \
\"method\": \"ingress\"}}}"
```
+Set `` to `haproxy` or `nginx`. The operator validates that `ingressAnnotations` includes `kubernetes.io/ingress.class` and is the only annotation key it requires; add any other controller-specific annotations alongside it.
+
### OpenShift routes
* Define the REC API hostname (`apiFqdnUrl`) and database hostname suffix (`dbFqdnSuffix`) you chose when configuring DNS.
diff --git a/content/operate/kubernetes/7.8.6/networking/istio-ingress.md b/content/operate/kubernetes/7.8.6/networking/istio-ingress.md
index d76333b908..0f26b2ea42 100644
--- a/content/operate/kubernetes/7.8.6/networking/istio-ingress.md
+++ b/content/operate/kubernetes/7.8.6/networking/istio-ingress.md
@@ -57,7 +57,7 @@ To configure Istio to work with the Redis Kubernetes operator, we will use two c
1. On a different namespace from `istio-system`, create a `Gateway` custom resource file (`redis-gateway.yaml` in this example).
- Replace `.istio.k8s.my.example.com` with the domain that matches your DNS record.
- - Replace `` with the label set on your Istio ingress gateway pod (most common is `istio: ingress`).
+ - Replace `` with the label set on your Istio ingress gateway pod. A default `istioctl install` deploys the gateway with label `istio: ingressgateway`.
- TLS passthrough mode is required to allow secure access to the database.
```yaml
@@ -72,9 +72,9 @@ To configure Istio to work with the Redis Kubernetes operator, we will use two c
- hosts:
- '*.istio.k8s.my.example.com'
port:
- name: https
+ name: tls
number: 443
- protocol: HTTPS
+ protocol: TLS
tls:
mode: PASSTHROUGH
```
diff --git a/content/operate/kubernetes/networking/_index.md b/content/operate/kubernetes/networking/_index.md
index af7ecbfcf7..34e9b806d0 100644
--- a/content/operate/kubernetes/networking/_index.md
+++ b/content/operate/kubernetes/networking/_index.md
@@ -23,7 +23,7 @@ Connect applications to your Redis Enterprise databases:
Choose the appropriate method for your environment to enable external access:
-- [Ingress routing]({{< relref "/operate/kubernetes/networking/ingress" >}}) - Use NGINX or HAProxy ingress controllers with `ingress` API resources
+- [Ingress routing]({{< relref "/operate/kubernetes/networking/ingress" >}}) - Use HAProxy ingress controller with `ingress` API resources (the community NGINX ingress controller is retired)
- [Istio ingress routing]({{< relref "/operate/kubernetes/networking/istio-ingress" >}}) - Use Istio service mesh with `Gateway` and `VirtualService` API resources
- [OpenShift routes]({{< relref "/operate/kubernetes/networking/routes" >}}) - Use OpenShift-specific route resources for external traffic
diff --git a/content/operate/kubernetes/networking/database-connectivity.md b/content/operate/kubernetes/networking/database-connectivity.md
index b1ff1dbf2e..e3b8e28c5b 100644
--- a/content/operate/kubernetes/networking/database-connectivity.md
+++ b/content/operate/kubernetes/networking/database-connectivity.md
@@ -113,9 +113,9 @@ To access databases from outside the Kubernetes cluster, you need to configure e
Redis Enterprise for Kubernetes only supports the following ingress controllers for external database access:
-- NGINX Ingress - Supports SSL passthrough for Redis connections
-- HAProxy Ingress - Built-in SSL passthrough support
-- Istio Gateway - Service mesh integration with advanced traffic management
+- HAProxy Ingress - Built-in SSL passthrough support.
+- Istio Gateway - Service mesh integration with advanced traffic management.
+- Ingress-NGINX - SSL passthrough is off by default; start the controller with `--enable-ssl-passthrough`. The community `kubernetes/ingress-nginx` project is retired (maintenance ended March 2026); existing deployments only.
See [Ingress routing]({{< relref "/operate/kubernetes/networking/ingress" >}}) for detailed configuration steps.
diff --git a/content/operate/kubernetes/networking/ingress.md b/content/operate/kubernetes/networking/ingress.md
index 3ae4decca4..fb3994412a 100644
--- a/content/operate/kubernetes/networking/ingress.md
+++ b/content/operate/kubernetes/networking/ingress.md
@@ -11,18 +11,21 @@ linkTitle: Ingress routing
weight: 5
---
+{{}}
+The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio as shown below, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation.
+{{}}
+
## Prerequisites
Before creating an Ingress, you'll need:
- A RedisEnterpriseDatabase (REDB) with TLS enabled for client connections
- - A supported Ingress controller with `ssl-passthrough` enabled
- - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/)
- - Be sure to use the `kubernetes/ingress-nginx` controller and NOT the `nginxinc/kubernetes-ingress` controller.
+ - An Ingress controller with `ssl-passthrough` enabled. Options include:
- [HAProxy Ingress](https://haproxy-ingress.github.io/docs/getting-started/)
+ - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/) (retired; existing deployments only)
- To use Istio for your Ingress resources, see [Configure Istio for external routing]({{< relref "/operate/kubernetes/networking/istio-ingress" >}})
-{{}}Make sure your Ingress controller has `ssl-passthrough`enabled. This is enabled by default for HAProxy, but disabled by default for NGINX. See the [NGINX User Guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details. {{}}
+{{}}Make sure your Ingress controller has `ssl-passthrough` enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the `--enable-ssl-passthrough` flag. See the [Ingress-NGINX TLS guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details.{{}}
## Create an Ingress resource
@@ -44,7 +47,7 @@ Before creating an Ingress, you'll need:
1. Create a DNS entry that resolves your chosen database hostname to the IP address for the Ingress controller's LoadBalancer.
-1. Create the Ingress resource YAML file.
+1. Create the Ingress resource YAML file.
``` YAML
apiVersion: networking.k8s.io/v1
@@ -54,6 +57,7 @@ Before creating an Ingress, you'll need:
annotations:
spec:
+ ingressClassName:
rules:
- host:
http:
@@ -65,23 +69,23 @@ Before creating an Ingress, you'll need:
name:
port:
name: redis
- ```
+ ```
- For HAProxy, insert the following into the `annotations` section:
+ Set `ingressClassName` to match the `IngressClass` your controller installed. The deprecated `kubernetes.io/ingress.class` annotation is no longer accepted by recent controller versions, so use `ingressClassName` instead.
+
+ For HAProxy, add the following annotation:
``` YAML
- kubernetes.io/ingress.class: haproxy
- ingress.kubernetes.io/ssl-passthrough: "true"
+ ingress.kubernetes.io/ssl-passthrough: "true"
```
- For NGINX, insert the following into the `annotations` section:
+ For Ingress-NGINX, add the following annotation:
``` YAML
- kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
- ```
+ ```
- The `ssl-passthrough` annotation is required to allow access to the database. The specific format changes depending on your Ingress controller and any additional customizations. See [NGINX Configuration annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress Options](https://www.haproxy.com/documentation/kubernetes/latest/configuration/ingress/) for updated annotation formats.
+ The `ssl-passthrough` annotation is required to allow access to the database. The exact format depends on your Ingress controller and any additional customizations. See [Ingress-NGINX annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress configuration keys](https://haproxy-ingress.github.io/docs/configuration/keys/) for current annotation formats.
## Test your external access
diff --git a/content/operate/kubernetes/networking/ingressorroutespec.md b/content/operate/kubernetes/networking/ingressorroutespec.md
index 3aa48bd21e..e30c8c535a 100644
--- a/content/operate/kubernetes/networking/ingressorroutespec.md
+++ b/content/operate/kubernetes/networking/ingressorroutespec.md
@@ -11,25 +11,29 @@ weight: 30
---
An Ingress is an API resource that provides a standardized and flexible way to manage external access to services running within a Kubernetes cluster.
+{{}}
+The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation.
+{{}}
+
## Install Ingress controller
Redis Enterprise for Kubernetes supports the Ingress controllers below:
* [HAProxy](https://haproxy-ingress.github.io/)
-* [NGINX](https://kubernetes.github.io/ingress-nginx/)
* [Istio](https://istio.io/latest/docs/setup/getting-started/)
+* [Ingress-NGINX](https://kubernetes.github.io/ingress-nginx/) (retired; existing deployments only)
OpenShift users can use [routes]({{< relref "/operate/kubernetes/networking/routes" >}}) instead of an Ingress.
-Install your chosen Ingress controller, making sure `ssl-passthrough` is enabled. `ssl-passthrough` is turned off by default for NGINX but enabled by default for HAProxy.
+Install your chosen Ingress controller, making sure `ssl-passthrough` is enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the `--enable-ssl-passthrough` flag.
## Configure DNS
-1. Choose the hostname (FQDN) you will use to access your database according to the recommended naming conventions below, replacing `` with your own values.
+1. Choose the API hostname and database hostname suffix you will use, replacing `` with your own values. The recommended formats are:
+
+ * REC API hostname (`apiFqdnUrl`): `api--.`
+ * Database hostname suffix (`dbFqdnSuffix`): `-db--.`
- REC API hostname: `api--.`
- REAADB hostname: `-db--.`
-
- We recommend using a wildcard (`*`) in place of the database name, followed by the hostname suffix.
+ The operator appends each database name to `dbFqdnSuffix` to build the per-database hostname. For example, a database named `mydb` with the suffix above resolves to `mydb-db--.`. For the wildcard DNS record, use `*` in place of the database name followed by the suffix.
1. Retrieve the `EXTERNAL-IP` of your Ingress controller's `LoadBalancer` service.
@@ -59,17 +63,18 @@ Edit the RedisEnterpriseCluster (REC) spec to add the `ingressOrRouteSpec` field
* Add any additional annotations required for your ingress controller. See [NGINX docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) or [HAproxy docs](https://haproxy-ingress.github.io/docs/configuration/keys/) for more information.
```sh
-kubectl patch rec --type merge --patch "{\"spec\": \
+kubectl patch rec --type merge --patch "{\"spec\": \
{\"ingressOrRouteSpec\": \
{\"apiFqdnUrl\": \"api--.example.com\", \
\"dbFqdnSuffix\": \"-db--.example.com\", \
\"ingressAnnotations\": \
- {\".io/ingress.class\": \
- \"\", \
- \"/ssl-passthrough\": \ \"true\"}, \
+ {\"kubernetes.io/ingress.class\": \"\", \
+ \"/ssl-passthrough\": \"true\"}, \
\"method\": \"ingress\"}}}"
```
+Set `` to `haproxy` or `nginx`. The operator validates that `ingressAnnotations` includes `kubernetes.io/ingress.class` and is the only annotation key it requires; add any other controller-specific annotations alongside it.
+
### OpenShift routes
* Define the REC API hostname (`apiFqdnUrl`) and database hostname suffix (`dbFqdnSuffix`) you chose when configuring DNS.
diff --git a/content/operate/kubernetes/networking/istio-ingress.md b/content/operate/kubernetes/networking/istio-ingress.md
index a71836c1bd..5cdbb3bdf1 100644
--- a/content/operate/kubernetes/networking/istio-ingress.md
+++ b/content/operate/kubernetes/networking/istio-ingress.md
@@ -60,7 +60,7 @@ When using Istio ingress for Redis on Kubernetes, avoid partial wildcard hostnam
1. On a different namespace from `istio-system`, create a `Gateway` custom resource file (`redis-gateway.yaml` in this example).
- Replace `.istio.k8s.my.example.com` with the domain that matches your DNS record.
- - Replace `` with the label set on your Istio ingress gateway pod (most common is `istio: ingress`).
+ - Replace `` with the label set on your Istio ingress gateway pod. A default `istioctl install` deploys the gateway with label `istio: ingressgateway`.
- TLS passthrough mode is required to allow secure access to the database.
```yaml
@@ -75,9 +75,9 @@ When using Istio ingress for Redis on Kubernetes, avoid partial wildcard hostnam
- hosts:
- '*.istio.k8s.my.example.com'
port:
- name: https
+ name: tls
number: 443
- protocol: HTTPS
+ protocol: TLS
tls:
mode: PASSTHROUGH
```
diff --git a/content/operate/kubernetes/release-notes/previous-releases/_index.md b/content/operate/kubernetes/release-notes/previous-releases/_index.md
index 7d13deeb70..bb0fcdadbf 100644
--- a/content/operate/kubernetes/release-notes/previous-releases/_index.md
+++ b/content/operate/kubernetes/release-notes/previous-releases/_index.md
@@ -9,7 +9,7 @@ description: Release notes for versions of Redis Enterprise for Kubernetes relea
more than 18 months ago.
hideListLinks: true
linkTitle: Previous versions
-weight: 91
+weight: 100
---
Below are archived release notes for Redis Enterprise for Kubernetes versions released more than 18 months ago.