K8s: fix ingress doc bugs

content/operate/kubernetes/7.22/networking/_index.md

@@ -24,7 +24,7 @@ Connect applications to your Redis Enterprise databases:
 
 Choose the appropriate method for your environment to enable external access:
 
-- [Ingress routing]({{< relref "/operate/kubernetes/7.22/networking/ingress" >}}) - Use NGINX or HAProxy ingress controllers with `ingress` API resources
+- [Ingress routing]({{< relref "/operate/kubernetes/7.22/networking/ingress" >}}) - Use HAProxy ingress controller with `ingress` API resources (the community NGINX ingress controller is retired)
 - [Istio ingress routing]({{< relref "/operate/kubernetes/7.22/networking/istio-ingress" >}}) - Use Istio service mesh with `Gateway` and `VirtualService` API resources
 - [OpenShift routes]({{< relref "/operate/kubernetes/7.22/networking/routes" >}}) - Use OpenShift-specific route resources for external traffic
 

content/operate/kubernetes/7.22/networking/database-connectivity.md

@@ -109,9 +109,9 @@ To access databases from outside the Kubernetes cluster, you need to configure e
 
 Redis Enterprise for Kubernetes only supports the following ingress controllers for external database access:
 
-- NGINX Ingress - Supports SSL passthrough for Redis connections
-- HAProxy Ingress - Built-in SSL passthrough support  
-- Istio Gateway - Service mesh integration with advanced traffic management
+- HAProxy Ingress - Built-in SSL passthrough support.
+- Istio Gateway - Service mesh integration with advanced traffic management.
+- Ingress-NGINX - SSL passthrough is off by default; start the controller with `--enable-ssl-passthrough`. The community `kubernetes/ingress-nginx` project is retired (maintenance ended March 2026); existing deployments only.
 
 See [Ingress routing]({{< relref "/operate/kubernetes/7.22/networking/ingress" >}}) for detailed configuration steps.
 

content/operate/kubernetes/7.22/networking/ingress.md

@@ -12,18 +12,21 @@ weight: 5
 url: '/operate/kubernetes/7.22/networking/ingress/'
 ---
 
+{{<warning>}}
+The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio as shown below, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation.
+{{</warning>}}
+
 ## Prerequisites
 
 Before creating an Ingress, you'll need:
 
  - A RedisEnterpriseDatabase (REDB) with TLS enabled for client connections
- - A supported Ingress controller with `ssl-passthrough` enabled
-    - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/)
-        - Be sure to use the `kubernetes/ingress-nginx` controller and NOT the `nginxinc/kubernetes-ingress` controller.
+ - An Ingress controller with `ssl-passthrough` enabled. Options include:
     - [HAProxy Ingress](https://haproxy-ingress.github.io/docs/getting-started/)
+    - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/) (retired; existing deployments only)
     - To use Istio for your Ingress resources, see [Configure Istio for external routing]({{< relref "/operate/kubernetes/7.22/networking/istio-ingress" >}})
 
-{{<note>}}Make sure your Ingress controller has `ssl-passthrough`enabled. This is enabled by default for HAProxy, but disabled by default for NGINX. See the [NGINX User Guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details. {{</note>}}
+{{<note>}}Make sure your Ingress controller has `ssl-passthrough` enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the `--enable-ssl-passthrough` flag. See the [Ingress-NGINX TLS guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details.{{</note>}}
 
 ## Create an Ingress resource
 
@@ -45,7 +48,7 @@ Before creating an Ingress, you'll need:
 
 1. Create a DNS entry that resolves your chosen database hostname to the IP address for the Ingress controller's LoadBalancer.  
 
-1. Create the Ingress resource YAML file.  
+1. Create the Ingress resource YAML file.
 
     ``` YAML
     apiVersion: networking.k8s.io/v1
@@ -55,6 +58,7 @@ Before creating an Ingress, you'll need:
       annotations:
         <controller-specific-annotations-below>
     spec:
+      ingressClassName: <haproxy | nginx>
       rules:
       - host: <my-db-hostname>
         http:
@@ -66,23 +70,23 @@ Before creating an Ingress, you'll need:
                 name: <db-name>
                 port:
                   name: redis
-    ```  
+    ```
 
-    For HAProxy, insert the following into the `annotations` section:  
+    Set `ingressClassName` to match the `IngressClass` your controller installed. The deprecated `kubernetes.io/ingress.class` annotation is no longer accepted by recent controller versions, so use `ingressClassName` instead.
+
+    For HAProxy, add the following annotation:
 
     ``` YAML
-    kubernetes.io/ingress.class: haproxy
-     ingress.kubernetes.io/ssl-passthrough: "true"
+    ingress.kubernetes.io/ssl-passthrough: "true"
     ```
 
-    For NGINX, insert the following into the `annotations` section:  
+    For Ingress-NGINX, add the following annotation:
 
     ``` YAML
-    kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-    ```  
+    ```
 
-    The `ssl-passthrough` annotation is required to allow access to the database. The specific format changes depending on your Ingress controller and any additional customizations. See [NGINX Configuration annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress Options](https://www.haproxy.com/documentation/kubernetes/latest/configuration/ingress/) for updated annotation formats.  
+    The `ssl-passthrough` annotation is required to allow access to the database. The exact format depends on your Ingress controller and any additional customizations. See [Ingress-NGINX annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress configuration keys](https://haproxy-ingress.github.io/docs/configuration/keys/) for current annotation formats.
 
 ## Test your external access  
 

content/operate/kubernetes/7.22/networking/ingressorroutespec.md

@@ -12,25 +12,29 @@ url: '/operate/kubernetes/7.22/networking/ingressorroutespec/'
 ---
 An Ingress is an API resource that provides a standardized and flexible way to manage external access to services running within a Kubernetes cluster.
 
+{{<warning>}}
+The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation.
+{{</warning>}}
+
 ## Install Ingress controller
 
 Redis Enterprise for Kubernetes supports the Ingress controllers below:
 * [HAProxy](https://haproxy-ingress.github.io/)
-* [NGINX](https://kubernetes.github.io/ingress-nginx/)
 * [Istio](https://istio.io/latest/docs/setup/getting-started/)
+* [Ingress-NGINX](https://kubernetes.github.io/ingress-nginx/) (retired; existing deployments only)
 
 OpenShift users can use [routes]({{< relref "/operate/kubernetes/7.22/networking/routes" >}}) instead of an Ingress.
 
-Install your chosen Ingress controller, making sure `ssl-passthrough` is enabled. `ssl-passthrough` is turned off by default for NGINX but enabled by default for HAProxy.
+Install your chosen Ingress controller, making sure `ssl-passthrough` is enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the `--enable-ssl-passthrough` flag.
 
 ## Configure DNS
 
-1. Choose the hostname (FQDN) you will use to access your database according to the recommended naming conventions below, replacing `<placeholders>` with your own values.
+1. Choose the API hostname and database hostname suffix you will use, replacing `<placeholders>` with your own values. The recommended formats are:
+
+     * REC API hostname (`apiFqdnUrl`): `api-<rec-name>-<rec-namespace>.<subdomain>`
+     * Database hostname suffix (`dbFqdnSuffix`): `-db-<rec-name>-<rec-namespace>.<subdomain>`
 
-     REC API hostname: `api-<rec-name>-<rec-namespace>.<subdomain>`
-     REAADB hostname: `-db-<rec-name>-<rec-namespace>.<subdomain>`
-
-     We recommend using a wildcard (`*`) in place of the database name, followed by the hostname suffix.
+     The operator appends each database name to `dbFqdnSuffix` to build the per-database hostname. For example, a database named `mydb` with the suffix above resolves to `mydb-db-<rec-name>-<rec-namespace>.<subdomain>`. For the wildcard DNS record, use `*` in place of the database name followed by the suffix.
 
 1. Retrieve the `EXTERNAL-IP` of your Ingress controller's `LoadBalancer` service.
 
@@ -60,17 +64,18 @@ Edit the RedisEnterpriseCluster (REC) spec to add the `ingressOrRouteSpec` field
 * Add any additional annotations required for your ingress controller. See [NGINX docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) or [HAproxy docs](https://haproxy-ingress.github.io/docs/configuration/keys/) for more information.
 
 ```sh
-kubectl patch rec  <rec-name> --type merge --patch "{\"spec\": \
+kubectl patch rec <rec-name> --type merge --patch "{\"spec\": \
     {\"ingressOrRouteSpec\": \
       {\"apiFqdnUrl\": \"api-<rec-name>-<rec-namespace>.example.com\", \
       \"dbFqdnSuffix\": \"-db-<rec-name>-<rec-namespace>.example.com\", \
       \"ingressAnnotations\": \
-       {\"<kubernetes | github>.io/ingress.class\": \
-       \"<ingress-controller>\", \
-       \"<ingress-controller-annotation>/ssl-passthrough\": \ \"true\"}, \
+       {\"kubernetes.io/ingress.class\": \"<ingress-controller>\", \
+       \"<ingress-controller-annotation>/ssl-passthrough\": \"true\"}, \
       \"method\": \"ingress\"}}}"
 ```
 
+Set `<ingress-controller>` to `haproxy` or `nginx`. The operator validates that `ingressAnnotations` includes `kubernetes.io/ingress.class` and is the only annotation key it requires; add any other controller-specific annotations alongside it.
+
 ### OpenShift routes
 
 * Define the REC API hostname (`apiFqdnUrl`) and database hostname suffix (`dbFqdnSuffix`) you chose when configuring DNS.

content/operate/kubernetes/7.22/networking/istio-ingress.md

@@ -57,7 +57,7 @@ To configure Istio to work with the Redis Kubernetes operator, we will use two c
 1. On a different namespace from `istio-system`, create a `Gateway` custom resource file (`redis-gateway.yaml` in this example).
 
     - Replace `.istio.k8s.my.example.com` with the domain that matches your DNS record.
-    - Replace `<selector-label>` with the label set on your Istio ingress gateway pod (most common is `istio: ingress`).
+    - Replace `<selector-label>` with the label set on your Istio ingress gateway pod. A default `istioctl install` deploys the gateway with label `istio: ingressgateway`.
     - TLS passthrough mode is required to allow secure access to the database.
 
     ```yaml
@@ -72,9 +72,9 @@ To configure Istio to work with the Redis Kubernetes operator, we will use two c
       - hosts:
         - '*.istio.k8s.my.example.com'
         port:
-          name: https
+          name: tls
           number: 443
-          protocol: HTTPS
+          protocol: TLS
         tls:
           mode: PASSTHROUGH
     ```

content/operate/kubernetes/7.4.6/networking/_index.md

@@ -14,7 +14,7 @@ url: '/operate/kubernetes/7.4.6/networking/'
 
 Redis Enterprise for Kubernetes supports several ways to route external traffic to your RedisEnterpriseCluster:
 
-- Ingress controllers [HAProxy](https://haproxy-ingress.github.io/) and [NGINX](https://kubernetes.github.io/ingress-nginx/) require an `ingress` API resource.
+- Ingress controllers [HAProxy](https://haproxy-ingress.github.io/) and [Ingress-NGINX](https://kubernetes.github.io/ingress-nginx/) (retired; existing deployments only) require an `ingress` API resource.
 - [Istio](https://istio.io/latest/docs/setup/getting-started/) requires `Gateway` and `VirtualService` API resources.
 - OpenShift uses [routes]({{< relref "/operate/kubernetes/7.4.6/networking/routes.md" >}}) to route external traffic.
 - The RedisEnterpriseActiveActiveDatabase (REAADB) requires any of the above routing methods to be configured in the RedisEnterpriseCluster (REC) with the `ingressOrRouteSpec` field.
@@ -27,7 +27,7 @@ Redis Enterprise supports three [types of services](https://kubernetes.io/docs/c
 
 By default, the operator creates a `ClusterIP` type service, which exposes a cluster-internal IP and that can only be accessed from within the K8s cluster. For requests to be routed from outside the K8s cluster, you need an [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) (or [route](https://docs.openshift.com/container-platform/4.12/networking/routes/route-configuration.html) if you are using OpenShift). See [kubernetes.io](https://kubernetes.io/docs/) for more details on [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) and [Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/).
 
-* To use NGINX or HAProxy Ingress controllers, see [Ingress routing]({{< relref "/operate/kubernetes/7.4.6/networking/ingress.md" >}}).
+* To use HAProxy as an Ingress controller, see [Ingress routing]({{< relref "/operate/kubernetes/7.4.6/networking/ingress.md" >}}). The community NGINX ingress controller is retired.
 * To use OpenShift routes, see [OpenShift routes]({{< relref "/operate/kubernetes/7.4.6/networking/routes.md" >}}).
 * To use Istio as an Ingress controller, see [Istio Ingress routing]({{< relref "/operate/kubernetes/7.4.6/networking/istio-ingress.md" >}})
 

content/operate/kubernetes/7.4.6/networking/ingress.md

@@ -12,18 +12,21 @@ weight: 5
 url: '/operate/kubernetes/7.4.6/networking/ingress/'
 ---
 
+{{<warning>}}
+The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio as shown below, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation.
+{{</warning>}}
+
 ## Prerequisites
 
 Before creating an Ingress, you'll need:
 
  - A RedisEnterpriseDatabase (REDB) with TLS enabled for client connections
- - A supported Ingress controller with `ssl-passthrough` enabled
-    - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/)
-        - Be sure to use the `kubernetes/ingress-nginx` controller and NOT the `nginxinc/kubernetes-ingress` controller.
+ - An Ingress controller with `ssl-passthrough` enabled. Options include:
     - [HAProxy Ingress](https://haproxy-ingress.github.io/docs/getting-started/)
+    - [Ingress-NGINX Controller](https://kubernetes.github.io/ingress-nginx/deploy/) (retired; existing deployments only)
     - To use Istio for your Ingress resources, see [Configure Istio for external routing]({{< relref "/operate/kubernetes/7.4.6/networking/istio-ingress.md" >}})
 
-{{<note>}}Make sure your Ingress controller has `ssl-passthrough`enabled. This is enabled by default for HAProxy, but disabled by default for NGINX. See the [NGINX User Guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details. {{</note>}}
+{{<note>}}Make sure your Ingress controller has `ssl-passthrough` enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the `--enable-ssl-passthrough` flag. See the [Ingress-NGINX TLS guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details.{{</note>}}
 
 ## Create an Ingress resource
 
@@ -45,7 +48,7 @@ Before creating an Ingress, you'll need:
 
 1. Create a DNS entry that resolves your chosen database hostname to the IP address for the Ingress controller's LoadBalancer.  
 
-1. Create the Ingress resource YAML file.  
+1. Create the Ingress resource YAML file.
 
     ``` YAML
     apiVersion: networking.k8s.io/v1
@@ -55,6 +58,7 @@ Before creating an Ingress, you'll need:
       annotations:
         <controller-specific-annotations-below>
     spec:
+      ingressClassName: <haproxy | nginx>
       rules:
       - host: <my-db-hostname>
         http:
@@ -66,23 +70,23 @@ Before creating an Ingress, you'll need:
                 name: <db-name>
                 port:
                   name: redis
-    ```  
+    ```
 
-    For HAProxy, insert the following into the `annotations` section:  
+    Set `ingressClassName` to match the `IngressClass` your controller installed. The deprecated `kubernetes.io/ingress.class` annotation is no longer accepted by recent controller versions, so use `ingressClassName` instead.
+
+    For HAProxy, add the following annotation:
 
     ``` YAML
-    kubernetes.io/ingress.class: haproxy
-     ingress.kubernetes.io/ssl-passthrough: "true"
+    ingress.kubernetes.io/ssl-passthrough: "true"
     ```
 
-    For NGINX, insert the following into the `annotations` section:  
+    For Ingress-NGINX, add the following annotation:
 
     ``` YAML
-    kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-    ```  
+    ```
 
-    The `ssl-passthrough` annotation is required to allow access to the database. The specific format changes depending on your Ingress controller and any additional customizations. See [NGINX Configuration annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress Options](https://www.haproxy.com/documentation/kubernetes/latest/configuration/ingress/) for updated annotation formats.  
+    The `ssl-passthrough` annotation is required to allow access to the database. The exact format depends on your Ingress controller and any additional customizations. See [Ingress-NGINX annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) and [HAProxy Ingress configuration keys](https://haproxy-ingress.github.io/docs/configuration/keys/) for current annotation formats.
 
 ## Test your external access