by Fakhri Darmawan, Solution Architect Alibaba Cloud Indonesia
Continue from previous blog about Nginx Ingress Replacement Option - Alibaba Cloud Community.
Alibaba Cloud provide multiple option to migrate from Nginx Ingress to ALB, MSE or APIG. Here is how to migrate for each of solution.
Follow up this document for detail how to migrate Best practice for migrating from a self-managed NGINX Ingress to an ALB Ingress - Container Service for Kubernetes - Alibaba Cloud Documentation Center. This is the High level of how to migrate.
1. Put the domain weight of ALB and Nginx
2. Gradually migrate the domain traffic
3. Delete resource in nginx ingress
This is the high level how to migrate to MSE from Nginx Ingress, for the detail can take a look at this documentation Migrate traffic from an NGINX Ingress gateway to an MSE Ingress gateway - Microservices Engine - Alibaba Cloud Documentation Center. This is high level step migrate nginx to MSE.
Create MSE cloud native gateway and create migration configuration. The MSE cloud-native gateway automatically listens to the changes of all Ingress resources that are associated with the source Ingress class in the cluster, and makes the configurations of the domain names and routes of the Ingress resources take effect.
Check the compatibility of the Ingress resources to which the cloud-native gateway listens. If all Ingress annotations are compatible with the cloud-native gateway, proceed to the next step.
a. Reuse original cluster slb
In this method, you need to add the MSE cloud-native gateway to the backend vServer group of the SLB instance that is associated with the NGINX Ingress gateway. During the migration, the SLB instance distributes business traffic to the MSE cloud-native gateway based on the configured weight. After the migration is complete, all business traffic on the SLB instance is switched to the MSE cloud-native gateway.
b. DNS resolution to SLB
For the DNS service provided by the DNS vendor, add the mappings between all domain names involved in route migration and the IP address of the SLB instance that is associated with the cloud-native gateway. We recommend that you use DNS records to gradually switch traffic based on configured weight values.
a. Reuse original cluster SLB
Use weight - Specify the weight based on which traffic is switched to the MSE cloud-native gateway. You can set the weight to a value ranging from 1 to 100 based on your business requirements. We recommend that you set the weight to a value ranging from 1 to 10 for the first time.
b. DNS resolution to SLB
For the DNS service provided by the DNS vendor, add the mappings between all domain names involved in route migration and the IP address of the SLB instance that is associated with the cloud-native gateway. We recommend that you use DNS records to gradually switch traffic based on configured weight values.
If the traffic distribution is not as expected, you can use one of the following methods to immediately roll back the traffic to NGINX Ingress Controller.
● Reuse Original Cluster SLB: Set the weight to 0 to terminate the migration.
● DNS Resolution to SLB: For the DNS service provided by the DNS vendor, delete the mappings between the business domain names and the IP address of the SLB instance that is associated with the MSE cloud-native gateway.
The step detail to migrate Nginx ingress to APIG is available on this document Migrate a self-managed NGINX Ingress gateway to Cloud-native API Gateway - API Gateway - Alibaba Cloud Documentation Center. Step to migrate similar like MSE. This is high level of how APIG core configuration that was suitable for ingress.
Cloud-native API Gateway supports two core configuration modes to meet different management needs and use cases:
In this mode, the Cloud-native API Gateway is deployed as a Kubernetes cluster's Ingress Controller to manage the cluster's north-south traffic.
● Smooth migration: Offers a path to migrate a self-managed Nginx Ingress to Cloud-native API Gateway. This process minimizes migration costs and the risk of business disruption for Nginx Ingress users.
● Maintain Kubernetes-native workflows: Fully compatible with Kubernetes Ingress resources and annotations. Teams can continue to use existing workflows, such as kubectl apply and GitOps, to manage routing rules.
● Enhanced features: Builds on Nginx Ingress compatibility by providing more powerful administration capabilities, such as global rate limiting.
This mode is ideal for migrating existing Nginx Ingress users. It is also suitable for teams that are Kubernetes-centric and rely on GitOps to manage application releases. Development and operations teams can use this mode to quickly implement cluster traffic routing and basic administration.
APIG Ingress, the Ingress Controller for Cloud-native API Gateway, supports most Nginx Ingress annotations. It supports 51 annotations, which cover 90% of user scenarios. You can migrate existing Kubernetes Ingress YAML files without major changes.
In this mode, Cloud-native API Gateway acts as a centralized API management platform. You can define and manage APIs through the Alibaba Cloud Management Console, or using an API or Terraform. This mode upgrades your capabilities from simple route forwarding to full API administration.
Centralized administration: Allows platform teams, architects, or security teams to manage all APIs from a unified view and enforce security, compliance, and traffic policies.
Full lifecycle management: Supports the complete API lifecycle, from design, development, and testing to publishing and unpublishing. This includes version control, release auditing, and one-click rollbacks.
Advanced security capabilities: Natively integrates complex authentication mechanisms, such as OpenID Connect (OIDC), JWT, and custom authentication and authorization.
API operations and ecosystem: Supports consumer management, subscription relationships, and call quotas for APIs. This enables the API economy.
This mode is ideal for enterprises that need fine-grained, centralized administration of APIs. It is also suitable for businesses with high requirements for API security and identity authentication, teams that need to manage API versions, perform phased releases, and conduct audits, and scenarios where you build an open platform and need to manage third-party developers (consumers) and their call quotas.
Self-Hosted GPU or Model-as-a-Service? A Strategic Guide for AI Leaders
126 posts | 22 followers
FollowAlibaba Cloud Native Community - November 26, 2025
Alibaba Cloud Native Community - November 14, 2025
Alibaba Cloud Native Community - April 7, 2026
Alibaba Cloud Community - May 7, 2025
Alibaba Cloud Native Community - February 3, 2026
Alibaba Cloud Native - November 9, 2022
126 posts | 22 followers
Follow
API Gateway
API Gateway provides you with high-performance and high-availability API hosting services to deploy and release your APIs on Alibaba Cloud products.
Learn More
Microservices Engine (MSE)
MSE provides a fully managed registration and configuration center, and gateway and microservices governance capabilities.
Learn More
Container Service for Kubernetes
Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.
Learn More
OpenAPI Explorer
OpenAPI Explorer allows you to call an API through its web interface or WebCLI, and view the entire process.
Learn MoreMore Posts by Alibaba Cloud Indonesia
