by Fakhri Darmawan, Solution Architect Alibaba Cloud Indonesia
Based on Kubernetes article about NGINX Ingress Retirement in March 2026, Ingress NGINX maintenance will be halted, and the project will be retired. After that time, there will be no further releases, no bugfixes, and no updates to resolve any security vulnerabilities that may be discovered. The GitHub repositories will be made read-only and left available for reference.
Alibaba Cloud provide alternative to deploy ingress in Alibaba Cloud Container Service for Kubernetes. Alibaba cloud have several option service that can be use to deployed as ingress. The services are Application Load Balancer (ALB), Microservice Engine (MSE) and API Gateway Ingress.
● ALB Ingresses are fully managed, O&M-free gateways based on Application Load Balancer (ALB) instances.
● MSE Ingresses are fully managed, O&M-free gateways based on the cloud-native gateways of Microservices Engine (MSE).
● APIG Ingresses are high-performance, integrated gateways built on API Gateway that serve as a three-in-one gateway combining traditional traffic, microservices, and security functions.
| Type | Scenarios |
|---|---|
| ALB Ingress | Requires fully managed, O&M-free gateways with high-performance auto-scaling at Layer 7 and a large number of concurrent connections. |
| MSE Ingress | Requires centralized management of north-south and east-west traffic, microservices gateways, internal communication within hybrid clouds, and enhanced security protection. |
| APIG Ingress | High service traffic scenarios requiring high security, extensibility, and stability; integrates with Service Mesh and supports backend service discovery patterns like Nacos, DNS, and fixed IPs. |
| Category | ALB Ingress | MSE Ingress | APIG Ingress |
|---|---|---|---|
| Service Positioning | Deep integration with containers; provides ultra-large capacity and auto-scaling. | Suitable for application-layer load balancing; serves as traffic, microservices, and security gateways. | Integrated gateway designed for application layer load scenarios; directly connects to backend pod IPs. |
| Architecture | Developed on the Cloud Network Management and CyberStar platforms. | Built on open source Higress with control planes based on Istiod and Envoy. | Control planes built on Istiod and Envoy; each user has a dedicated instance. |
| Performance | Supports 1 million QPS and tens of millions of connections per instance. | HTTPS performance improved by 80% via hardware acceleration; TPS is ~90% higher than open source NGINX. | Hardware acceleration improves HTTPS performance by 80%; TPS is ~90% higher than open source NGINX. |
| Basic Routing | Supports content/source IP routing; includes CORS and session persistence. | Supports thousands of rules and prefetching mode to increase traffic steadily during windows. | Supports standard load balancing (RR, random, hashing) plus prefetch for smooth traffic increases. |
| Configuration Change | Efficient API-based changes; faster than list-watch mechanisms. | Supports hot updates for configurations, certificates, and plug-ins using List-Watch. | Supports hot updates for configurations, certificates, and Wasm plugins. |
| Authentication | TLS-based authentication. | Basic Auth, OAuth, JWT, OIDC, and IDaaS integration. | Basic Auth, OAuth, JWT, OIDC, IDaaS, and custom authentication. |
| Security | Supports WAF, Anti-DDoS, SNI, and TLS 1.3. | End-to-end encryption, WAF, SNI, and custom TLS versions. | Integrated with SSL Certificate Service and Alibaba Cloud WAF. |
| Observability | Access logs via Log Service; metrics/alerting via CloudMonitor. | Log Service, Managed Service for Prometheus, Tracing Analysis, and SkyWalking. | Integrated with SLS, ARMS Prometheus, and Tracing Analysis. |
| Governance | Kubernetes service discovery; canary releases and throttling. | Discovery via Nacos, ZooKeeper, DNS, etc.; integrated with Sentinel for circuit breaking. | Discovery via Nacos, Eureka, etc.; integrated with AHAS for circuit breaking and service mocking. |
| Extended Features | Uses AScript for extended configurations. | WebAssembly (Wasm) plug-ins supporting multiple languages; Lua. | Wasm plugin marketplace supporting multiple languages; Lua. |
| NGINX Ingress Migration Guide | Best practice for migrating from a self-managed NGINX Ingress to an ALB Ingress | Migrate traffic from an NGINX Ingress gateway to an MSE Ingress gateway | Nginx Ingress migration guide |
117 posts | 21 followers
FollowAlibaba Cloud Native Community - November 14, 2025
Alibaba Cloud Native Community - February 4, 2026
Alibaba Cloud Blockchain Service Team - December 26, 2018
Alibaba Cloud Blockchain Service Team - December 26, 2018
Xi Ning Wang - March 7, 2019
Alibaba Cloud Native Community - September 20, 2023
117 posts | 21 followers
Follow
Server Load Balancer
Respond to sudden traffic spikes and minimize response time with Server Load Balancer
Learn More
Cloud-Native Applications Management Solution
Accelerate and secure the development, deployment, and management of containerized applications cost-effectively.
Learn More
Container Service for Kubernetes
Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.
Learn More
Microservices Engine (MSE)
MSE provides a fully managed registration and configuration center, and gateway and microservices governance capabilities.
Learn MoreMore Posts by Alibaba Cloud Indonesia
