diff --git a/platform/_partials/install/external-access-nginx-deploy.mdx b/platform/_partials/install/external-access-nginx-deploy.mdx
index 5828e301c..5589517d9 100644
--- a/platform/_partials/install/external-access-nginx-deploy.mdx
+++ b/platform/_partials/install/external-access-nginx-deploy.mdx
@@ -1,7 +1,7 @@
-Deploy `nginx-ingress` controller to your cluster. Update `$PLATFORM_VERSION`
+[Deprecated]: Deploy `nginx-ingress` controller to your cluster. Update `$PLATFORM_VERSION`
with a valid platform version.
-```bash title="Deploy nginx-ingress controller"
+```bash title="[Deprecated- the ingress-nginx project has been deprecated]: Deploy ingress-nginx controller"
helm upgrade --install ingress-nginx ingress-nginx \
--repository-config='' \
-n ingress-nginx \
diff --git a/platform/_partials/install/external-access-nginx-loft-values.mdx b/platform/_partials/install/external-access-nginx-loft-values.mdx
index a9ec31a11..2eb9ee993 100644
--- a/platform/_partials/install/external-access-nginx-loft-values.mdx
+++ b/platform/_partials/install/external-access-nginx-loft-values.mdx
@@ -1,9 +1,9 @@
-To update the platform deployment to use the NGINX ingress controller, create a simple values
+[Deprecated]: To update the platform deployment to use the NGINX ingress controller, create a simple values
file that tells the platform to do just that. If you created a values file during your initial
deployment, you can simply edit that file, if you did not, you can create a new file with the
following contents.
-```yaml title="Update to use NGINX ingress controller"
+```yaml title="[Deprecated- the ingress-nginx project has been deprecated]: Update to use NGINX ingress controller"
ingress:
enabled: true
host: "vcluster-platform.mydomain.tld" # Make sure to change this
diff --git a/platform/_partials/install/external-access-nginx-manual.mdx b/platform/_partials/install/external-access-nginx-manual.mdx
index 4ff357737..e5b362e19 100644
--- a/platform/_partials/install/external-access-nginx-manual.mdx
+++ b/platform/_partials/install/external-access-nginx-manual.mdx
@@ -6,6 +6,10 @@ import PartialAdminUpgradeCLI from "../guides/upgrade-cli.mdx";
import PartialStartGetExternalIP from "./external-access-nginx-get-external-ip.mdx";
import PartialStartSetARecord from "./external-access-nginx-set-a-record.mdx";
+:::warning Deprecated
+The ingress-nginx project has been deprecated. We recommend using a different ingress controller.
+:::
+
diff --git a/platform/_partials/install/external-access-nginx.mdx b/platform/_partials/install/external-access-nginx.mdx
index 9de7c9168..945a68574 100644
--- a/platform/_partials/install/external-access-nginx.mdx
+++ b/platform/_partials/install/external-access-nginx.mdx
@@ -6,6 +6,10 @@ import PartialStartWithHost from "./external-access-nginx-start.mdx";
import PartialStartGetExternalIP from "./external-access-nginx-get-external-ip.mdx";
import PartialStartSetARecord from "./external-access-nginx-set-a-record.mdx";
+:::warning Deprecated
+The ingress-nginx project has been deprecated. We recommend using a different ingress controller.
+:::
+
:::warning Heads up.
This section assumes you already have the nginx ingress controller installed, if you don't,
check out the 'Manual Ingress Controller Installation' tab.
diff --git a/platform/_partials/sleep/activity-detection.mdx b/platform/_partials/sleep/activity-detection.mdx
index 49c8868b5..822a63065 100644
--- a/platform/_partials/sleep/activity-detection.mdx
+++ b/platform/_partials/sleep/activity-detection.mdx
@@ -30,7 +30,7 @@ If your kube-context points to the platform's API server as a proxy before the a
### Ingress Requests
-For [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/main) based Ingresses and [Istio](https://istio.io/) Gateways, activity detection works automatically.
+For [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/main) (deprecated) based Ingresses and [Istio](https://istio.io/) Gateways, activity detection works automatically.
For nginx based ingresses, the platform adds the [mirror-target](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#mirror) annotation to each ingress that will track activity and reset the timer when a request is made to that ingress.
For Istio, the metrics from the istio-proxy container are used to determine activity.
diff --git a/platform/administer/clusters/advanced/ingress-suffix.mdx b/platform/administer/clusters/advanced/ingress-suffix.mdx
index 5c3c0b615..ee4b5d95b 100644
--- a/platform/administer/clusters/advanced/ingress-suffix.mdx
+++ b/platform/administer/clusters/advanced/ingress-suffix.mdx
@@ -41,5 +41,5 @@ You can set the required ingress suffix in the vCluster Platform UI:
:::info Pre-Requisites
-This will require an ingress-controller in the cluster (such as ingress-nginx) and a wildcard DNS record on the above configured domain. Make sure to enable ssl-passthrough on the ingress controller as well or install the ingress-nginx vCluster Platform app.
+This will require an ingress-controller in the cluster and a wildcard DNS record on the above configured domain. Make sure to enable ssl-passthrough on the ingress controller as well or install the ingress-nginx vCluster Platform app (deprecated).
:::
diff --git a/platform/administer/clusters/advanced/multi-region-mode.mdx b/platform/administer/clusters/advanced/multi-region-mode.mdx
index 093614c54..dac41f949 100644
--- a/platform/administer/clusters/advanced/multi-region-mode.mdx
+++ b/platform/administer/clusters/advanced/multi-region-mode.mdx
@@ -19,7 +19,7 @@ kind: Ingress
metadata:
name: loft-agent-ingress
annotations:
- kubernetes.io/ingress.class: nginx
+ kubernetes.io/ingress.class: nginx # ingress-nginx has been deperecated
nginx.ingress.kubernetes.io/proxy-read-timeout: "43200"
nginx.ingress.kubernetes.io/proxy-send-timeout: "43200"
nginx.ingress.kubernetes.io/proxy-buffers-number: "8 32k"
diff --git a/platform/administer/clusters/advanced/policies.mdx b/platform/administer/clusters/advanced/policies.mdx
index b5f0ca198..24e2e963e 100644
--- a/platform/administer/clusters/advanced/policies.mdx
+++ b/platform/administer/clusters/advanced/policies.mdx
@@ -247,7 +247,7 @@ spec:
### Deny Ingress Classes
-This policy will deny all ingress classes except `nginx`.
+This policy will deny all ingress classes except `istio`.
```
apiVersion: policy.jspolicy.com/v1beta1
@@ -259,7 +259,7 @@ spec:
resources: ["ingresses"]
javascript: |
// ingress class can be set via annotation "kubernetes.io/ingress.class" or through spec.ingressClassName.
- const allowedIngressClasses = ["nginx"];
+ const allowedIngressClasses = ["istio"];
const ingressClasses = [request.object.metadata?.annotations?.["kubernetes.io/ingress.class"], request.object.spec.ingressClassName];
const notAllowed = ingressClasses.filter(ingressClass => ingressClass && !allowedIngressClasses.includes(ingressClass));
if (notAllowed.length > 0) {
diff --git a/platform/administer/monitoring/aggregating-metrics.mdx b/platform/administer/monitoring/aggregating-metrics.mdx
index dfd590f6c..2d47eb3f9 100644
--- a/platform/administer/monitoring/aggregating-metrics.mdx
+++ b/platform/administer/monitoring/aggregating-metrics.mdx
@@ -217,7 +217,7 @@ Then open your browser and navigate to `http://localhost:8080`. Log in with user
### Option 2: Ingress
-Create an Ingress resource to expose Grafana externally. The following example uses the nginx ingress controller:
+Create an Ingress resource to expose Grafana externally. The following example uses the nginx ingress controller (deperecated):
```yaml title="grafana-ingress.yaml"
apiVersion: networking.k8s.io/v1
diff --git a/platform/administer/templates/create-templates.mdx b/platform/administer/templates/create-templates.mdx
index e7a03c06c..07fde8208 100644
--- a/platform/administer/templates/create-templates.mdx
+++ b/platform/administer/templates/create-templates.mdx
@@ -546,7 +546,7 @@ spec:
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
- ingressClassName: "nginx"
+ ingressClassName: "nginx" # deperecated
hostname: {{ .Values.loft.virtualClusterName }}-{{ .Values.loft.project }}-{{ .Values.loft.clusterAnnotations.domainPrefix }}.{{ .Values.loft.clusterAnnotations.domain }}
tls: true
ingressGrpc:
@@ -556,7 +556,7 @@ spec:
logLevel: "debug"
ingress:
enabled: true
- ingressClassName: "nginx"
+ ingressClassName: "nginx" # deperecated
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
hostname: {{ .Values.loft.virtualClusterName }}-{{ .Values.loft.project }}-{{ .Values.loft.clusterAnnotations.domainPrefix }}-appset.{{ .Values.loft.clusterAnnotations.domain }}
diff --git a/platform/configure/domain.mdx b/platform/configure/domain.mdx
index 66a834143..090d0e845 100644
--- a/platform/configure/domain.mdx
+++ b/platform/configure/domain.mdx
@@ -34,7 +34,11 @@ The platform, like any other service in Kubernetes, can be exposed in multiple w
-### External access via NGINX ingress controller
+### [Deprecated]: External access via NGINX ingress controller
+
+:::warning Deprecated
+The ingress-nginx project has been deprecated.
+:::
Loft supports waking up a {props.name} through an ingress independent of the underlying ingress controller. Just navigate to the ingress host and you should see a Loft wakeup page for the {props.name}.
diff --git a/platform/use-platform/virtual-clusters/key-features/_partials/sleep/activity-detection.mdx b/platform/use-platform/virtual-clusters/key-features/_partials/sleep/activity-detection.mdx
index edf689481..0b3e63dc1 100644
--- a/platform/use-platform/virtual-clusters/key-features/_partials/sleep/activity-detection.mdx
+++ b/platform/use-platform/virtual-clusters/key-features/_partials/sleep/activity-detection.mdx
@@ -19,7 +19,7 @@ If your kube-context points to Loft's API server as a proxy before the actual co
### Ingress Requests
-For ingress-nginx based ingresses, activity detection also works automatically. Other ingress controllers are currently not supported. For nginx based ingresses, Loft will add a special annotation to each ingress that will track activity and reset the timer as soon as a request is made to that ingress.
+For ingress-nginx (deprecated) based ingresses, activity detection also works automatically. Other ingress controllers are currently not supported. For nginx based ingresses, Loft will add a special annotation to each ingress that will track activity and reset the timer as soon as a request is made to that ingress.
:::info Ingress Wakeup
Loft supports waking up a {props.name} through an ingress independent of the underlying ingress controller. Just navigate to the ingress host and you should see a Loft wakeup page for the {props.name}.
diff --git a/vcluster/_fragments/integrations/cert-manager.mdx b/vcluster/_fragments/integrations/cert-manager.mdx
index 5cb9561c3..a3fe8538a 100644
--- a/vcluster/_fragments/integrations/cert-manager.mdx
+++ b/vcluster/_fragments/integrations/cert-manager.mdx
@@ -278,7 +278,7 @@ spec:
solvers:
- http01:
ingress:
- ingressClassName: nginx
+ ingressClassName: nginx # the ingress-nginx project has been deprecated, we recommend using a different ingress class # the ingress-nginx project has been deprecated, we recommend using a different ingress class
- dns01:
cloudflare:
email: admin@yourdomain.com
@@ -414,7 +414,7 @@ kind: Ingress
metadata:
name: secure-app-ingress
annotations:
- kubernetes.io/ingress.class: nginx
+ kubernetes.io/ingress.class: nginx # ingress-nginx has been deperecated
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
diff --git a/vcluster/_fragments/sleepmode-ingress-example.mdx b/vcluster/_fragments/sleepmode-ingress-example.mdx
index 1d10e9af2..925626520 100644
--- a/vcluster/_fragments/sleepmode-ingress-example.mdx
+++ b/vcluster/_fragments/sleepmode-ingress-example.mdx
@@ -27,7 +27,7 @@ EOF
-Install the NGINX `IngressController`.
+[Deprecated]: [Deprecated]: [Deprecated]: Install the NGINX `IngressController`.
```shell title="install ingress controller"
helm install ingress-nginx ingress-nginx/ingress-nginx \
diff --git a/vcluster/configure/vcluster-yaml/deploy.mdx b/vcluster/configure/vcluster-yaml/deploy.mdx
index 9fbdfa14c..fcd6b0c8f 100644
--- a/vcluster/configure/vcluster-yaml/deploy.mdx
+++ b/vcluster/configure/vcluster-yaml/deploy.mdx
@@ -14,7 +14,7 @@ import DeployConfig from '../../_partials/config/deploy.mdx';
vCluster supports addons that extend the functionality of your virtual cluster. You can configure these addons during deployment to adjust networking, observability, and other features for your environment and requirements.
-### Ingress Nginx
+### [Deprecated]: Ingress Nginx
vCluster can install [ingress nginx](https://kubernetes.github.io/ingress-nginx/) into the vCluster. This can be enabled via:
diff --git a/vcluster/configure/vcluster-yaml/experimental/_code/sleepmode-ingress-examples.yaml b/vcluster/configure/vcluster-yaml/experimental/_code/sleepmode-ingress-examples.yaml
index 32728efcd..7d415aee6 100644
--- a/vcluster/configure/vcluster-yaml/experimental/_code/sleepmode-ingress-examples.yaml
+++ b/vcluster/configure/vcluster-yaml/experimental/_code/sleepmode-ingress-examples.yaml
@@ -53,7 +53,7 @@ metadata:
name: example-ingress
namespace: bar
spec:
- ingressClassName: nginx
+ ingressClassName: nginx # the ingress-nginx project has been deprecated, we recommend using a different ingress class # the ingress-nginx project has been deprecated, we recommend using a different ingress class
rules:
- http:
paths:
diff --git a/vcluster/configure/vcluster-yaml/sleep-mode.mdx b/vcluster/configure/vcluster-yaml/sleep-mode.mdx
index c891fc354..0e18662f3 100644
--- a/vcluster/configure/vcluster-yaml/sleep-mode.mdx
+++ b/vcluster/configure/vcluster-yaml/sleep-mode.mdx
@@ -105,7 +105,7 @@ Sleep mode tracks certain actions to detect activity and wake the cluster when n
- Attempting to contact ingress endpoints (NGINX and Istio only).
:::note
-Ingress activity detection with the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/main) ingress controller relies on the [mirror-target](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#mirror) annotation, which will overwrite any previously set mirror-target annotation.
+Ingress activity detection with the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/main) (deprecated) ingress controller relies on the [mirror-target](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#mirror) annotation, which will overwrite any previously set mirror-target annotation.
:::
### Ignore other types of activity in sleep mode
diff --git a/vcluster/configure/vcluster-yaml/sync/from-host/ingress-classes.mdx b/vcluster/configure/vcluster-yaml/sync/from-host/ingress-classes.mdx
index 793a21576..ee98ec935 100644
--- a/vcluster/configure/vcluster-yaml/sync/from-host/ingress-classes.mdx
+++ b/vcluster/configure/vcluster-yaml/sync/from-host/ingress-classes.mdx
@@ -28,7 +28,7 @@ This approach is useful in scenarios where selective access to ingress configura
- **Multi-tenancy**: Enable teams to use their own IngressClass resources while sharing a single host cluster.
- **Security**: Restrict the IngressClass resources available in the virtual cluster to enforce access control and prevent unintended configurations.
-
+
## Config reference
diff --git a/vcluster/manage/accessing-vcluster.mdx b/vcluster/manage/accessing-vcluster.mdx
index 5dd544fac..b223c59f7 100644
--- a/vcluster/manage/accessing-vcluster.mdx
+++ b/vcluster/manage/accessing-vcluster.mdx
@@ -54,7 +54,7 @@ vcluster connect my-vcluster -n my-vcluster --server my-domain.org
By default, vCluster updates the current kubeconfig to access the vCluster that contains the default admin client certificate and client key to authenticate to the vCluster. This means that all kubeconfig files generated have cluster admin access within the vCluster.
-Often this might not be desired. Instead of giving a user admin access to the virtual cluster, you can also use [service account authentication](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#service-account-tokens) to the virtual cluster. Let's say we want to create a kubeconfig file that only has view access in the virtual cluster. Then you would create a new service account inside the vCluster and assign it the cluster role `view` via a cluster role binding. Then we would generate a service account token and use that instead of the client-cert and client-key inside the kubeconfig.
+Often this might not be desired. Instead of giving a user admin access to the virtual cluster, you can also use [service account authentication](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#service-account-tokens) to the virtual cluster. Say we want to create a kubeconfig file that only has view access in the virtual cluster. Then you would create a new service account inside the vCluster and assign it the cluster role `view` via a cluster role binding. Then we would generate a service account token and use that instead of the client-cert and client-key inside the kubeconfig.
```
vcluster connect my-vcluster -n my-vcluster --service-account kube-system/my-user --cluster-role view
@@ -104,7 +104,7 @@ Error from server (Forbidden): namespaces is forbidden: User "system:serviceacco
You can replace the token field in the kubeconfig with any other service account token from inside the vCluster to act as this service account against the vCluster. For more information about service accounts and tokens, refer to the [official Kubernetes documentation](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#service-account-tokens).
-## Retrieving the kubeconfig from the vCluster secret
+## Retrieve the kubeconfig from the vCluster secret
@@ -223,7 +223,7 @@ If you are using a local Kubernetes cluster, such as docker-desktop, rancher-des
An [Ingress Controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) with SSL passthrough support provide the best user experience, but there is a workaround if this feature is not natively supported.
- - [Kubernetes Nginx](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough)
+ - [Kubernetes Nginx (DEPRECATED)](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough)
- [Traefik Proxy](https://doc.traefik.io/traefik/routing/routers/#passthrough)
- [Emissary](https://www.getambassador.io/docs/emissary/latest/topics/using/tcpmappings#tls-termination)
diff --git a/vcluster/third-party-integrations/github-actions/preview-environments.mdx b/vcluster/third-party-integrations/github-actions/preview-environments.mdx
index d4ba273d1..89b2283c4 100644
--- a/vcluster/third-party-integrations/github-actions/preview-environments.mdx
+++ b/vcluster/third-party-integrations/github-actions/preview-environments.mdx
@@ -17,7 +17,7 @@ This guide shows how to use vCluster and GitHub Actions to deploy preview enviro
### Install an `IngressController`
-Make sure to install an `IngressController` into the Kubernetes cluster where the preview environments should get created. Loft recommends [ingress-nginx](https://github.com/kubernetes/ingress-nginx), which can be installed through the platform under Cluster > Apps.
+Make sure to install an `IngressController` into the Kubernetes cluster where the preview environments should get created.
### Configure preview environments domain