Skip to content

Why are NGINX Ingress features like snippets, ConfigMap tuning, and advanced CORS not supported in Kubernetes Gateway API (Envoy/NGF)? #4588

@mullasaddam

Description

@mullasaddam

summary
During migration from NGINX Ingress Controller to Kubernetes Gateway API, we identified several critical NGINX features with no equivalent in Gateway API. These features are essential for routing, security, CORS handling, and logging in production.
The official migration guide also confirms that many of these features are intentionally not supported in Gateway API.
📄 https://gateway-api.sigs.k8s.io/guides/getting-started/migrating-from-ingress-nginx/ [gateway-ap...igs.k8s.io]

Unsupported Features
❌ 1. Raw proxy configuration injection

http-snippet
server-snippet
location-snippet

Gateway API explicitly does not expose underlying proxy internals.

❌ 2. NGINX ConfigMap equivalents
Missing replacements for:

proxy-body-size
proxy-buffer-size
proxy-connect-timeout
proxy-read-timeout
custom NGINX log formats

These are commonly used in NGINX Ingress but have no Gateway API equivalent.
Community confirmation: kubernetes-sigs/ingress2gateway#232 [github.com]

❌ 3. Advanced CORS
Not supported:

regex origin matching
map‑based dynamic origin
conditional origin logic

Only simple, static CORS is supported today.

❌ 4. ModSecurity / WAF snippets
Gateway API has no mechanism for embedding ModSecurity directives or policies.

❌ 5. Variable rewriting
No alternatives for:

$origin
$args
$upstream_status
$proxy_host:$proxy_port

Critical for complex auth and routing logic.

❌ 6. Admission webhook validation
NGINX Ingress supported webhook‑based validation.
Gateway API relies exclusively on CRD schema.

Impact
These gaps make it difficult to migrate production workloads that depend on:

Custom routing logic
Security header enforcement
Dynamic CORS
WAF/ModSecurity policies
NGINX tuning for large payloads
Enhanced request/response logging

Request

Is there a design reason these features are removed?
Are there plans for:

Advanced CORS?
WAF integration?
Proxy tuning policies?
Header rewrite / variable rewrite support?
Logging customization?

Should users rely on Envoy/NGF‑specific extensions instead?

Environment

Gateway API v1.x
Envoy Gateway + NGINX Ingress during migration

consolidate excel-sheet those are not supporting for performing the migration from nginx-ingress controller to gateway api

Image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions