Why are NGINX Ingress features like snippets, ConfigMap tuning, and advanced CORS not supported in Kubernetes Gateway API (Envoy/NGF)? #4588
Description
summary
During migration from NGINX Ingress Controller to Kubernetes Gateway API, we identified several critical NGINX features with no equivalent in Gateway API. These features are essential for routing, security, CORS handling, and logging in production.
The official migration guide also confirms that many of these features are intentionally not supported in Gateway API.
📄 https://gateway-api.sigs.k8s.io/guides/getting-started/migrating-from-ingress-nginx/ [gateway-ap...igs.k8s.io]
Unsupported Features
❌ 1. Raw proxy configuration injection
http-snippet
server-snippet
location-snippet
Gateway API explicitly does not expose underlying proxy internals.
❌ 2. NGINX ConfigMap equivalents
Missing replacements for:
proxy-body-size
proxy-buffer-size
proxy-connect-timeout
proxy-read-timeout
custom NGINX log formats
These are commonly used in NGINX Ingress but have no Gateway API equivalent.
Community confirmation: kubernetes-sigs/ingress2gateway#232 [github.com]
❌ 3. Advanced CORS
Not supported:
regex origin matching
map‑based dynamic origin
conditional origin logic
Only simple, static CORS is supported today.
❌ 4. ModSecurity / WAF snippets
Gateway API has no mechanism for embedding ModSecurity directives or policies.
❌ 5. Variable rewriting
No alternatives for:
$origin
$args
$upstream_status
$proxy_host:$proxy_port
Critical for complex auth and routing logic.
❌ 6. Admission webhook validation
NGINX Ingress supported webhook‑based validation.
Gateway API relies exclusively on CRD schema.
Impact
These gaps make it difficult to migrate production workloads that depend on:
Custom routing logic
Security header enforcement
Dynamic CORS
WAF/ModSecurity policies
NGINX tuning for large payloads
Enhanced request/response logging
Request
Is there a design reason these features are removed?
Are there plans for:
Advanced CORS?
WAF integration?
Proxy tuning policies?
Header rewrite / variable rewrite support?
Logging customization?
Should users rely on Envoy/NGF‑specific extensions instead?
Environment
Gateway API v1.x
Envoy Gateway + NGINX Ingress during migration
consolidate excel-sheet those are not supporting for performing the migration from nginx-ingress controller to gateway api
