I'm currently involved in a big migration project where we need to transition from our existing ingress nginx controller to a new solution, specifically F5 nginx, in a timely manner. We have over 100 namespaces and 200 ingresses, so there's been a heavy reliance on ingress annotations across our applications.
Our timeline is pretty tight with a deadline set for March 2026, which prompts my team to consider a blue/green deployment strategy. Here's the plan:
1. First, we'll deploy the secondary ingress controller (F5 Nginx) in parallel within the same cluster, while keeping the original ingress controller running. The new controller will have its own private IP and a different IngressClassName, like 'nginx-f5'. At this point, the existing controller will serve live traffic while the new one stays idle.
2. Next, the app teams will set up the necessary ingress configurations pointing to the new controller by creating YAML files that reference the 'nginx-f5' class. This means both controllers will have ingress objects for the same applications.
3. For the traffic migration, we plan on using a progressive DNS migration strategy. We'll lower the DNS TTL to allow quick updates, and add the new F5 nginx private IP alongside the old one. This should allow DNS clients to round-robin between the two IPs, with an eventual traffic shift to the new controller.
4. After monitoring the stability of the new controller for about 24 hours, we can remove the old controller's IP from the DNS records entirely.
I am looking for insights on this approach: is this migration strategy sound? Am I overlooking anything crucial?
3 Answers
Your approach seems reasonable, but I’d recommend keeping the period where both controllers are live as short as possible. There's a risk of configuration issues, especially with sticky sessions if they aren't perfectly aligned. Maybe consider a seamless cutover method, though I get that DNS isn't atomic, so it's tricky.
If you haven’t looked into it yet, consider using external-dns to manage your DNS records automatically. It can simplify the process during your transition. It worked wonders for our setup!
Thanks! I’ll check out external-dns. Any resources you recommend?
This looks like a solid strategy. I've recently implemented a similar migration to Traefik, and it worked well using parallel deployment. Just ensure your application teams are well-coordinated with the DNS changes to minimize any issues. Good luck!
Thanks for the insight! I’ll definitely keep an eye on the configurations.