I'm looking for advice on our migration strategy as we transition from our original ingress Nginx controller to a secondary solution by the end of March 2026. We have a complex environment with over 100 namespaces and 200+ ingress resources that use a variety of ingress annotations, so this is a big move for us. We're considering a blue/green deployment strategy.
Here's the plan: The platform team will deploy a new ingress controller (let's say F5 Nginx) alongside the existing one, giving it a different IngressClassName. This way, both controllers can operate in parallel, with the old controller serving live traffic and the new one idle at first.
The application teams will then create new ingress configurations for their apps that point to the new controller. This means there will be two ingress objects for each application – one pointing to the old controller and the other to the new one. We'll gradually shift traffic to the new controller using a progressive DNS migration, adjusting the DNS TTL for quick propagation and adding the new controller's IP alongside the old one in the DNS records. Eventually, once the new system is stable and after a 24-hour period, we'll decommission the old controller.
I'd love to hear your thoughts on this approach. Is there anything I'm missing or should be aware of?
3 Answers
You might want to check out external-dns if that’s an option for your setup. It really streamlined things for us. Just make sure it integrates well with your existing infrastructure.
Seems like a good plan, but I’d keep an eye on how long traffic is served by both controllers. DNS updates can be tricky and not atomic, so the shorter that period, the better. Just be cautious about any unusual configurations that might not work well in this dual setup.
Your strategy sounds solid! We just finished a similar migration to Traefik using this method, and it worked really well for us. Running both ingress controllers in parallel lets you ensure everything is working before fully committing to the switch.
Thanks! Do you have any documentation on how external-dns would fit with our App Gateway to Nginx setup? I'd love to explore it.