NGINX Ingress Controller 5.5 is a focused, community-driven release. It brings new capabilities, expanded Kubernetes Ingress support, a significant startup performance improvement at scale, and more annotations to ease migrations from ingress-nginx. Here’s what’s new.
External Authentication for Ingress and VirtualServer
What’s new?: External Authentication is now supported for both Ingress and VirtualServer resources. Based on analysis of the ingress-nginx project, ExternalAuth is one of the most widely used features and has been a frequent request from users making the move to F5 NGINX Ingress Controller.
Why it matters?: For teams migrating from ingress-nginx ExternalAuth compatibility removes one of the most common blockers. Users get a familiar, supported path without needing to redesign their authentication architecture on day one.
mTLS Support for Ingress
What’s new?: Mutual TLS for ingress and egress traffic is now supported on the Ingress resource, giving users another option for securing traffic natively within F5 NGINX Ingress Controller.
Why it matters?: mTLS is a core building block of zero-trust networking. Bringing it to the Ingress resource means teams no longer need to migrate to VirtualServer just to enforce mutual authentication — it works with the resource type they’re already using.
Additional ingress-nginx Annotation Support
What’s new?: This release adds support for more ingress-nginx annotations, including add-header, add_header_inherit, proxy-redirect-from, and proxy-redirect-to.
Why it matters?: Annotation compatibility remains the biggest migration friction point for teams moving from ingress-nginx. Every additional annotation we support natively means less rewriting on day one and a smoother, more incremental migration path.
Improved Startup Performance at Scale
What’s new?: NIC startup time has been significantly improved for environments with large numbers of configured resources. In a test environment with 100 regular Ingress resources, 250 master Ingress resources, 1,000 minion Ingress resources, and 100 VirtualServer resources, all NIC pods became ready in seconds — compared to double-digit minutes with the previous edge image.
Why it matters?: Slow startup times at scale create real operational risk, particularly during rolling updates or cluster recovery scenarios. This improvement makes F5 NGINX Ingress Controller significantly more reliable in large production environments where speed of recovery matters.
Expanded VirtualServerRoute Path Matching
What’s new?: VirtualServerRoute now supports multiple regular expression paths, making routing configurations more flexible for teams with advanced traffic management requirements.
Why it matters?: Real-world routing rules are rarely simple. Supporting multiple regex paths in a single VirtualServerRoute reduces the need for workarounds and gives teams cleaner, more maintainable configurations.
Optional Host Support
What’s new?: Host is now optional through an opt-in approach, enabling IP-based routing for environments that do not use DNS, such as test environments and labs, while preserving host-based routing as the standard Kubernetes model.
Why it matters?: Not every environment has DNS in place, especially during early-stage testing or in isolated lab setups. This gives teams the flexibility to get up and running quickly without changing their network configuration.
NGINX Plus Exclusive Features
NGINX Plus customers get everything above, plus additional enterprise security capabilities in this release.
WAF Policy Support for Ingress
What’s new?: F5 WAF Policy resources can now be associated directly with Ingress resources, removing the previous requirement to use VirtualServer.
Why it matters?: WAF protection shouldn’t depend on which resource abstraction you’re using. This gives platform and security teams more flexibility in how they apply and manage WAF policies across their Kubernetes environments.
F5 WAF IP Intelligence Support
What’s new?: WAF IP Intelligence can now automatically block or limit access from IP addresses with poor reputations, using real-time threat intelligence covering categories such as botnets, Windows exploits, and web attacks.
Why it matters?: Blocking known malicious sources at the edge before they reach your applications is one of the most effective security controls available. IP Intelligence automates that process using continuously updated threat data, reducing exposure without adding operational overhead.
Stability and Bug Fixes
This release also includes multiple stability improvements and bug fixes. Head over to the GitHub release page and our public release docs for the full picture. Follow the upgrade instructions in the documentation to upgrade F5 NGINX Ingress Controller.
We’re proud of what the team delivered here. A release that listens to user feedback and moves the project forward across security, performance, and migration experience all at once.
