We released NGINX Ingress Controller v5.4.0 ahead of KubeCon Europe, and this one is worth the noise. This release is laser-focused on making it easier for teams running ingress-nginx to migrate to NGINX Ingress Controller, without sacrificing the features and workflows they depend on. Here’s what’s new!
Configuration Resilience and Validation
What’s new: Ingress and VirtualServer resources can now be validated using nginx -T before being applied to the ingress controller pod, catching misconfigurations before they ever reach your running workloads. Where ingress-nginx handled this with a webhook, NGINX Ingress Controller delivers it natively.
Why it matters: Misconfiguration is one of the leading causes of unplanned downtime in Kubernetes environments. Early validation feedback without an external webhook simplifies your setup and gives operators more confidence during deployments and migrations.
CORS Support
What’s new: A new CRD introduces native CORS configuration that works with both Ingress and VirtualServer resources, giving teams a consistent way to manage cross-origin policies without one-off annotations or custom snippets.
Why it matters: CORS is a requirement for most modern web applications. Having a native, reusable CRD means it works the same way regardless of which resource type you’re using.
Policy CRDs Now Compatible with kind: Ingress
What’s new: Starting with CORS and Access Control, you can now attach Policy CRDs directly to kind: Ingress objects. This was a real engineering challenge, but the team found a design that builds on existing work and will scale to support more policies going forward.
Why it matters: Previously, teams had to adopt VirtualServer CRDs just to use NGINX’s policy features. Now you get the benefits of our policy framework without touching your existing Ingress resources, a much smoother migration path.
Access Control for Ingress Resources
What’s new: Access control policies are now fully compatible with kind: Ingress, bringing feature parity with VirtualServer across resource types.
Why it matters: Security policies shouldn’t depend on which resource abstraction you happen to be using. Teams can now enforce consistent access controls during migration without rewriting resources ahead of schedule.
Sticky Cookie Session Persistence Comes to Open Source!
What’s new: Session persistence via sticky cookies is now available to all users, no NGINX Plus subscription required.
Why it matters: This was one of the most frequently raised requests from the open source community and a real sticking point for teams considering a move away from ingress-nginx. We listened, and we’re glad to finally ship it.
Expanded Annotation Support
What’s new: This release adds support for more ingress-nginx annotations: app-root, ssl-redirect, next-upstream, next-upstream-timeouts, and next-upstream-tries.
Why it matters: Annotation compatibility is the biggest friction point when migrating from ingress-nginx. The more we support natively, the less you need to rewrite on day one, letting teams migrate incrementally at their own pace.
Label-Based VirtualServerRoute Selection
What’s new: VirtualServers can now select VirtualServerRoutes using label selectors instead of explicit references, making routing configurations more dynamic and less tightly coupled between resources.
Why it matters: In large, multi-team environments, rigid resource references become a maintenance headache fast. Label-based selection gives platform teams the flexibility they need to manage routing at scale.
Stability and Bug Fixes
This release also includes a number of stability improvements and bug fixes. Head over to the GitHub release page and our public release docs for the full picture.
Wrapping Up
F5 NGINX Ingress Controller 5.4.0 is all about meeting teams where they are. From native configuration validation and expanded annotation support to Policy CRDs that work directly with kind: Ingress, this release removes barriers to migrate from ingress-nginx to the F5 NGINX Ingress Controller. And with sticky cookie session persistence now available in the open source edition, we’ve addressed one of the community’s most long-standing requests.
Whether you’re planning a migration, already mid-flight, evaluating your long-term ingress strategy, or looking to get more out of F5 NGINX Ingress Controller’s policy framework without overhauling your existing resources, this new release gives you practical ways to move forward at your own pace. We’re here to help you find the right fit.
You can find more details at:
- GitHub release page: https://github.com/nginx/kubernetes-ingress/releases
- Public release documentation: https://docs.nginx.com/nginx-ingress-controller
- Changelog: https://docs.nginx.com/nginx-ingress-controller/changelog
Come Chat With Us at KubeCon Europe!
We’re proud of what the team put together here. If you’re at KubeCon Europe, come find us at the F5 booth in Hall 5, Booth 1084. We’d love to hear about your migration experience and what you want to see next.
