With the end of support for Ingress NGINX, many companies are facing a security-critical turning point. Since March 2026, there have been no updates or patches for the widely used Ingress controller – a situation recently highlighted by a critical vulnerability (CVE-2026-24512) that enabled attacks on routing configurations and stored secrets. At the same time, the existing Ingress API is reaching its structural limits; the Gateway API is regarded as the future-proof standard.

Against this backdrop, **Airlock Microgateway 5.0** positions itself as a Kubernetes-native alternative that goes beyond a simple replacement. The solution supports the Gateway API and combines modern traffic management with integrated security features such as upstream authentication, granular authorisation and declarative configuration for GitOps and CI/CD environments.

Technologically, the Microgateway is based on the Envoy proxy and enables the direct implementation of security and routing rules within the cluster – without requiring adjustments to applications or additional sidecars. This makes the solution suitable for hybrid infrastructures, multi-cloud environments and service mesh architectures.

Key new features include step-up authentication for OIDC, inline malware scanning via ICAP, and comprehensive observability with OpenTelemetry. This is complemented by simplified deployment via CEL validation and support for post-quantum cryptographic methods to ensure long-term security.

As a gateway API implementation with integrated Web Application and API Protection (WAAP) and certification for Red Hat OpenShift, Airlock is particularly aimed at enterprises with high security requirements. The solution enables organisations to strategically leverage the enforced transition from Ingress NGINX towards a modern, role-based and Kubernetes-native security architecture.