nginx-to-higress-migration
Migrate from ingress-nginx to Higress in Kubernetes environments. Use when (1) analyzing existing ingress-nginx setup (2) reading nginx Ingress resources and ConfigMaps (3) installing Higress via helm with proper ingressClass (4) identifying unsupported nginx annotations (5) generating WASM plugins for nginx snippets/advanced features (6) building and deploying custom plugins to image registry. Supports full migration workflow with compatibility analysis and plugin generation.
Install
mkdir -p .claude/skills/nginx-to-higress-migration && curl -L -o skill.zip "https://mcp.directory/api/skills/download/4537" && unzip -o skill.zip -d .claude/skills/nginx-to-higress-migration && rm skill.zipInstalls to .claude/skills/nginx-to-higress-migration
About this skill
Nginx to Higress Migration
Automate migration from ingress-nginx to Higress in Kubernetes environments.
⚠️ Critical Limitation: Snippet Annotations NOT Supported
Before you begin: Higress does NOT support the following nginx annotations:
nginx.ingress.kubernetes.io/server-snippetnginx.ingress.kubernetes.io/configuration-snippetnginx.ingress.kubernetes.io/http-snippetThese annotations will be silently ignored, causing functionality loss!
Pre-migration check (REQUIRED):
kubectl get ingress -A -o yaml | grep -E "snippet" | wc -lIf count > 0, you MUST plan WASM plugin replacements before migration. See Phase 6 for alternatives.
Prerequisites
- kubectl configured with cluster access
- helm 3.x installed
- Go 1.24+ (for WASM plugin compilation)
- Docker (for plugin image push)
Pre-Migration Checklist
Before Starting
- Backup all Ingress resources
kubectl get ingress -A -o yaml > ingress-backup.yaml - Identify snippet usage (see warning above)
- List all nginx annotations in use
kubectl get ingress -A -o yaml | grep "nginx.ingress.kubernetes.io" | sort | uniq -c - Verify Higress compatibility for each annotation (see annotation-mapping.md)
- Plan WASM plugins for unsupported features
- Prepare test environment (Kind/Minikube for testing recommended)
During Migration
- Install Higress in parallel with nginx
- Verify all pods running in higress-system namespace
- Run test script against Higress gateway
- Compare responses between nginx and Higress
- Deploy any required WASM plugins
- Configure monitoring/alerting
After Migration
- All routes verified working
- Custom functionality (snippet replacements) tested
- Monitoring dashboards configured
- Team trained on Higress operations
- Documentation updated
- Rollback procedure tested
Migration Workflow
Phase 1: Discovery
# Check for ingress-nginx installation
kubectl get pods -A | grep ingress-nginx
kubectl get ingressclass
# List all Ingress resources using nginx class
kubectl get ingress -A -o json | jq '.items[] | select(.spec.ingressClassName=="nginx" or .metadata.annotations["kubernetes.io/ingress.class"]=="nginx")'
# Get nginx ConfigMap
kubectl get configmap -n ingress-nginx ingress-nginx-controller -o yaml
Phase 2: Compatibility Analysis
Run the analysis script to identify unsupported features:
./scripts/analyze-ingress.sh [namespace]
Key point: No Ingress modification needed!
Higress natively supports nginx.ingress.kubernetes.io/* annotations - your existing Ingress resources work as-is.
See references/annotation-mapping.md for the complete list of supported annotations.
Unsupported annotations (require built-in plugin or custom WASM plugin):
nginx.ingress.kubernetes.io/server-snippetnginx.ingress.kubernetes.io/configuration-snippetnginx.ingress.kubernetes.io/lua-resty-waf*- Complex Lua logic in snippets
For these, check references/builtin-plugins.md first - Higress may already have a plugin!
Phase 3: Higress Installation (Parallel with nginx)
Higress natively supports nginx.ingress.kubernetes.io/* annotations. Install Higress alongside nginx for safe parallel testing.
# 1. Get current nginx ingressClass name
INGRESS_CLASS=$(kubectl get ingressclass -o jsonpath='{.items[?(@.spec.controller=="k8s.io/ingress-nginx")].metadata.name}')
echo "Current nginx ingressClass: $INGRESS_CLASS"
# 2. Detect timezone and select nearest registry
# China/Asia: higress-registry.cn-hangzhou.cr.aliyuncs.com (default)
# North America: higress-registry.us-west-1.cr.aliyuncs.com
# Southeast Asia: higress-registry.ap-southeast-7.cr.aliyuncs.com
TZ_OFFSET=$(date +%z)
case "$TZ_OFFSET" in
-1*|-0*) REGISTRY="higress-registry.us-west-1.cr.aliyuncs.com" ;; # Americas
+07*|+08*|+09*) REGISTRY="higress-registry.cn-hangzhou.cr.aliyuncs.com" ;; # Asia
+05*|+06*) REGISTRY="higress-registry.ap-southeast-7.cr.aliyuncs.com" ;; # Southeast Asia
*) REGISTRY="higress-registry.cn-hangzhou.cr.aliyuncs.com" ;; # Default
esac
echo "Using registry: $REGISTRY"
# 3. Add Higress repo
helm repo add higress https://higress.io/helm-charts
helm repo update
# 4. Install Higress with parallel-safe settings
# Note: Override ALL component hubs to use the selected registry
helm install higress higress/higress \
-n higress-system --create-namespace \
--set global.ingressClass=${INGRESS_CLASS:-nginx} \
--set global.hub=${REGISTRY}/higress \
--set global.enableStatus=false \
--set higress-core.controller.hub=${REGISTRY}/higress \
--set higress-core.gateway.hub=${REGISTRY}/higress \
--set higress-core.pilot.hub=${REGISTRY}/higress \
--set higress-core.pluginServer.hub=${REGISTRY}/higress \
--set higress-core.gateway.replicas=2
Key helm values:
global.ingressClass: Use the same class as ingress-nginxglobal.hub: Image registry (auto-selected by timezone)global.enableStatus=false: Disable Ingress status updates to avoid conflicts with nginx (reduces API server pressure)- Override all component hubs to ensure consistent registry usage
- Both nginx and Higress will watch the same Ingress resources
- Higress automatically recognizes
nginx.ingress.kubernetes.io/*annotations - Traffic still flows through nginx until you switch the entry point
⚠️ Note: After nginx is uninstalled, you can enable status updates:
helm upgrade higress higress/higress -n higress-system \
--reuse-values \
--set global.enableStatus=true
Kind/Local Environment Setup
In Kind or local Kubernetes clusters, the LoadBalancer service will stay in PENDING state. Use one of these methods:
Option 1: Port Forward (Recommended for testing)
# Forward Higress gateway to local port
kubectl port-forward -n higress-system svc/higress-gateway 8080:80 8443:443 &
# Test with Host header
curl -H "Host: example.com" http://localhost:8080/
Option 2: NodePort
# Patch service to NodePort
kubectl patch svc -n higress-system higress-gateway \
-p '{"spec":{"type":"NodePort"}}'
# Get assigned port
NODE_PORT=$(kubectl get svc -n higress-system higress-gateway \
-o jsonpath='{.spec.ports[?(@.port==80)].nodePort}')
# Test (use docker container IP for Kind)
curl -H "Host: example.com" http://localhost:${NODE_PORT}/
Option 3: Kind with Port Mapping (Requires cluster recreation)
# kind-config.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
extraPortMappings:
- containerPort: 30080
hostPort: 80
- containerPort: 30443
hostPort: 443
Phase 4: Generate and Run Test Script
After Higress is running, generate a test script covering all Ingress routes:
# Generate test script
./scripts/generate-migration-test.sh > migration-test.sh
chmod +x migration-test.sh
# Get Higress gateway address
# Option A: If LoadBalancer is supported
HIGRESS_IP=$(kubectl get svc -n higress-system higress-gateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
# Option B: If LoadBalancer is NOT supported, use port-forward
kubectl port-forward -n higress-system svc/higress-gateway 8080:80 &
HIGRESS_IP="127.0.0.1:8080"
# Run tests
./migration-test.sh ${HIGRESS_IP}
The test script will:
- Extract all hosts and paths from Ingress resources
- Test each route against Higress gateway
- Verify response codes and basic functionality
- Report any failures for investigation
Phase 5: Traffic Cutover (User Action Required)
⚠️ Only proceed after all tests pass!
Choose your cutover method based on infrastructure:
Option A: DNS Switch
# Update DNS records to point to Higress gateway IP
# Example: example.com A record -> ${HIGRESS_IP}
Option B: Layer 4 Proxy/Load Balancer Switch
# Update upstream in your L4 proxy (e.g., F5, HAProxy, cloud LB)
# From: nginx-ingress-controller service IP
# To: higress-gateway service IP
Option C: Kubernetes Service Switch (if using external traffic via Service)
# Update your external-facing Service selector or endpoints
Phase 6: Use Built-in Plugins or Create Custom WASM Plugin (If Needed)
Before writing custom plugins, check if Higress has a built-in plugin that meets your needs!
Built-in Plugins (Recommended First)
Higress provides many built-in plugins. Check references/builtin-plugins.md for the full list.
Common replacements for nginx features:
| nginx feature | Higress built-in plugin |
|---|---|
| Basic Auth snippet | basic-auth |
| IP restriction | ip-restriction |
| Rate limiting | key-rate-limit, cluster-key-rate-limit |
| WAF/ModSecurity | waf |
| Request validation | request-validation |
| Bot detection | bot-detect |
| JWT auth | jwt-auth |
| CORS headers | cors |
| Custom response | custom-response |
| Request/Response transform | transformer |
Common Snippet Replacements
| nginx snippet pattern | Higress solution |
|---|---|
Custom health endpoint (location /health) | WASM plugin: custom-location |
| Add response headers | WASM plugin: custom-response-headers |
| Request validation/blocking | WASM plugin with OnHttpRequestHeaders |
| Lua rate limiting | key-rate-limit plugin |
Custom WASM Plugin (If No Built-in Matches)
When nginx snippets or Lua logic has no built-in equivalent:
- Analyze snippet - Extract nginx directives/Lua code
- Generate Go WASM code - Use higress-wasm-go-plugin skill
- Build plugin:
cd plugin-dir
go mod tidy
GOOS=wasip1
---
*Content truncated.*
More by alibaba
View all skills by alibaba →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
pdf-to-markdown
aliceisjustplaying
Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.
Related MCP Servers
Browse all servers
RepomixOptimize your codebase for AI with Repomix—transform, compress, and secure repos for easier analysis with modern AI tool
Google Kubernetes Engine (GKE)Explore Google Kubernetes Engine (GKE) MCP servers. Access resources and examples for context-aware app development in G
kubectlInteract with Kubernetes resources using natural language instead of complex kubectl commands. Simplify cluster manageme
KubernetesControl and monitor Kubernetes clusters easily. Simplify your K8s management and debugging with powerful features.
Argo CDManage Kubernetes GitOps applications and resources with Argo CD and your assistant. Seamless argocd integration for aut
Argo CDManage Kubernetes GitOps applications and deployments with Argo CD integration for easy, natural language control from y