This project is in the process of being donated to the CNCF and is not affiliated with the Kubernetes project.
Documentation
About
Overview

Overview

Learn more about kgateway, its architecture, and benefits.

About kgateway

Kgateway is a feature-rich, fast, and flexible Kubernetes-native ingress controller and next-generation API gateway that is built on top of Envoy proxy and the Kubernetes Gateway API. An API Gateway is a reverse proxy that serves as a security barrier between your clients and the microservices that make up your app. In order to access a microservice, all clients must send a request to the API Gateway. The API Gateway then verifies and routes the request to the microservice.

Kgateway is fully conformant with the Kubernetes Gateway API and extends its functionality with custom Gateway APIs, such as RouteOption, VirtualHostOption, or Upstreams. These resources help to centrally configure advanced traffic management, security, and resiliency rules for a specific component, such as a host, route, or gateway listener.

Extensions

The kgateway project provides the following extensions on top of the Kubernetes Gateway API to configure advanced routing, security, and resiliency capabilities.

Access logging
Security
AWS ALB and NLB
Traffic
AWS Lambda
Traffic
Buffering
Traffic
Cross-Origin Resource Sharing (CORS)
Security
Cross-Site Request Forgery (CSRF)
Security
Delegation
Traffic
Direct responses
Traffic
Fault injection
Resiliency
Gateway customization
Setup
Header control
Traffic
Health checks
Traffic
Integrations
Setup
Local rate limiting
Security
Proxy protocol
Traffic
Redirects
Traffic
Request matching
Traffic
Resource validation
Setup
Retries
Resiliency
Rewrites
Traffic
Shadowing
Resiliency
TCP keepalive
Traffic
Timeouts
Resiliency
Transformations
Traffic

Default gateway proxy setup

Kgateway automatically spins up, bootstraps, and manages gateway proxy deployments when you create a Kubernetes Gateway resource. To do that, a combination of kgateway and Kubernetes resources are used, such as GatewayClass, GatewayParameters, Settings, and a gateway proxy template that includes the Envoy configuration that each proxy is bootstrapped with.

To learn more about the default setup and how these resources interact with each other, see the Default gateway proxy setup.

Architecture