Project "Kyma" extends the Kubernetes platform with a set of components that allow you to expose your services and functions outside the cluster. The API Gateway can be used on top of your Kubernetes services to make the services accessible outside the Kyma cluster.
API Gateway Components
The API Gateway is based on the open-source project Istio, which is also installed as part of the Kyma installation. You will find out more about Istio in the next unit.
Technically, the API Gateway is a custom-configured Istio Ingress Gateway that is installed in the
kyma-system namespace called
kyma-gateway is the central point of contact for all external traffic that enters the Kyma cluster. The
kyma-gateway (Istio Ingress Gateway) uses the Envoy Proxy as an application-based service proxy to handle the traffic and to forward it to the correct Service.
For authorizing incoming HTTP requests, the open-source project Ory Oathkeeper is plugged into the Envoy Proxy of the API Gateway. Oathkeeper is a lightweight identity, and access proxy used to secure your services and functions. Oathkeeper decides whether a request is allowed to access a service by applying Access Rules.