Skip to content

Latest commit

 

History

History
93 lines (39 loc) · 3.42 KB

api-gateway-module-f323ab1.md

File metadata and controls

93 lines (39 loc) · 3.42 KB

API Gateway Module

Use the API Gateway module to expose and secure APIs.

What Is API Gateway?

API Gateway is a Kyma module with which you can expose and secure APIs.

To use the API Gateway module, you must also add the Istio module. By default, both the API Gateway and Istio modules are added when you create a Kyma runtime instance.

Features

The API Gateway module offers the following features:

  • Ory Oathkeeper installation: The module simplifies and manages the installation of Ory Oathkeeper.
  • API Exposure: The module combines Ory Oathkeeper and Istio capabilities to offer the APIRule CustomResourceDefinition (CRD). By creating APIRule custom resources (CRs), you can easily and securely expose your workloads.
  • Kyma Gateway installation: The module installs the default simple TLS Kyma Gateway.

Architecture

API Gateway Operator

Within the API Gateway module, API Gateway Operator manages the application of API Gateway’s configuration and handles resource reconciliation. It contains two controllers: APIGateway Controller and APIRule Controller.

APIGateway Controller

APIGateway Controller manages the installation of Ory Oathkeeper and handles the configuration of Kyma Gateway and the resources defined in the APIGateway CR. The controller is responsible for:

  • Installing, upgrading, and uninstalling Ory Oathkeeper
  • Configuring Kyma Gateway
  • Managing Certificate and DNSEntry resources

APIRule Controller

APIRule Controller uses Ory Oathkeeper and Istio resources to expose and secure APIs.

Certificate Controller

Certificate Controller is responsible for handling the Secret api-gateway-webhook-certificate in the kyma-system namespace. This Secret contains the Certificate data required for the APIRule conversion webhook.

API/Custom Resource Definitions

The apigateways.operator.kyma-project.io CRD describes the APIGateway CR that APIGateway Controller uses to manage the module and its resources. See APIGateway Custom Resource.

The apirules.operator.kyma-project.io CRD describes the APIRule CR that APIRule Controller uses to expose and secure APIs. See APIRule Custom Resource.

Resource Consumption

To learn more about the resources used by the API Gateway module, see Kyma Modules’ Sizing.

Related Information

kyma-project.io: API Gateway troubleshooting guides

kyma-project.io: API Gateway tutorials

Ory Oathkeeper Introduction

Istio