Skip to main content

Kgateway

Kgateway is an open-source Kubernetes-native Application Programming Interface (API) gateway and ingress platform (API gateway / ingress) that exposes and manages application traffic using Kubernetes Gateway API resources.

  • Implements Kubernetes Gateway API for managing north-south and east-west traffic (API gateway / ingress)
  • Provides traffic routing, load balancing, and Transport Layer Security (TLS) termination for services running on Kubernetes (traffic management / security)
  • Supports policy-driven configuration for authentication, authorization, and rate limiting via Kubernetes resources (security / policy enforcement)
  • Integrates with existing Kubernetes toolchains and workflows using declarative configuration (platform engineering)
  • Operates as a Cloud Native Computing Foundation (CNCF) project aligned with cloud-native networking standards (cloud-native networking)

More About Kgateway

Kgateway is an open-source API gateway and ingress platform (API gateway / ingress) designed to run natively on Kubernetes and to be configured through the Kubernetes Gateway API. It targets the traffic management problem space for Kubernetes workloads, providing a centralized way to expose, secure, and control Hypertext Transfer Protocol (HTTP) and related protocols for applications deployed on clusters. By using Kubernetes-native resources for configuration, it aligns gateway operations with existing cluster management and GitOps workflows.

At its core, Kgateway implements routing and load balancing capabilities (traffic management), enabling incoming client traffic to be directed to backend services based on hostname, path, and other request attributes. It supports TLS termination (security), allowing encrypted client connections to be terminated at the gateway layer while forwarding traffic to internal services over configured protocols. These capabilities enable consistent entry-point management for microservices and other Kubernetes-hosted applications.

Kgateway is built around the Kubernetes Gateway API specification (cloud-native networking), which defines Gateway, HTTPRoute, and related resource types for expressing traffic behavior declaratively. Platform and network teams can define shared Gateway resources, while application teams manage HTTPRoute and related objects that describe how requests are mapped to services. This separation of concerns allows infrastructure and application ownership boundaries to be expressed directly in Kubernetes manifests.

The project integrates with common Kubernetes tooling and workflows (platform engineering), including declarative configuration via YAML manifests, compatibility with GitOps pipelines, and interaction with standard Kubernetes controllers. Configuration is stored in the Kubernetes API server, which enables versioning, auditability, and alignment with existing Role-Based Access Control (RBAC) policies. Kgateway fits into architectures where ingress, API gateway, and service exposure are managed as part of the cluster control plane rather than as an external system.

From an enterprise perspective, Kgateway provides a gateway layer that can enforce traffic and security policies close to workloads (security / policy enforcement). Operators can configure authentication, authorization, and rate limiting through Kubernetes resources when supported by the deployed Kgateway controllers and plugins. The project’s CNCF affiliation (cloud-native ecosystem) places it within the broader cloud-native networking and service connectivity landscape, where it can interoperate with other Kubernetes-based tools that adopt the Gateway API model.

Within a technical directory, Kgateway can be categorized as an API gateway and ingress controller for Kubernetes (API gateway / ingress), a cloud-native networking component (cloud-native networking), and a policy-enforced traffic management layer (traffic management / security) that is configured via the Kubernetes Gateway API.