API Gateway is a Kyma module with which you can expose and secure APIs.
To use the API Gateway module, you must also add the Istio module. By default, both the API Gateway and Istio modules are automatically added when you create a Kyma runtime instance.
The API Gateway module offers the following features:
- Ory Oathkeeper installation: The module simplifies and manages the installation of Ory Oathkeeper.
- API Exposure: The module combines ORY Oathkeeper and Istio capabilities to offer the APIRule CustomResourceDefinition. By creating APIRule custom resources, you can easily and securely expose your workloads.
- Kyma Gateway installation: The module installs the default simple TLS Kyma Gateway.
Within the API Gateway module, API Gateway Operator manages the application of API Gateway's configuration and handles resource reconciliation. It contains two controllers: APIGateway Controller and APIRule Controller.
APIGateway Controller manages the installation of Ory Oathkeeper and handles the configuration of Kyma Gateway and the resources defined in the APIGateway custom resource (CR). The controller is responsible for:
- Installing, upgrading, and uninstalling Ory Oathkeeper
- Configuring Kyma Gateway
- Managing Certificate and DNSEntry resources
APIRule Controller uses Ory Oathkeeper and Istio resources to expose and secure APIs.
The apigateways.operator.kyma-project.io CustomResourceDefinition (CRD) describes the APIGateway CR that APIGateway Controller uses to manage the module and its resources. See APIGateway Custom Resource.
The apirules.operator.kyma-project.io CRD describes the APIRule CR that APIRule Controller uses to expose and secure APIs. See APIRule Custom Resource.
To learn more about the resources used by the Istio module, see Kyma Modules' Sizing.