Gateway Policies for Kubernetes

Gateways play a pivotal role in application connectivity. With Kuadrant, platform engineers and application developers can easily connect, secure and protect their services and infrastructure using its powerful policy APIs.

Feature Overview

Leveraging the emerging ingress and connectivity standard Gateway API , Kuadrant's features enable and empower cluster operators and application developers to work collaboratively to connect, secure, protect and observe their service endpoints.

Connect: DNSPolicy

Bring traffic to your Gateway(s). Balance and distribute traffic across your different gateway instances, leveraging advanced DNS strategies such as geo and weighted responses without needing to manage individual records. Integrate with multiple cloud DNS Providers including AWS Route 53 and Google Cloud DNS

Secure: TLSPolicy

Automatically secure traffic to your Gateways with automatic ACME-based TLS integration that supports all of the main ACME providers, including Let's Encrypt

Protect: AuthPolicy

Protect your services with our flexible and powerful AuthPolicy API that integrates Authentication and Authorization at the Gateway or HTTPRoute level.

Protect: RateLimitPolicy

Protect your services with our flexible and powerful RateLimitPolicy that integrates rate limiting at the Gateway or HTTPRoute level.


Below are some of the main components that come as part of Kuadrant. For a more detail, take a look at our Architectural Overview

Kuadrant Operator

Operator to install and manage the lifecycle of the Kuadrant components deployments. Provides the core Kuadrant policy APIs that are enforced by the Kuadrant components.

DNS Operator

The DNS Operator integrates with cloud DNS providers to configure DNS connectivity based on DNS Record resources defined by DNSPolicy.


Authorino is lightweight Envoy external authorization server fully manageable via Kubernetes Custom Resources. Kuadrant's AuthPolicy defines how Auth requirements should be enforced by Authorino via its AuthConfig API that provides JWT authentication, API key, mTLS, pattern-matching authz, OPA, K8s SA tokens, K8s RBAC, external metadata fetching, and more, with minimum to no coding at all, no rebuilding of your applications.


Limitador is a generic rate-limiter written in Rust. Limits are defined by Kuadrant's RateLimitPolicy and enforced by Lmitador. Limitador can be used as a library, or as a service. The service exposes HTTP endpoints to apply and observe limits. Limitador can be used with Envoy because it also exposes a gRPC service, on a different port, that implements the Envoy Rate Limit protocol (v3).

Getting Started

Ready to simplify your API management and boost your application's security and observability? Dive into Kuadrant's comprehensive documentation, installation guides, and tutorials to get started today. Experience the benefits of streamlined API gateway management right away!

Frequently Asked Questions

  • What is Kuadrant and why should I use it?

    Kuadrant is an open-source project designed to provide a unified and simplified interface for managing multiple API gateways. It offers a wide range of features such as multi-cluster ingress, robust access management, advanced security controls, and in-depth observability, making it an excellent choice for application developers and gateway administrators alike.

  • How does Kuadrant handle security?

    Kuadrant offers several features that are aimed at providing a secure API management environment. It includes authentication, authorization, rate limiting, and quota management, among others. Its design adheres to best security practices, ensuring that your APIs are protected.

  • How do I get started with Kuadrant?

    Getting started with Kuadrant is straightforward. You can find all the necessary information on the Kuadrant Documentation Getting Started page, including detailed documentation and setup guides. For further assistance, you can also join the Kuadrant community where you'll find helpful resources and support.

  • Can I integrate Kuadrant with my existing applications and infrastructure?

    Yes, Kuadrant is designed to be flexible and can be integrated into your existing application stack. It supports a range of popular infrastructure and platforms, making it a versatile choice for API management.

  • Is Kuadrant suitable for large-scale applications?

    Absolutely. Kuadrant is designed to handle the demands of both small and large-scale applications. Its features such as multi-cluster ingress management, scalability, and advanced observability make it a suitable choice for managing APIs at any scale.