Gateway Policies for Kubernetes

Gateways play a pivotal role in application connectivity. With Kuadrant, platform engineers and application developers can easily connect, secure and protect their services and infrastructure using its powerful policy APIs.

Feature Overview

Leveraging the emerging ingress and connectivity standard Gateway API , Kuadrant's features enable and empower cluster operators and application developers to work together to securely connect users with their services. Kuadrant empowers cluster administrators to connect, secure, observe and protect services exposed via their gateways at scale giving them the confidence to allow application developers to self-service knowing that endpoints exposed via these gateways are compliant, secure, visible and resilient.

Connectivity and Load Balancing

Connect users to and balance traffic across your gateway instances using the kuadrant DNSPolicy API. Leverage advanced DNS strategies such as GEO and Weighted responses without needing to manage the individual records. Integrate with multiple cloud DNS Providers.

Secure Access

Secure traffic to your Gateways with automatic ACME based TLS integration that supports all the main ACME providers including lets encrypt

Service Protection

Protect your services with our flexible and powerful AuthPolicy that integrates Authentication and Authorization at the Gateway or HTTPRoute level. Control and restrict traffic to your service endpoints both at the Gateway and HTTPRoute level by leveraging our RateLimitPolicy.

In-Depth Observability (coming soon)

Gain valuable insights into application performance, API usage, API health etc with Kuadrant's extensive observability tooling, including metrics, monitoring, and OpenTelemetry support.


  • Multi-cluster Ingress: Streamline multi-cluster ingress by using the multi-cluster control plane to define which clusters a gateway should be deployed to. Then using the Gateway API Gateway spec, specify from the the multi-cluster control plane which listeners and which namespaces within those clusters can use the gateway to provide access to their services.
  • Advanced DNS Based Load Balancing: Express complex traffic load balancing requirements such as GEO based and Weighted DNS responses without the complexity of managing and maintaining the individual record sets. The DNSPolicy API powers direct integration with existing DNS Providers including (AWS Route53, Azure, Google DNS).
  • Health Checks: Define a health check policy that is applied to each listener defined within a gateway that specifies an endpoint that must be present and return a healthy response and if it is not define what action to take.
  • Integrated Multi-Cluster TLS: Secure your Gateways with automatic ACME based TLS integration that are distributed with your gateways and managed at the control plane level. Use a TLSPolicy (coming soon) to decide which provider and what renewal policy to use with a given gateway
  • In-depth Observability: Achieve improved network oversight with in-depth observability, including detailed logs and metrics. With our integrations with systems such as Thanos (coming soon)

Data Plane API Gateway

  • Rate Limiting: Control traffic flow and prevent system overloading with customizable rate limiting rules. Express your policy and requirement and have them enforced at the gateway or HTTPRoute level
  • Authentication and Authorization: Secure access with robust and flexible auth policies that can be used to target both Gateways and HTTPRoutes.
  • High Performance: Maintain high levels of performance and reliability across your distributed systems.
  • Learn More


Kuadrant has several components - that work with Istio provided Gateways and Open Cluster Management (OCM) multi-cluster control plane

Multi-Cluster Gateway Controller

Multi-cluster Gateway Controller, manages multi-cluster gateways, integrates with DNS providers, TLS providers and OCM (open cluster management)

Kuadrant Operator

Operator to install and manage the lifecycle of the Kuadrant components deployments. Provides the core Kuadrant policy APIs


Authorino is lightweight Envoy external authorization server fully manageable via Kubernetes Custom Resources. JWT authentication, API key, mTLS, pattern-matching authz, OPA, K8s SA tokens, K8s RBAC, external metadata fetching, and more, with minimum to no coding at all, no rebuilding of your applications.


Limitador is a generic rate-limiter written in Rust. It can be used as a library, or as a service. The service exposes HTTP endpoints to apply and observe limits. Limitador can be used with Envoy because it also exposes a grpc service, on a different port, that implements the Envoy Rate Limit protocol (v3).

Getting Started

Ready to simplify your API management and boost your application's security and observability? Dive into Kuadrant's comprehensive documentation, installation guides, and tutorials to get started today. Experience the benefits of streamlined API gateway management right away!

Frequently Asked Questions

  • What is Kuadrant and why should I use it?

    Kuadrant is an open-source project designed to provide a unified and simplified interface for managing multiple API gateways. It offers a wide range of features such as multi-cluster ingress, robust access management, advanced security controls, and in-depth observability, making it an excellent choice for application developers and gateway administrators alike.

  • How does Kuadrant handle security?

    Kuadrant offers several features that are aimed at providing a secure API management environment. It includes authentication, authorization, rate limiting, and quota management, among others. Its design adheres to best security practices, ensuring that your APIs are protected.

  • How do I get started with Kuadrant?

    Getting started with Kuadrant is straightforward. You can find all the necessary information on the Kuadrant Documentation Getting Started page, including detailed documentation and setup guides. For further assistance, you can also join the Kuadrant community where you'll find helpful resources and support.

  • Can I integrate Kuadrant with my existing applications and infrastructure?

    Yes, Kuadrant is designed to be flexible and can be integrated into your existing application stack. It supports a range of popular infrastructure and platforms, making it a versatile choice for API management.

  • Is Kuadrant suitable for large-scale applications?

    Absolutely. Kuadrant is designed to handle the demands of both small and large-scale applications. Its features such as multi-cluster ingress management, scalability, and advanced observability make it a suitable choice for managing APIs at any scale.