# kGateway — Cloud-Native API Gateway Built on Envoy > kGateway (formerly Gloo Gateway) is a Kubernetes-native API gateway built on Envoy Proxy that supports the Gateway API standard with advanced traffic management, security, and AI gateway capabilities. ## Install Save in your project root: # kGateway — Cloud-Native API Gateway Built on Envoy ## Quick Use ```bash helm repo add kgateway https://kgateway-dev.github.io/kgateway helm install kgateway kgateway/kgateway -n kgateway-system --create-namespace kubectl apply -f my-gateway.yaml kubectl apply -f my-httproute.yaml ``` ## Introduction kGateway is a feature-rich, Kubernetes-native API gateway that implements the Kubernetes Gateway API specification on top of Envoy Proxy. It handles ingress traffic routing, TLS termination, rate limiting, and authentication while providing extensibility through custom policies and integrations. ## What kGateway Does - Routes external and internal traffic to Kubernetes services using Gateway API resources - Terminates TLS and manages certificates via integration with cert-manager - Applies rate limiting, retries, timeouts, and circuit breaking at the gateway level - Supports external authentication and authorization via OIDC, API keys, and OPA - Provides AI gateway features for proxying and managing LLM API traffic ## Architecture Overview kGateway deploys a control plane that watches Kubernetes Gateway API resources (Gateway, HTTPRoute, GRPCRoute) and translates them into Envoy xDS configuration. Data-plane Envoy pods handle the actual traffic. Custom policies are expressed as Kubernetes CRDs and merged into the Envoy configuration by the control plane. ## Self-Hosting & Configuration - Install via Helm chart on any Kubernetes 1.25+ cluster - Requires the Gateway API CRDs to be installed in the cluster - Configure listeners, routes, and policies through standard Gateway API resources - Enable external auth by deploying an ExtAuth server and referencing it in policy CRDs - Monitor via Prometheus metrics and Grafana dashboards included in the Helm chart ## Key Features - Full Kubernetes Gateway API conformance for portable ingress configuration - Built on Envoy Proxy for proven performance and protocol support - Extensible policy framework for auth, rate limiting, and transformations - AI gateway mode for routing, caching, and rate-limiting LLM API calls - Delegated routing that lets teams manage their own HTTPRoutes in separate namespaces ## Comparison with Similar Tools - **NGINX Ingress** — Uses the older Ingress API; kGateway implements the newer Gateway API - **Traefik** — General-purpose proxy; kGateway provides deeper Envoy-based policy extensibility - **Kong** — Plugin-based architecture on NGINX/OpenResty; kGateway uses Envoy and Kubernetes CRDs - **Istio Gateway** — Requires a full service mesh; kGateway operates as a standalone gateway ## FAQ **Q: Is kGateway the same as Gloo Gateway?** A: Yes. The project was renamed from Gloo Gateway to kGateway to reflect its community-driven, Kubernetes-native focus. **Q: Does kGateway require Istio?** A: No. kGateway runs independently as a standalone API gateway without a service mesh. **Q: Can kGateway handle gRPC traffic?** A: Yes. It supports GRPCRoute resources from the Gateway API specification. **Q: Is kGateway free?** A: The open-source version is free under Apache 2.0. Solo.io offers an enterprise edition with additional features. ## Sources - https://github.com/kgateway-dev/kgateway - https://kgateway.dev/docs --- Source: https://tokrepo.com/en/workflows/04f4f68b-3adf-11f1-9bc6-00163e2b0d79 Author: AI Open Source