explaingit

kgateway-dev/kgateway

Analysis updated 2026-07-03

5,509GoAudience · ops devopsComplexity · 4/5Setup · hard

TLDR

A Kubernetes API gateway built on Envoy that routes, secures, and rate-limits billions of API calls, letting teams control traffic between services and the outside internet from one place.

Mindmap

mindmap
  root((kgateway))
    What it does
      Route API traffic
      Enforce auth and rate limits
      Translate config for Envoy
    Use Cases
      Expose APIs to internet
      Gradual migration traffic
      Multi-team isolation
    Tech Stack
      Go
      Envoy proxy
      Kubernetes
    Background
      Started 2018 as Gloo
      CNCF sandbox project
      Production since 2019
    Features
      Route delegation
      Composable policies
      Billions of calls handled
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Set up a single API gateway that handles login checks, rate limits, and routing for all your Kubernetes services without configuring each service separately.

USE CASE 2

Gradually migrate traffic from a legacy monolith to new microservices by splitting requests at the gateway level without downtime.

USE CASE 3

Give separate engineering teams isolated routing namespaces so they can configure their own rules without breaking other teams' services.

USE CASE 4

Replace multiple per-service reverse proxies with one centralized kgateway instance to reduce infrastructure complexity.

What is it built with?

GoEnvoyKubernetes

How does it compare?

kgateway-dev/kgatewaygetarcaneapp/arcanemgechev/revive
Stars5,5095,5095,509
LanguageGoGoGo
Setup difficultyhardmoderateeasy
Complexity4/53/52/5
Audienceops devopsops devopsdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires a running Kubernetes cluster, setup instructions live at kgateway.dev, not in the README.

No specific license terms were mentioned in the explanation.

In plain English

kgateway is a piece of software that acts as a traffic controller for applications running inside Kubernetes, the popular system companies use to run many small software services at once. When those services need to talk to the outside world or to each other, kgateway sits in between and decides how to route each request, who is allowed to make it, and how many requests to accept per minute. It is written in Go and processes billions of API calls for large companies. At its core, kgateway is built on Envoy, a high-performance networking proxy that handles the actual movement of network traffic. kgateway provides the control layer on top of Envoy: it reads configuration rules and translates them into instructions Envoy can act on. This design means operators write configuration once, and Envoy carries out the work at very high speed. The project started in 2018 under the name Gloo, built by a company called Solo.io. It became production-ready in 2019 and has been in active use since then. It was later renamed kgateway and became a sandbox project under the Cloud Native Computing Foundation, the same organization that oversees Kubernetes itself. kgateway supports three main scenarios. First, it can expose internal APIs to the outside internet and apply rules like login checks, permission controls, and rate limits from a single place. Second, it helps teams gradually move old applications to newer architectures by routing some traffic to the old system and some to the new one at the same time. Third, large organizations with many teams can each configure their own routing rules without interfering with one another, using features like route delegation and composable policy layers. The README does not include a quick-start install section, so readers looking to set it up should visit the official documentation at kgateway.dev. The source code, community Slack, and project blog are all publicly available.

Copy-paste prompts

Prompt 1
Show me a kgateway VirtualService config that routes 80% of traffic to my new service v2 and 20% to v1 for a canary rollout in Kubernetes.
Prompt 2
Help me write a kgateway policy that enforces JWT authentication on all /api/* routes and allows unauthenticated access to /public/*.
Prompt 3
I have 3 teams each managing their own microservices in separate namespaces. Walk me through setting up kgateway route delegation so each team controls their own routing rules independently.
Prompt 4
Write a kgateway RateLimit config that allows 100 requests per minute per API key and returns 429 when the limit is exceeded.
Prompt 5
I want to expose a gRPC service through kgateway with TLS termination. Show me the Gateway and HTTPRoute resources I need to create.

Frequently asked questions

What is kgateway?

A Kubernetes API gateway built on Envoy that routes, secures, and rate-limits billions of API calls, letting teams control traffic between services and the outside internet from one place.

What language is kgateway written in?

Mainly Go. The stack also includes Go, Envoy, Kubernetes.

What license does kgateway use?

No specific license terms were mentioned in the explanation.

How hard is kgateway to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is kgateway for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub kgateway-dev on gitmyhub

Verify against the repo before relying on details.