Kuadrant / kuadrant-controller

Apache License 2.0
12 stars 7 forks source link

🛑 This repository is DEPRECATED!

This project has been merged into Kuadrant Operator


Kuadrant Controller

Code Style Testing License

Overview

Kuadrant is a re-architecture of API Management using Cloud Native concepts and separating the components to be less coupled, more reusable and leverage the underlying kubernetes platform. It aims to deliver a smooth experience to providers and consumers of applications & services when it comes to rate limiting, authentication, authorization, discoverability, change management, usage contracts, insights, etc.

Kuadrant aims to produce a set of loosely coupled functionalities built directly on top of Kubernetes. Furthermore it only strives to provide what Kubernetes doesn’t offer out of the box, i.e. Kuadrant won’t be designing a new Gateway/proxy, instead it will opt to connect with what’s there and what’s being developed (think Envoy, Istio, GatewayAPI).

Kuadrant is a system of cloud-native k8s components that grows as users’ needs grow.

Architecture

Kuadrant relies on Istio and the Gateway API to operate the cluster (istio's) ingress gateway to provide API management with authentication (authN), authorization (authZ) and rate limiting capabilities.

Kuadrant components

CRD Description
Control Plane The control plane takes the customer desired configuration (declaratively as kubernetes custom resources) as input and ensures all components are configured to obey customer's desired behavior.
This repository contains the source code of the kuadrant control plane
Kuadrant Operator A Kubernetes Operator to manage the lifecycle of the kuadrant deployment
Authorino The AuthN/AuthZ enforcer. As the external istio authorizer (envoy external authorization serving gRPC service)
Limitador The external rate limiting service. It exposes a gRPC service implementing the Envoy Rate Limit protocol (v3)
Authorino Operator A Kubernetes Operator to manage Authorino instances
Limitador Operator A Kubernetes Operator to manage Limitador instances

Provided APIs

The kuadrant control plane owns the following Custom Resource Definitions, CRDs:

CRD Description
RateLimitPolicy CRD [doc] [reference] Enable access control on workloads based on HTTP rate limiting
AuthPolicy CRD Enable AuthN and AuthZ based access control on workloads

Additionally, kuadrant provides the following CRDs

CRD Owner Description
Kuadrant CRD Kuadrant Operator Represents an instance of kuadrant
Limitador CRD Limitador Operator Represents an instance of Limitador
Authorino CRD Authorino Operator Represents an instance of Authorino
AuthConfig CRD Authorino The desired authN and authZ protection for a service

architecture

Getting started

Pre-requisites

If you are an API Provider

If you are a Cluster Operator

User guides

The user guides section of the docs gathers several use-cases as well as the instructions to implement them using kuadrant.

Kuadrant Rate Limiting

Contributing

The Development guide describes how to build the kuadrant controller and how to test your changes before submitting a patch or opening a PR.

Join us on kuadrant.slack.com for live discussions about the roadmap and more.

Licensing

This software is licensed under the Apache 2.0 license.

See the LICENSE and NOTICE files that should have been provided along with this software for details.