Kyma is an application runtime that provides a flexible and simple way to connect, extend, and customize applications in the cloud-native world of Kubernetes.
Out of the box, Kyma provides various features such as:
- A serverless development platform for running lightweight functions in a cost-effective and scalable manner
- Provides endpoints to register external applications' events and system connections to APIs
- Events provide a message channel to receive events, enrich them, and trigger business flows with functions or services
- Service mesh for service-to-service communication and proxying
- Service management
- Safe API exposure
- Intra-cluster observability
- CLI powered by an intuitive UI
Kyma is built on leading cloud-native open source projects such as Istio, NATS, Serverless, and Prometheus. The features developed by Kyma are the unique "glue" that holds them together, so developers can connect and extend applications easily and intuitively.
Extensions and customizations created through Kyma are decoupled from the core application being extended, which brings some of the following advantages:
The main components included in Kyma:
API exposure
API exposure in Kyma is based on the API Gateway component and aims to provide a set of features that allow developers to expose, secure and manage their APIs in a simple way. The main element of API Gateway is the API Gateway Controller, which exposes services in Kyma.
To make your service accessible outside of the Kyma cluster, expose it using a Kyma API Gateway controller that listens for custom resources that follow the apirules.gateway.kyma-project.io Custom Resource Definition (CRD) ( CR) object. Creating a valid CR triggers the API Gateway Controller to create the Istio virtual service. Alternatively, you can specify the CR's rule properties to protect exposed services using Oathkeeper access rules.
API Gateway Controller allows you to secure exposed services using JWT tokens issued by an OpenID Connect compliant identity provider or OAuth2 tokens issued by a Kyma OAuth2 server. You can protect the entire service, or protect selected endpoints. Alternatively, you can simply make the service work in unsecured mode.
More Jerry's original articles, all in: "Wang Zixi":
html5
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。