API Gateway Chart
The API Gateway provides centralized routing, rate limiting, authentication, and request transformation for all platform APIs.
Routing Architecture
The API gateway routes traffic based on path prefixes to backend services across namespaces:
| Path Prefix | Backend | Namespace |
|---|---|---|
| /api/v1/auth | iam-service:8080 | matih-control-plane |
| /api/v1/tenants | tenant-service:8080 | matih-control-plane |
| /api/v1/config | config-service:8080 | matih-control-plane |
| /api/v1/audit | audit-service:8080 | matih-control-plane |
| /api/v1/notifications | notification-service:8080 | matih-control-plane |
| /api/v1/ai | ai-service:8000 | matih-data-plane |
| /api/v1/query | query-engine:8080 | matih-data-plane |
| /api/v1/catalog | catalog-service:8086 | matih-data-plane |
| /api/v1/bi | bi-service:8084 | matih-data-plane |
Kong Integration
The control plane uses Kong as the ingress class for API-specific features:
ingress:
className: kong
annotations:
konghq.com/strip-path: "false"
konghq.com/protocols: "https"
konghq.com/read-timeout: "600000"
konghq.com/write-timeout: "600000"Rate Limiting
Rate limits are applied per-tenant and per-endpoint to prevent abuse and ensure fair resource allocation.
Autoscaling
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 65