Skip to content

Overview

Use Gateway API routing while Kupe operates the public gateway, DNS entrypoint, and TLS lifecycle.

The model is intentionally simple:

  • platform hostnames under your cluster’s dedicated subdomain *.<cluster>.<tenant>.clusters.kupe.cloud work with the shared gateway
  • custom domains use the same HTTPRoute model
  • you manage routes and services
  • Kupe manages the gateway, public entrypoint, and certificate flow
  1. Create an HTTPRoute in the same namespace as your workload.
  2. Reference external-gateway in kube-system.
  3. Point the route at a backend Service.
  4. Choose either a platform hostname (under your cluster’s dedicated subdomain) or a custom hostname.
  5. Let Kupe handle the shared ingress and TLS flow.

You do not create or operate a dedicated public gateway for each application.

PathWhat you doWhat Kupe does
Platform domainsCreate an HTTPRoute with a hostname under *.<cluster>.<tenant>.clusters.kupe.cloudServes traffic through the shared gateway and your cluster’s wildcard certificate
Custom domainsCreate the same route with your own hostname, then add the DNS records shown in the consoleIssues the certificate, adds the HTTPS listener, and serves traffic on your domain
ComponentWhat it does
HTTPRouteDefines hostname, path matching, and backend service targets
external-gatewayThe shared public gateway serving tenant traffic over HTTPS
Platform DNSProvides the stable public entrypoint behind Kupe-hosted traffic
TLS automationHandles platform wildcard certs and per-domain certificate issuance

Kupe provides the shared networking layer:

  • the public gateway infrastructure
  • the stable public DNS entrypoint behind that gateway
  • platform-managed TLS via a per-cluster wildcard certificate (*.<cluster>.<tenant>.clusters.kupe.cloud)
  • certificate issuance and renewal for custom domains
  • the supporting automation behind gateway DNS and custom-domain lifecycle

Your team still controls application traffic behavior:

  • HTTPRoute resources
  • route hostnames and path rules
  • backend Service targets
  • custom domain records in your DNS provider when you use your own domain