Security in Kyma

To ensure a stable and secure work environment, the Kyma security component uses the following tools:

  • Predefined Kubernetes RBAC roles to manage the user access to the functionality provided by Kyma
  • Istio Service Mesh with the global mTLS setup and ingress configuration to ensure secure service-to-service communication
  • ORY Oathkeeper and ORY Hydra used by API Gateway to authorize HTTP requests and provide the OAuth2 server functionality.