Our own, Mateusz Szostok has two sessions at KubeCon around K8s Service CatalogRead more

Mateusz Szostok, Piotr Kopczynski and Pawel Kosiec have several talks at San Diego Cloud Native MeetupRead more



NOTE: Compass is a new, experimental component in Kyma. To learn how to enable it, read the installation document.

Compass is a central, multi-tenant system that allows you to connect Applications and manage them across multiple Kyma Runtimes. Using Compass, you can control and monitor your Application landscape in one central place. As an integral part of Kyma, Compass uses a set of features that Kyma provides, such as Istio, Prometheus, Monitoring, and Tracing. It also includes Compass UI Cockpit that exposes Compass APIs to users. Compass allows you to:

  • Connect and manage Applications and Kyma Runtimes in one central place
  • Store Applications and Runtimes configurations
  • Group Applications and Runtimes to enable integration
  • Communicate the configuration changes to Applications and Runtimes
  • Establish a trusted connection between Applications and Runtimes using various authentication methods

Compass by design does not participate in direct communication between Applications and Runtimes. It only sets up the connection. In case the cluster with Compass is down, the Applications and Runtimes cooperation still works.





Application represents any external system that you want to register to Compass with its API and Event definitions. These are the types of possible integration levels between an Application and Compass:

  • Manual integration - the Administrator manually provides API or Events metadata to Compass. Use this type of integration for simple use-case scenarios as it does not support all features.
  • Built-in integration - integration with Compass is built in the Application.
  • Proxy - a highly Application-specific proxy component provides the integration.
  • Integration System - a central service provides integration for the dedicated group of Applications across multiple tenants. It manages multiple instances of the given Application type. You can integrate multiple Integration Systems to support different types of Applications.

Kyma Runtime

Runtime is a system to which you can apply configuration provided by Compass. Your Runtime must get a trusted connection to Compass. It must also allow for fetching Application definitions and using these Applications in one-tenant scope. By default, Compass is integrated with Kyma (Kubernetes), but its usage can also be extended to other platforms, such as CloudFoundry or Serverless.


Agent is an integral part of every Kyma Runtime and it fetches the latest configuration from Compass. In the future releases, Agent will:

  • Provide Runtime specific information that will be displayed in the Compass UI, such as Runtime UI URL
  • Provide Compass with Runtime configuration, such as Event Gateway URL, that should be passed to an Application
  • Send Runtime health checks to Compass


Cockpit is a UI that calls Compass APIs. This component is interchangeable.


Gateway proxies the tenant's incoming requests to the Director component. All communication, whether it comes from an Application or other external components, flows through Gateway.


Connector establishes trust between Applications and Runtimes. Currently, only client certificates are supported.


Director handles the process of managing Applications and Runtimes. It also requests Application webhook APIs for credentials and exposes health information about Runtimes. This component has access to the storage.

Runtime Provisioner

Runtime Provisioner handles the creation, modification, and deletion of Runtimes. This component is interchangeable.

Basic architecture

The diagram presents the basic workflow between Applications, Runtimes, and Compass:

Basic architecture

  1. Administrator adds Runtimes and Applications, and configures them using Compass.
  2. Agent continuously fetches the latest configuration from Compass.
  3. If an Application has optional webhooks configured, Compass notifies an Application about any Events that concern the given Application.

Compass by design does not participate in direct communication between Applications and Runtimes. It only sets up the connection. After establishing a trusted connection between an Application and a Runtime, they communicate directly with each other.


In order to connect and group your Applications and Runtimes, assign them to the same scenario. A scenario is a simple label with the scenarios key. If an Application is not explicitly assigned to any scenario, it belongs to the default one. The Application is automatically removed from the default scenario after you assign it to any other scenario. By default, Runtimes are not assigned to any scenario. You can assign Applications and Runtimes to multiple scenarios. See the example:


Application 2 belongs to the campaign and marketing scenarios. Assuming that Application 2 only exposes APIs, you can assign both Runtime 1 and Runtime 2 to it. However, if Application 2 also exposes Events, you can assign it only to one Runtime. If you try to connect more Runtimes, Compass will not allow you to do so. Communication between components that do not belong to the same scenario, such as Application 3 and Runtime 1, is not possible.


Enable Compass in Kyma

To enable Compass in Kyma, follow the instructions for the custom component installation and enable the compass and compass-runtime-agent modules. You can also install Kyma on a cluster with the ready-to-use configurations for different modes. There are two modes in which you can enable Compass in Kyma: default Kyma installation and Compass as a Central Management Plane.

Default Kyma installation

This is a single-tenant mode, which provides the complete cluster Kyma installation with all components, including Compass and Agent. In this mode, Agent is already connected to Compass and they both work in a single-tenant mode as well. Using this mode, you can register external Applications in Kyma. To enable it, follow the cluster Kyma installation and use the installer-cr-cluster-with-compass.yaml.tpl configuration file.

Kyma mode1

Compass as a Central Management Plane

This is a multi-cluster mode in which you need one cluster with Compass and at least one cluster with Kyma Runtime, which you can connect and manage using Compass. This mode allows you to integrate your Runtimes with Applications and manage them in one central place.

Kyma mode2

Kyma Compass

This is a multi-tenant and multi-Runtime mode that provides a cluster with Compass and only the selected Kyma components that Compass uses. To enable this mode, create this ConfigMap and then perform the cluster Kyma installation using the installer-cr-cluster-compass.yaml.tpl configuration file:

Click to copy
apiVersion: v1
kind: ConfigMap
name: compass-overrides
namespace: kyma-installer
installer: overrides
component: compass
kyma-project.io/installation: ""
# The parameter that enables the Compass gateway, as the default Kyma gateway is disabled in this installation mode
gateway.gateway.enabled: "true"
# The name of the currently used gateway
global.istio.gateway.name: compass-istio-gateway
# The Namespace of the currently used gateway
global.istio.gateway.namespace: compass-system
# The parameter that disables preconfiguration for the Compass Agent
global.agentPreconfiguration: "false"
# The Namespace with a Secret that contains a certificate for the Connector Service
global.connector.secrets.ca.namespace: compass-system

Kyma Runtime

This is a single-tenant mode that provides complete cluster Kyma installation with Agent. To enable this mode, follow the cluster Kyma installation and use the installer-cr-cluster-runtime.yaml.tpl configuration file.