API Gateway vs Service Mesh Boundary
About This Architecture
Traffic-boundary architecture for a Kubernetes microservices system: external clients enter exclusively through an API gateway that handles authentication, rate limiting, and routing — the single north-south traffic path — while inside the cluster each microservice runs with an Istio Envoy sidecar proxy and calls its peers over mTLS-encrypted east-west connections; the diagram makes explicit that north-south traffic crosses the trust perimeter once at the gateway, whereas east-west traffic stays inside the mesh and never touches the gateway.
Architecture prompt
Traffic-boundary architecture for a Kubernetes microservices system: external clients enter exclusively through an API gateway that handles authentication, rate limiting, and routing — the single north-south traffic path — while inside the cluster each microservice runs with an Istio Envoy sidecar proxy and calls its peers over mTLS-encrypted east-west connections; the diagram makes explicit that north-south traffic crosses the trust perimeter once at the gateway, whereas east-west traffic stays...
Generated by Diagrams.so — AI architecture diagram generator with native Draw.io output. Fork this diagram, remix it, or download as .drawio, PNG, or SVG.