To ensure a stable and secure work environment, the Kyma security component uses the following tools:

• Predefined Kubernetes RBAC roles to manage the user access to the functionality provided by Kyma
• Istio Service Mesh with the global mTLS setup and ingress configuration to ensure secure service-to-service communication
• ORY Oathkeeper and ORY Hydra used by API Gateway to authorize HTTP requests and provide the OAuth2 server functionality.