Private Gateway
Cake's default gateway uses a zero trust security strategy to protect all applications and services in the cluster. Cake deploys an Internet-facing ingress gateway requires authentication through oauth2-proxy for all requests originating outside the cluster. Machine and user identities are provisioned directly in Cake or federated to upstream providers using Dex.
This strategy, though secure, is inconvenient for applications that roll their own authentication and authorization, such as LiteLLM. Users of LiteLLM often need to modify their client code to send both the Cake default gateway auth token and the LiteLLM-specific code.
To accommodate such uses cases, Cake offers an optional feature called Private Gateway. The Private Gateway is an additional Istio ingress gateway with entirely separate authorization rules. When enabled, applications and services can be published through the private gateway and be accessed from outside the cluster without needing to separately authenticate to the Cake ingress gateway. This gateway can be reached from any workload in the same VPC as the Cake cluster, or across VPCs using VPC PrivateLink Endpoints.
Getting started
To enable the Private Gateway, first identify the list of AWS account IDs you'd like to permit access to the private gateway. By default, the gateway can only be accessed by same-VPC workloads.
Once identified, update your cluster's gen-deploy vars file via the GitOps repo:
app_config:
istio:
private_gateway:
enabled: true
allowed_principals:
- arn:aws:iam::012345678910:root
When merged and synced, the system will provision a VPC Endpoint Service in the Cake cluster's AWS account with Private DNS set to *.internal.[YOUR_CLUSTER_HOSTNAME]. If you need to customize this hostname, please reach out to Cake Support. It will take several minutes to provision the Endpoint Service including DNS verification. Once it is finished, you are free to provision VPC Endpoints in the client networks using the service name located in the AWS Console.
Once the gateway is provisioned, you can enable the gateway for any applications you'd like to expose via gen-deploy vars. E.g.:
app_config:
litellm:
enabled: true
settings:
allow_private_gateway: true
How it works
Cake Private Gateway uses AWS PrivateLink for cross-VPC network connectivity. In the network diagram below, the Cake cluster is the service provider and the client VPCs are service consumers.
Everything in the "Service provider VPC" is managed by Cake infra-as-code deploy automation. It is the responsibility of the Cake user to provision VPC endpoints and any other client-side resources.
For the avoidance of doubt, the Private Gateway maintains defense in depth for network-level security by only permitting specific AWS principals to create connected VPC endpoints. No public Internet traffic is allowed through the Private Gateway. Connectivity is unidirectional, meaning the Cake cluster is unable to initiate outbound requests to services hosted in the client VPCs. All traffic is logged and monitored in the same manner as the default ingress gateway.
Limitations
As of October 2025, Cake only supports same-region VPC connectivity. The Cake Private Gateway is also subject to the limitations and considerations of AWS PrivateLink endpoint services.