Platform teams · Hybrid

Run the control plane where you trust it. Push the runtime where the traffic is.

Managed control plane in your central cluster, Workers in regions you might not even own. One source of truth, many runtimes, zero shared root access.

Request a demoRead the docs
Managed + remote hybrid — For platform teams use case overview from Apinizer.
For platform teams · Managed + remote hybrid

The problem

Sometimes you can't put the gateway where the traffic is.

A partner won't give you a kubeconfig. A regulator demands the data stays in-country. A factory floor goes offline twice a day. Most gateways collapse under any of those — the platform either gives up on the edge or hand-rolls a second installation. Apinizer's hybrid pattern keeps one Manager in charge while Workers run wherever, with no shared credentials and no shared blast radius.

Capabilities

What Apinizer does here

Managed control plane

Run the Manager on your most trusted cluster. It publishes definitions, holds the audit trail, and never sits in the runtime path.

Remote Workers

Push Workers to partner data centers, edge sites, or sovereign zones. The Manager pulls health and pushes definitions over a secure outbound channel.

No shared root

Partners never get keys to your cluster, and you never get keys to theirs. The Worker authenticates with a short-lived credential issued by the Manager.

Survives WAN cuts

When the link to the Manager drops, the Worker keeps serving on the last published definition. Reconciliation resumes when the WAN comes back.

Data residency by design

Traffic stays in the country the Worker runs in. Logs, metrics, and policy can be configured to never leave the local cluster.

Air-gap mode

Operators that cannot reach the central Manager pull a signed bundle on a schedule. The audit ledger reconciles when connectivity is restored.

Use cases

In production, this looks like…

  • Banking

    Aktif Bank-style retail bank serves branch APIs from in-country edge

    Central Manager in Istanbul publishes to Worker clusters at four regional sites. Each Worker handles branch traffic locally; nothing leaves the country.

  • Automotive

    Stuttgart OEM ships Workers into Tier-1 supplier data centers

    Suppliers run Apinizer Workers locally for parts integration. The OEM owns the definitions; suppliers own their operating environment.

    9 suppliers, 0 shared keys

  • Government

    Riyadh ministry runs the Manager in a sovereign cloud, Workers on-prem

    Definitions published from a national sovereign cloud. Workers in legacy on-prem clusters reconcile inbound; no public endpoint exposed.

  • Healthcare

    Lyon hospital network runs HIS APIs on a hospital-local Worker

    Patient data never leaves the hospital. The Manager in the regional health authority publishes policy and receives sanitized telemetry.

    0 PHI egress

  • Energy

    Baku utility serves SCADA APIs from an air-gapped operator network

    Air-gap mode: a signed bundle ships nightly. The operator network never establishes outbound to the Manager; audit reconciles weekly.

  • Telecom

    Bucharest carrier runs Workers at 230 partner edge POPs

    Partner POPs run Workers for B2B traffic. The Manager publishes to all of them in parallel; rollout time goes from weeks to minutes.

    230 edges

  • Manufacturing

    Gothenburg factory floor survives twice-daily WAN cuts

    When the WAN drops at shift change, the local Worker keeps serving MES APIs. Reconciliation picks up when the link returns; the line never stops.

  • Public sector

    Doha ministry handles partner integration without shared credentials

    Partner data centers run Workers under their own ops. The ministry's Manager publishes policy and pulls health; partners never see ministry secrets.

How it works

Manager publishes outbound. Workers reconcile inbound.

  1. Step 01

    Decide where the Manager lives

    Pick the cluster you trust most — central, regional, sovereign. The Manager never carries production traffic.

  2. Step 02

    Provision remote Workers

    Install Workers in partner, edge, or air-gapped environments. They register with the Manager using a short-lived credential.

  3. Step 03

    Publish definitions

    Apply once on the Manager. Each Worker reconciles on its own schedule — minutes for online, hours/days for air-gap.

  4. Step 04

    Operate at distance

    Health, lag, and audit roll up to the Manager. Partners and operators keep ops local; you keep policy central.

Recommended products

What we'd reach for first

API Gateway

The Worker pattern designed for managed + remote: short-lived credentials, inbound reconcile, local survival.

Open the Gateway page

AI Gateway

Same hybrid pattern for LLM and agent traffic — keep model calls in-region, govern from the center.

Open the AI Gateway page

Monitoring

Probes that run inside each remote Worker; alarms that escalate when reconcile lag crosses a threshold.

Open the Monitoring page

Analytics Engine

Per-Worker traffic and health — see what each remote site is doing without ssh'ing into it.

Open the Analytics page

Resources

Keep going

Managed + remote topology

How the Manager pushes policy outbound while Workers reconcile inbound — even from air-gapped networks.

Read the docs

Architecture overview

Control plane / data plane separation with no shared root between sites.

See the architecture

Three-tier permissions

Project / environment / endpoint scopes apply identically across managed and remote Workers.

See the lane

Analytics Engine

Per-Worker, per-region, per-environment visibility.

Open Analytics

Multi-cluster deployment

Topology patterns when you do own every cluster in the picture.

See the lane

API Gateway

The Worker that runs anywhere Kubernetes runs.

Open API Gateway

Explore more

Related use cases

Hybrid, by design

Put the runtime where the traffic actually lives.

A 30-minute walkthrough — managed control plane, remote Workers, air-gap mode — on a Kubernetes of your choice.

Request a demoRead the docs