Skip to content

Kubernetes Gateway and Control Plane both in Kubernetes

Overview

In this approach, both Kubernetes Gateway and APIM Control Plane are in a kubernetes cluster.

apk_cp_to_dp

Advantages

  • Resource Efficiency: This pattern maximizes resource utilization by allowing multiple components to coexist within the same cluster.
  • Simplified Management: Managing a single cluster with multiple namespaces can be more straightforward compared to managing separate clusters.

Considerations

  • Isolation: While namespaces provide a level of isolation, they may not offer the same level of isolation as separate clusters. Careful resource allocation and RBAC (Role-Based Access Control) policies are essential.
  • APIM in K8s: Running APIM in a Kubernetes cluster may require additional resources and configurations compared to running it in a VM.

Installation guideline

Create Kubernetes namespace

In this guide, the APIM Control Plane and the Kubernetes Gateway are installed in the same namespace. If you prefer, you can use any standalone Kubernetes Gateway pattern to deploy the Kubernetes Gateway.

kubectl create ns apk

Setup WSO2 Kubernetes Gateway 1.3.0

  1. Create a new helm repository with the latest Kubernetes Gateway release using the following command. Let’s consider the <repository-name> as wso2apk.

    helm repo add wso2apk https://github.com/wso2/apk/releases/download/1.3.0

  2. Execute the following command to update the helm repositories.

    helm repo update

  3. Download values.yaml File

    To obtain the values.yaml file, you can use the helm show values command. Replace <repository-name> with the actual repository name and <version-of-APK> with the desired version of the Kubernetes Gateway. Run the following command:

    helm show values wso2apk/apk-helm --version 1.3.0  > kg-values.yaml

    helm show values <repository-name>/apk-helm --version <version-of-APK> > kg-values.yaml

  4. Configuration Require to add Kubernetes Gateway As a gateway in kg-values.yaml

    • Add following configuration under wso2.apk section

      cp:
    enabledSubscription: true
    host: "apim-apk-agent-service.apk.svc.cluster.local"
    skipSSLVerification: true

      enabledSubscription This field require to be true for getting subscription details to the gateway level
      host Agent hostname.

      {agentService}.{namespace}.svc.cluster.local

      You can get the agentService name by using kubectl get svc -n <namespace>

      At this point you dont have agent configured so you can keep default value as it is. Once you configure it make sure to change it here and do helm upgrade.

      skipSSLVerification Skip SSL verification between Agent and Gateway

    • Change default Listner Host Names

      By default Kubernets Gateway have 2 listenrs

      • System APIs Listner - api.am.wso2.com
      • Gateway Listner - gw.wso2.com

      If you wish to change the default hostname and vhost, change the following values.yaml configurations. Lets say you want to deploy a production environment and you have a domain name example.com and you want to expose your API's through prod.gw.example.com and expose APK system APIs through prod.apk.example.com then

      wso2.apk.listener.hostname: 'prod.apk.example.com'
wso2.apk.dp.gateway.listener.hostname: 'gw.example.com'
wso2.apk.dp.configdeployer.vhosts: [{"hosts":["gw.example.com"],"name":"prod","type":"production"}]

  5. Install Helm Chart To begin the installation, run the following command. 

    helm install apk wso2apk/apk-helm --version 1.3.0 -f kg-values.yaml

    helm install <chart-name> <repository-name>/apk-helm --version <version-of-APK> -f <path-to-values.yaml-file>

Setup WSO2 API Manager Control Plane 4.5.0

Setup WSO2 API Manager 4.5.0 in K8s cluster using Helm Charts.

Important

If you need comprehensive documentation and configurations for API Manager Helm Chart Please refer APIM Helm Here we focus on single deployment with API Manager Control Plane

  1. Create a new helm repository with the latest apim release using the following command. Let’s consider the <repository-name> as wso2apim.

    helm repo add wso2 https://helm.wso2.com

  2. Execute the following command to update the helm repositories.

    helm repo update

  3. Download values.yaml and Rename it to apim-values.yaml

  4. Configuration Require to add Kubernetes Gateway As a gateway in apim-values.yaml

    Configure supported gateway types in API Manager.

        Configurations:
        gatewayType: "Regular,APK"

        Configurations:
        gatewayType: "APK"

    Add kubernetes gateway environment to the Environment list.

    gateway:
# -- Kubernetes Gateway environments
    environments:
    - name: "Default_APK"
      type: "hybrid"
      gatewayType: "APK"
      provider: "wso2"
      displayInApiConsole: true
      description: "This is a kubernetes gateway that handles both production and sandbox token traffic."
      showAsTokenEndpointUrl: true
      httpHostname: "default.gw.wso2.com:9095"
    name Gateway Name. This name is require to later part to configre Kubernetes gateway agent
    type To handles both production and sandbox token traffic keep it as hybrid
    gatewayType To identify as Kubernetes gateway. Type require to keep as APK
    provider Gateway Provider
    httpHostname

    This setting is critical. In the Control Plane to locate the Gateway listener. If you change the Gateway listener in Kubernetes Gateway configuration that should be added to here. The Gateway listener hostname must be configured as default.{gateway.listener.hostname}:9095, where default and 9095 are fixed values.

  5. Consider apim as the <chart-name> for this guide. As the --version of this command, use the version of the release you used in point 1 above. It will take a few minutes for the deployment to complete.

    helm install apim wso2/wso2am-all-in-one --version 4.5.0-1 -f https://raw.githubusercontent.com/wso2/helm-apim/main/docs/am-pattern-0-all-in-one/default_values.yaml -n apk

    helm install <chart-name> <repository-name>/wso2am-cp --version <version-of-APIM> -f <path-to-values.yaml-file>

  6. Install NGINX Ingress Controller. Please refer to the NGINX Ingress Controller documentation for more information.

Setup WSO2 Kubernetes Gateway Agent 1.3.0

Note

Kubernetes Gateway Agent Provide a connection between APIM Control Plane and Kubernetes Gateway.

  1. Create a new helm repository with the latest kubernetes gateway agent release using the following command. Let’s consider the <repository-name> as wso2apkagent for this guide.

    helm repo add wso2apkagent https://github.com/wso2/product-apim-tooling/releases/download/1.3.0

  2. Execute the following command to update the helm repositories.

    helm repo update

  3. Download values.yaml File

    To obtain the values.yaml file, you can use the helm show values command. Replace <repository-name> with the actual repository name and <version-of-Agent> with the desired version of the Kubernetes Gateway Agent. Run the following command:

    helm show values wso2apkagent/apim-apk-agent --version 1.3.0  > kg-agent-values.yaml

    helm show values <repository-name>/apk-helm --version <version-of-APK> > kg-agent-values.yaml

  4. Configuration Require to Connect Kubernetes Gateway Agent in kg-agent-values.yaml

    • Configure Control Plane(APIM) related configuration in Kubernetes Gateway Agent

      controlPlane:
    enabled: true
    serviceURL: https://apim-wso2am-cp-1-service.apk.svc.cluster.local:9443/
    username: admin
    password: admin
    environmentLabels: Default
    skipSSLVerification: true
    eventListeningEndpoints: amqp://admin:[email protected]:5672?retries='10'&connectdelay='30'
      serviceURL Service URL of the API Manager Control Plane

      {apimService}.{namespace}.svc.cluster.local

      You can get the apimService name by using kubectl get svc -n <namespace>

      environmentLabels Gateway environment labels is Environment Name that you define under the environments section in the API Manager values yaml which sets up the Kubernetes gateway. In this scenario its Default_APK
      eventListeningEndpoints Event Listening Endpoint in the API Manager
      Username and Password Admin credentials of the API Manager

    • Configure Dataplane (APK Gateway) related configuration in Kubernetes Gateway Agent

      dataPlane:
    enabled: true
    k8ResourceEndpoint: https://apk-wso2-apk-config-ds-service.apk.svc.cluster.local:9443/api/configurator/apis/generate-k8s-resources
    namespace: apk

      k8ResourceEndpoint Config deployer service endpoint

      {configDepolyService}.{namespace}.svc.cluster.local:{port}/api/configurator/apis/

      You can get the configDepolyService name by using kubectl get svc -n <namespace>

      namespace Namespace where Kubernetes Gateway is deployed

    • Change the mode of the agent configuration as shown below.

      agent:
    mode: CPtoDP

  5. Install the Kubernetes Gateway Agent components and start WSO2 API Platform For Kubernetes. Consider apk as the <chart-name> for this guide. As the --version of this command, use the version of the release you used in point 1 above. It will take a few minutes for the deployment to complete.

    helm install apim-apk-agent wso2apkagent/apim-apk-agent --version 1.3.0 -f kg-agent-values.yaml -n apk

    helm install <chart-name> <repository-name>/apim-apk-agent --version <version-of-APK-Agent> -f <path-to-values.yaml-file>

Verify the deployment

Now you can verify the deployment by executing the following command. You will see the status of the pods as follows once completed.

kubectl get pods -n apk

Pod Status

Configure the hosts file

kubectl get svc -n apk
Pod Status

kubectl get ing -n apk

Pod Status

Add a hostname mapping to the /etc/hosts file as follows.

Domain name IP
am.wso2.com (APIM Control Plane ingress host name) 135.171.24.117 (As per above image). You can find it by using kubectl get ing -n <namespace>
default.gw.wso2.com(Value you change in Gateway listner should be added here) 135.171.24.26(As per above image). You can find it by using kubectl get svc -n <namespace>
api.am.wso2.com (Value you change in System APIs Listner should be added here) 135.171.24.26(As per above image). You can find it by using kubectl get svc -n <namespace>
idp.am.wso2.com(You dont need to change this) 135.171.24.26(As per above image). You can find it by using kubectl get svc -n <namespace>

Login to the Publisher Console (https://am.wso2.com/publisher) of the WSO2 API Manager.