Prerequisites¶
To successfully deploy WSO2 Kubernetes Gateway in your environment, you’ll need a Kubernetes cluster, a Kubernetes client (kubectl), and Helm for package management. Additionally, your environment must meet specific requirements across managed Kubernetes services, resource allocations, and supported Kubernetes distributions.
Steps to Follow¶
1. Set up a Kubernetes Cluster¶
WSO2 Kubernetes Gateway is compatible with a variety of Kubernetes distributions and managed services. You can either use a managed Kubernetes offering or install a kubernetes distribution on your own machine — just be sure to choose a supported version
Managed Kubernetes Services¶
WSO2 Kubernetes Gateway supports several managed Kubernetes services. To ensure compatibility, verify that your service’s Kubernetes version falls within the specified range.
| Platform | Cluster Version |
|---|---|
| EKS | 1.27 - 1.32.2 |
| GKE | 1.27.3 - 1.32.2 |
| AKS | 1.27 - 1.32.2 |
Kubernetes Distributions¶
WSO2 Kubernetes Gateway is compatible with a variety of Kubernetes distributions. Check the compatible versions for each distribution below to ensure proper functionality.
| Software Application | Cluster Version | Software Version |
|---|---|---|
| Minikube | 1.26.3 - 1.32.2 | 1.30.1 - 1.35.0 |
| Rancher Desktop | 1.27.2 - 1.32.2 | 1.9.1 - 1.18.0 |
| Rancher Enterprise | 1.32.3 (RKE2) | 2.11.1 |
| Kind | 1.26.3 - 1.32.2 | 0.24.0 |
| OpenShift | 1.28 | 4.15 |
Important
Install the Kubernetes Client (kubectl)
Most managed Kubernetes services and distributions support this by default.
After completing the first step, run the kubectl --help command to verify that it’s already installed. If it isn’t, use the following instructions to install it manually
Install the Kubernetes Client (kubectl)
Refer to the Kubernetes documentation to install the kubectl client.
2. Install Helm¶
Refer to the Helm documentation to install Helm.
Helm¶
Below is the version requirement for Helm to be compatible with WSO2 Kubernetes Gateway.
| Package Manager | Version |
|---|---|
| Helm | 3.10.0 - 3.17.1 |
Once you’ve completed both steps, you’re ready to install the Kubernetes Gateway. Kubernetes Gateway Installation Patterns
Resource Requirements¶
We recommend the following minimum resource requirements for running WSO2 Kubernetes Gateway on a Kubernetes cluster. These requirements are based on whether you are deploying the Kubernetes Gateway Data Plane only or with the APIM Control Plane as well.
Minimum requirements for Kubernetes Gateway Data Plane:
| Resource | Minimum Requirement |
|---|---|
| CPU | 1 Cores |
| Memory | 1 GB |
| Storage | 15 GB |
Minimum requirements per Component - Production Setup:
| Component | CPU Requests (m) | Memory Requests (Mi) |
|---|---|---|
| Adapter | 50m | 64Mi |
| Common Controller | 50m | 64Mi |
| Config Deployer Service | 200m | 512Mi |
| Router | 200m | 128Mi |
| Gateway Runtime (Enforcer + Router) | 200m | 128Mi |
| Rate Limiter (If rate limiting is required) | 50m | 64Mi |
Other Components (for non-production use):
| Component | CPU Requests (m) | Memory Requests (Mi) |
|---|---|---|
| IdP Domain Service | 200m | 512Mi |
| IdP UI | 50m | 64Mi |
Minimum requirements for Kubernetes Gateway Data Plane with APIM Control Plane:
| Resource | Minimum Requirement |
|---|---|
| CPU | 4 Cores |
| Memory | 4 GB |
| Storage | 15 GB |
Additional Dependencies¶
In addition to Kubernetes and Helm, WSO2 Kubernetes Gateway requires several other dependencies. You do not required to install these dpendencies manually. Redis, Cert-manager, and PostgreSQL are automatically handled during Kubernetes Gateway installation.
| Dependency | Version | Notes |
|---|---|---|
| Redis | 20.10.0 | Automatically installed with Kubernetes Gateway; no manual configuration required. |
| Cert-manager | v1.17.1 | Automatically installed with Kubernetes Gateway; no manual configuration required. |
| PostgreSQL | 16.4.14 | Automatically installed with Kubernetes Gateway; required only for non-production IdP configurations. |
Note
PostgreSQL is used in the Quick Start Guide for token generation from the non-production IdP.
Note
Kubernetes Gateway uses a built-in standalone Redis service which is not suitable for production usage. Please use a production grade Redis in production setup.
Note
Kubernetes Gateway uses a built-in cert manager. But if you have your own cert manager running on kubernetes you can use that instaed of inbuild one.
ARM compatibility¶
WSO2 Kubernetes Gateway is compatible with ARM processors. It can run on ARM-based systems, such as those with Apple Silicon or ARM-based Linux distributions.
Note: Use a Redis Docker image that includes an ARM-compatible release.