Create an API Gateway Solution for your APIs and Deploy it in Kubernetes with Ingress Controller
Hey folks..! In this article, I will implement a complete API gateway business solution for your APIs and will deploy it in the Kubernetes with an ingress controller. If you are not familiar with API gateways and ingress, don't worry, I will simply explain everything to you. Following is the overview of this article and hope it will help you to get the high-level idea before jumping into the deep.
- What is an API gateway and why you need an API gateway?
- What is Kubernetes and why you need Kubernetes for the deployment?
- What is an Ingress?
- Hands-on experience to create an API gateway solution with WSO2 API Microgateway
- Hands-on experience to deploy API gateway solution in Kubernetes with Ingress using WSO2 k8s operator
What is an API gateway and why you need an API gateway?
In the modern world, businesses are highly API-driven and most organizations expose their core business to clients and outside the world through APIs. Securing APIs is the key to ensure their business security and in return having well control of an API is also a key to the success of a business. This is where API gateway comes into play.
API gateway act as a middle layer for your APIs. It provides an additional security layer for your APIs and gives more governance facilities and many benefits for the APIs. You can find many API gateways in the industry. In this article, I’m going to use WSO2 API Microgateway as my API gateway since it's a lightweight, Kubernetes friendly Gateway as well as it is 100% open source product.
What is Kubernetes and why you need Kubernetes for the deployment?
You have to deploy your API gateway solution in VM environment or Kubernetes environments in order to expose your gateway to the public. As you may know, Kubernetes provide you with a framework to run distributed systems resiliently. Especially it has a facility to easily scale your system. Many companies are deploying their solutions in Kubernetes to make sure it’s working perfectly even with more traffic.
What is an Ingress?
In Kubernetes application, an Ingress is an object that allows access to your Kubernetes services from outside the Kubernetes cluster. Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource. In the following diagram you can see a simple example where an Ingress sends all its traffic to one service.
Okay, I hope you got some basic knowledge about API gateway and Ingress. Now lets move on to the hands on sessions. As the first step, I’m going to use WSO2 API Microgateway to create my gateway solution.
Create an API gateway solution
My use case:
I have 2 APIs and I need to set authentication mechanism for the APIs and as well as I need to check every API request on whether it has a X-API-KEY header and if it does not have, I’m not going to send that request to the back end.
i). Download only the wso2am-micro-gw-toolkit zip file of the WSO2 API Microgateway using the following link.
https://github.com/wso2/product-microgateway/releases/tag/v3.2.1.
(Since I’m a Linux user, I’m downloading wso2am-micro-gw-toolkit-linux-3.2.1.zip )
(Make sure you have installed java and docker to your computer)
WSO2 API Microgateway consists of a toolkit and a runtime. Here you need to download only the toolkit.
ii). Extract the zip file and go to the bin directory.
iii). Now let’s initiate a Microgateway project.
./micro-gw init gateway-projectThen you can see a folder called gateway-project in the bin folder.
iv). Now we need to add our APIs to the project using OpenAPI/Swagger definition.
In this example, I have created two APIs and in the following link you can see My OpenAPI definitions.
v). Add OpenAPI definitions to gateway-project/api_definitions folder.
I have a requirement to check whether request include X-API-Key header. For this I need to write an interceptor. (Refer my blog about Adding interceptors for your APIs using WSO2 API Microgateway to get to know how to write an interceptor.
vi). Then I add interceptor jar to the gateway-project/lib folder and add the reference of that in my API definitions like below.
x-wso2-request-interceptor: java:mgw.interceptor.SampleInterceptorI’m doing API authentication from api-key security mechanism. Therefore, I need to add the following security schemas to my OpenAPI definitions.
security:
- ApiKeyAuth: []components:
securitySchemes:
ApiKeyAuth: # arbitrary name for the security scheme
type: apiKey
in: header # can be "header" or "query"
name: api_key # name of the header or query parameter
Now everything is fine. We need to build out project in order to create our artifacts.
When building the project, we need to think a way to deploy it in the Kubernetes. Here I’m going to use the following approach.
I’m creating a docker image for the project and deploy it in the Kubernetes easily with the help of WSO2 k8s operator. Let’s discuss on the deployment step later. What I wanted to highlight is that we need to create a docker image for our project.
vii). We can easily build and create the docker image using below command.
./micro-gw build gateway-project --docker --docker-image <dokcerhub-username>/gateway-project:v1 --docker-base-image wso2/wso2micro-gw:3.2.0Here, I will include my docker-hub username to the image since we need to push it into the docker-hub.
Then, if you get the Build successful message in the terminal, that means you have successfully created a docker image for the gateway project. You can confirm that by listing the docker images by executing the below docker command.
docker imagesYou can see the docker image called <dockerhub-username>/gateway-project with tag v1.
Now we need to push it to docker repository. In order to do this you need to create an account in the docker-hub. If you don't have an account in docker hub, you can create an account from the following link .
Now log in to the docker hub from terminal by executing this command.
docker loginProvide your login credentials and log into the docker hub.
viii). Let’s push our docker image to the docker hub like below,
docker push <dockerhub-username>/gateway-project:v1Now everything is fine in our API gateways solution. Now it is time to deploy it.
Deploy API gateway solution in Kubernetes with Ingress
WSO2 has a operator called K8s API Operator and we can easily deploy our Microgateway project in Kubernetes using K8s Operator.
First let’s install kubectl tool from following link in order to execute Kubernetes commands.
https://kubernetes.io/docs/tasks/tools
Then we need to setup the Kubernetes environment. For this I’m using Minikube to setup a Kubernetes cluster in my local computer. You can install minikube to your computer from the following link.
After installing it, let’s start the cluster using following command.
minikube startThen let’s setup WSO2 K8s Operator.
i). Download API operator using the following link.
(Download K8s API Operator zip and extract it.)
ii). Download APICTL tool from following link. (APICLT is the WSO2 CLI tool )
I’m downloading APICTL 3.2.1 linux zip since I’m using Linux. Then extract it.
Now let’s install the K8s API operator using APICTL.
iii). Go to APICTL_HOME/ directory and execute this.
export WSO2_API_OPERATOR_VERSION=v1.2.2Next, Install api-operator. In the installation you need to provide your docker hub credentials.
apictl install api-operator>> apictl install api-operator
Choose registry type:
1: Docker Hub
2: Amazon ECR
3: GCR
4: HTTP Private Registry
5: HTTPS Private Registry
6: Quay.io
Choose a number: 1: 1
Enter repository name: chashikajw #similar to username
Enter username: chashikajw
Enter password: *******
Repository: chashikajw
Username : chashikajw
Confirm configurations: Y: Y
Now let’s install the API portal and security token service using below command.
apictl install wso2am-operatorThen install API Portal and security token service under a namespace called “wso2” using following command.
apictl apply -f k8s-api-operator-1.2.2/k8s-artifacts/api-portal(Here the last argument is the file path to the api-portal directory inside your extracted API operator folder)
Now we have setup our operator successfully.
(If you need to refer more details regarding installing API operator, you can refer README in K8s Operator repository)
Now we need to install ingress controller to our Kubernetes cluster. I’m using Nginx ingress controller.
First install the Nginx-ingress controller. You can simply enable ingress controller in minikube environment using following command.
minikube addons enable ingressIn order to deploy with ingress controller we need to change operator mode as ingress in k8s operator.
Open the controller_conf.yaml file inside k8s-api-operator-1.2.2/api-operator/controller-artifacts directory and change operatorMode as ingress like below
operatorMode: "ingressNow apply the changes using following command.
(You need to go to APICTL_HOME/ directory to execute the following command)
apictl apply -f k8s-api-operator-1.2.2/api-operator/controller-artifacts/controller_conf.yaml(Final argument is the file path of controller_conf.yaml)
Now we can deploy our API gateway solution. K8s Operator has various kind of ways to deploy our APIs. Here I’m deploying my gateway solution using docker image and OpenAPI definitions.
Please note that you can simply deploy your APIs only using OpenAPI definitions. But in my scenario It’s bit complicated and I have used interceptors. Because of that, I created my docker image to satisfy all my requirements and I am using that for deployment. Otherwise K8s Operator it self creates a docker image.
What I wanted to highlight is if you have to create a gateway solution with custom filters and any other custom configurations, it’s better to create the docker image by yourself and use it in the deployment.
Now let’s deploy our APIs as below. For this we need the file path for our OpenAPI definitions and our docker image name as the parameters.
I will give my service name as gateway-service.
apictl add api -n gateway-service --from-file=api1.yaml --from-file=api2.yaml --image=chashikajw/gateway-project:v1(I copied my api1 and api2 OpenAPI definitions to APICTL_HOME/ directory to get the path easily)
Addition to this parameters, you can use following parameters also.
--namespace Namespace to deploy the API
--replicas Number of replicas
--override Overwrite the docker image creation for already created docker image
--mode Property to override the deploying mode. Available modes: privateJet, sidecar
--version Property to override the API version
--env Environment variables to be passed to deploymentIf you want to refer more details regarding that, you can refer README in K8s Operator repository.
Congratulations and now we are done !!
You can see the ingress by executing the following command.
apictl get ingressAs a conclusion from this article, we create out API gateway solution using WSO2 API Microgateway and deploy it in Kubernetes with ingress controller easily using WSO2 K8s Operator. K8s Operator automatically generated all the ingress routes and every other Kubernetes artifacts which we need for the deployment. Hope you got a good idea about how to build and deploy complete business solution from the article. Until we meet again. cheers!!!
References
You can find OpenAPI definitions and interceptor project in my GitHub repository.
And you can read more about WSO2 API Microgateway and build your API gateway solution.
Read more about Kubernetes and ingress controller
Read more about WSO2 K8s Operator and there are plenty of deployments options we can execute using WSO2 K8s Operator.
