Deploying WSO2 MI Seamlessly with Kubernetes
Greetings, Geeks! In today’s tutorial, we’ll embark on an exciting journey into the world of Kubernetes, exploring the installation of Rancher Desktop on your local machine. But that’s not all — we’ll take it a step further by demonstrating how to deploy the powerful WSO2 Micro Integrator (MI) server in a Kubernetes cluster. So, buckle up and get ready for a hands-on experience that will enhance your skills in managing containerized applications.
Steps :
1. Installing Rancher
lets install Rancher on our machines. Navigate to the official Rancher Website and download Rancher. Now Install the application.
2. Configure Rancher for Kubernetes
After you have install the application you need to Open Rancher Desktop. Click on the setting Icon located at right top of Rancher Desktop window.
Go to application Section and put the tick for Administrative Access. Now go to virtual machine section and provide needed CPUs and memory needed for Rancher pods.
Now go to kubernetes section and disable (untick) ‘Traefik’. We are disabling Traefix because we are going to install Ingress load balancer in our setup.
3. Installing Helm
Helm is installed with Rancher desktop So we do not need to install Helm.
4. Setting up Ingress-Nginx controller in K8 cluster
To install the Ingress controller on your Kubernetes cluster, simply execute the following command:
helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespaceYou can conveniently monitor the Ingress controller’s status through the Rancher Desktop cluster dashboard. Navigate to the “Cluster >> Namespace” section to find the newly created “ingress-nginx” namespace, which should be in an active state, indicating successful installation.
You can run the below command in terminal and get the same output
kubectl get pods -o wide -n ingress-nginx
Now we need to know IP address of the Ingress load balancer. This IP address is needed to route the traffic to the services inside the K8 cluster.
So lets go to cluster dashboard and go to Service Directory >> Services. You will see the services deployed in the K8 cluster. Click on “ingress-nginx-controller” and you will see the load balancer IP address on the top as below
So in our setup the Load balancer IP address will be 192.168.1.5. You can view the same using kubectl commands in the terminal.
kubectl get services -o wide -n ingress-nginx
5. Building WSO2 MI docker Image
Okay let’s structure the instructions for creating the Dockerfile:
- Create a folder named “Docker_Artifacts” and within it, another folder named “MI_Image.”
mkdir Docker_Artifacts
cd Docker_Artifacts
mkdir MI_Image
cd MI_Image- Inside the “MI_Image” folder, create a file named “Dockerfile.”
touch Dockerfile- Open the “Dockerfile” and add the WSO2 Docker image tag. You can refer to the WSO2 MI Docker documentation for more details.
FROM wso2/wso2mi:latestlet’s continue building the Dockerfile by adding instructions to include the Hello World API in the MI server. Assuming you have the CAR file for your Hello World API, you can follow these steps:
- Create a “carbonapps” folder inside the “MI_Image” folder:
mkdir carbonappsCopy the CAR file of your Hello World API to the “carbonapps” directory. Replace YourHelloWorldAPI.car with the actual filename:
cp /path/to/YourHelloWorldAPI.car MI_Image/carbonapps/Now, open the Dockerfile and add the following lines to include the “carbonapps” folder inside the Docker image:
# Dockerfile
# Use the base WSO2 MI Docker image
FROM wso2/micro-integrator:latest
# Create a directory for carbonapps and copy the Hello World API CAR file
COPY carbonapps /home/wso2carbon/wso2mi/repository/deployment/server/carbonappsWe have copied our CAR file to the docker image.
Next, We need to add the Ingress-controllers certificate to WSO2 MI server. This is because MI server is deployed inside a K8 cluster, So to communicate with outside, the MI server need to go through load balancer. To do this communication the client certificate of ingress contoller should be present in MI server side.
Now, let’s download the certificate of the ingress server with below command
openssl s_client -showcerts -connect 192.168.1.5:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > ingress_certificate.pemNote : You need to replace the IP address with the IP address of your load balancer that we found in our previous steps.
You will get the certificate as ‘ingress_certificate.pem’.
Now lets copy client-truststore.jks file to “MI_Image” folder. You can find the client-truststore.jks from a downloaded WSO2 MI pack which is located in [MI_HOME]/repository/resources/security directory.
Let’s import the certificate to the ‘client-truststore.jks’ using the below command
keytool -import -alias ingresscert -file ingress_certificate.pem -keystore client-truststore.jks -storepass wso2carbonNow we need to add the client-truststore.jks to our Docker image. We can do it by adding the below COPY line in Dockerfile
COPY --chown=wso2carbon:wso2 client-truststore.jks /home/wso2carbon/wso2mi-4.2.0/repository/resources/securityBelow is my full Dockerfile after adding above lines
# set base docker image to public docker image of WSO2
FROM wso2/wso2mi:latest
#Adding Hello World API CAR to the docker image
COPY --chown=wso2carbon:wso2 carbonapps /home/wso2carbon/wso2mi-4.2.0/repository/deployment/server/
# add client-truststore to the docker image
COPY --chown=wso2carbon:wso2 client-truststore.jks /home/wso2carbon/wso2mi-4.2.0/repository/resources/securityNow we are done with creating our Docker image. Now we need to build this docker image.
Run the below command from the place where the Dockerfile is saved (“MI_Image directory”).
docker build . -t my_wso2mi:4.2.0This will build our docker image “my_wso2mi:4.2.0”.
6. Preparing MI Helm charts
Now we need to clone WSO2 MI helm charts from WSO2 MI Helm Github repository.
Run the below command to clone repository to your machine
git clone https://github.com/wso2/kubernetes-mi.gitNow we have cloned the WSO2 MI helm chars to our machine, Lets do some small adjustment for the configurations.
- Rancher Desktop uses local-path storage classes. The default MI helm uses nfs storage classes. So lets change the nfs storage classes to local-path storage classes.
Open the ‘values.yaml’ file in your ‘HELM_HOME’.
Update the ‘nfsServerProvisioner’ section and make it false as we are using the ‘local-path’ storage class. - Update the ‘storageClass’ parameter as below
- We have built our own docker image in this example. So let’s use that in the configurations as below.
- By default it will try to download the docker image. To avoid that Change the ‘imagePullPolicy’ value to IfNotPresent
- Lets increase the default resource allocated of the pod as below
Now we are done with the configurations. Lets deploy 😎
7. Deploying the updated Helm chart
Now our artifacts are ready to be deployed to Kubernetes cluster. Lets execute the below command from the the directory we cloned (kubernetes-mi/helm/micro-integrator/)
helm install wso2mi . --version 4.2.0 --namespace mi --dependency-update --create-namespaceHere we are creating a release named “wso2mi” with namespace “mi”.
In Rancher Desktop cluster dashboard lets go to Workloads >> Pods.
In this view you can see the status of the pod we created
8. DNS Mapping
Invoke the below command in the terminal. This will list ingress in the MI namespace
kubectl get ing -o wide -n mi
As you can see the MI service hotname is mi.wso2.com. So if we run a the below CURL command to our Hello Word API, it will throw a connection refused error
curl --location 'https://mi.wso2.com/HelloWorld'This is because the machine can not resolve the mi.wso2.com host name. So we need to add a hots entry in the machine.
Open up the ‘/etc/hosts’ file of your system and add the below entry.
192.168.1.5 mi.wso2.com management.mi.wso2.com wso2mi-micro-integrator-management-ingressNow lets run the below CURL command again and you will get a sucssfull response
curl --location 'https://mi.wso2.com/HelloWorld'Thats it Geeks! We have successfully deploy the WSO2 MI in K8 cluster.
Merry Christmas and Happy New Year !
Reference :
[1]. Hello World API synapse configuration:
<?xml version="1.0" encoding="UTF-8"?>
<api context="/HelloWorld" name="HelloWorld" xmlns="http://ws.apache.org/ns/synapse">
<resource methods="GET">
<inSequence>
<payloadFactory media-type="json">
<format>{"Hello":"World"}</format>
<args/>
</payloadFactory>
<respond/>
</inSequence>
<outSequence/>
<faultSequence/>
</resource>
</api>
