API Gateway Anywhere: Gateway on Kubernetes in Alibaba Cloud
API Gateway Anywhere: Gateway on Kubernetes in Alibaba Cloud
Read this article in order to learn more about how to expose backend services deployed in a Kubernetes cluster on Alibaba Cloud as managed APIs.
Join the DZone community and get the full member experience.
Join For FreeDeploying the API gateway next to your backend services not only reduces the network latency between backend service and the gateway, but it allows you to adhere to the security and compliance requirements of your organization. Additionally, you inherit the complete API management capabilities into your deployments such as API lifecycle management, OAuth token-based security with scope validation, throttling policies, statistics, anomaly detection, monetization, etc.
As an example, if your services are deployed in a container management system like Kubernetes on any cloud such as Alibaba, Google, AWS, Azure, etc., the gateway can be deployed as a container on the CMS while other API management components are deployed in WSO2 API Cloud.
Based on where your API consumer applications are deployed, API Gateway can be exposed to the public through a Kubernetes ingress/load balancer or run internally, just like your backend services and consumers.
Internal API Consumer Applications
Gateway URLs are resolved using k8s service names, while backend services are deployed as APIs in API gateway using the k8s service names of the backend services.
External API Consumer Applications
The API gateway is exposed to external consumers using a load balancer or an ingress controller provided by your cloud vendor.
Hybrid API Management: WSO2 API Cloud
The API gateway pulls the API definitions from API Cloud and deploys the APIs. It connects to API Cloud to validate OAuth tokens and upload the API invocation events to perform analytics in API Cloud.
Trying out On-Prem Gateway on Alibaba Cloud
Create a Kubernetes Cluster
Follow the ‘Running Kubernetes on Alibaba Cloud’ document and create a Kubernetes cluster. Once you have successfully created the cluster, you can download the Kubernetes configuration file from Alibaba Cloud Console and update the ~/.kube/config. You can verify if it is connected to the correct cluster by listing the nodes(kubectl get nodes).
Create a namespace to try out the example.
kubectl create ns wso2-api-gateway
Deploy a Sample Backend Service
This is a stock quote service written in microservice framework for Java. You can use the below deployment.yaml and service.yaml to expose the microservice on Kubernetes.
Deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: stockquote-service
name: stockquote-service
namespace: wso2-api-gateway
spec:
replicas: 2
selector:
matchLabels:
app: stockquote-service
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: stockquote-service
spec:
containers:
- image: manjula/stockquote-service:1.0.0
imagePullPolicy: Always
name: stockquote-service
ports:
- containerPort: 8080
protocol: TCP
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
kubectl create -f Deployment.yaml
Service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: stockquote-service-k8s-service
name: stockquote-service-k8s-service
namespace: wso2-api-gateway
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 8080
selector:
app: stockquote-service
kubectl create -f Service.yaml
Publish an API for the stockquote service
Login to WSO2 API Cloud, create, and publish the API.
1. Design the API
2. Connect with the backend service through Kubernetes service name
3. Configure security, throttling policies and publish
Invoke the Stockquote API
API portal allows the API consumers to discover the APIs, subscribe, and generate tokens to invoke the API.
Once tokens are generated, you can try to invoke the API from API Cloud itself, but as you have already figured out, it fails due to connectivity issues because the backend kubernetes service name is not exposed to the internet.
Deploy WSO2 On-Prem Gateway
WSO2 On-Prem gateway can be deployed as a Docker container. Refer to online documentation for more details. Use the below deployment.yaml file to deploy On-Prem gateway on Kubernetes. You only need to provide the user details (WSO2_CLOUD_ORG_KEY, WSO2_CLOUD_EMAIL, WSO2_CLOUD_PASSWORD) that you use to login to WSO2 API Cloud to configure the On-Prem gateway successfully.
Deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: wso2-on-prem-api-gateway
name: wso2-on-prem-api-gateway
namespace: wso2-api-gateway
spec:
replicas: 1
selector:
matchLabels:
app: wso2-on-prem-api-gateway
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: wso2-on-prem-api-gateway
spec:
containers:
- env:
- name: WSO2_CLOUD_ORG_KEY
value: gatewayanywhere
- name: WSO2_CLOUD_EMAIL
value: manjula.cse@gmail.com
- name: WSO2_CLOUD_PASSWORD
value: Password
image: manjula/wso2cloud-onprem-gateway:2.1.0
imagePullPolicy: Always
name: wso2-on-prem-api-gateway
ports:
- containerPort: 8280
protocol: TCP
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
kubectl create -f Deployment.yaml
Check the On-Prem gateway availability status in API Cloud. If the status is not updated in API Cloud, you can get the logs of the container and identify the error such as invalid credentials etc.
Expose On-Prem gateway through a load balancer
kubectl expose deployment wso2-on-prem-api-gateway --type=LoadBalancer --namespace=wso2-api-gateway
To get the load balancer public IP, you can execute below command.
kubectl describe service wso2-on-prem-api-gateway --namespace=wso2-api-gateway
Invoke the stock quote API through the load balancer
You can replace the OAuth bearer token and load balancer IP in following cURL commands to get the response.
curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer 35b22efd-6ba5-36e6-a176-005c36b70939' 'http://<<Load Balancer IP>>:8280/t/gatewayanywhere/stockquote/1.0.0/GOOG'
curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer 35b22efd-6ba5-36e6-a176-005c36b70939' 'http://<<Load Balancer IP>>:8280/t/gatewayanywhere/stockquote/1.0.0/all'
Note: In the above example, only HTTP port was exposed but you can make use of both HTTPs and HTTP transports to expose your backend services as secured APIs to the internet.
API Statistics in API Cloud
Various statistics on API consumption are provided out of the box in API Cloud.
Summary
In this article, we demonstrated how to expose backend services deployed in a Kubernetes cluster on Alibaba Cloud as managed APIs using a Hybrid API deployment pattern where the On-Prem gateway is deployed in the Kubernetes cluster and complete API lifecycle is governed by WSO2 API Cloud.
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}