Deploying Choreo Connect as a Standalone Gateway on Kubernetes¶
Let's deploy an API, using WSO2 API Controller (apictl), on Choreo Connect, which running on Kubernetes as a Standalone Gateway.
Before you begin¶
- Install kubectl.
- Setup a Kubernetes cluster v1.20 or above.
- Minimum CPU : 3vCPU
- Minimum Memory : 2GB
- Deploy an ingress controller - NGINX Ingress Controller for this sample.
If you are using Rancher Desktop, disable the default Traefik ingress controller in order to deploy the Nginx ingress controller.
Refer Rancher Docs for more information
- Create and deploy an API project.
- Invoke the API using a generated key.
Let's get started...
Step 1 - Setup Choreo Connect in Kubernetes¶
Download and extract Choreo Connect distribution .zip file
Latest Choreo Connect distribution can be downloaded from https://wso2.com/choreo/choreo-connect/. Extract the Choreo Connect distribution .zip file. The extracted folder will be called as
Apply the Kubernetes configurations for Choreo Connect using the kubectl tool.
Click here if you are using an ARM64 based machine (e.g., Apple M1)
If you are trying out in ARM64 based machine (e.g., Apple M1) update the Docker image names with the following in
- Kubernetes deployment.yaml files
Existing (Default) image name Image name for tryout in ARM64 (e.g.: Apple M1) wso2/choreo-connect-adapter:1.0.0 wso2/choreo-connect-adapter:1.0.0-ubuntu wso2/choreo-connect-enforcer:1.0.0 wso2/choreo-connect-enforcer:1.0.0-ubuntu wso2/choreo-connect-router:1.0.0 wso2/choreo-connect-router:1.0.0-ubuntu wso2/wso2am:4.0.0-alpine wso2am/wso2am:4.0.0-ubuntu
Note: Note that the above Ubuntu based (
*-ubuntu) images are for tryout purpose only, not recommended for a production deployment.
kubectl apply -f <CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect
- Kubernetes deployment.yaml files
Add the host entry to
Add the following entry to
/etc/hostsfile in order to access the Choreo Connect Router and Adapter.
<INGRESS_ADDRESS> gw.wso2.com adapter.wso2.com
Step 2 - Initialize an API Project¶
Let's create our first project with the name "petstore" by adding the OpenAPI definition of the petstore.
Download and install APICTL
APICTL is a CLI tool that can be used to deploy undeploy APIs into Choreo Connect clusters. Refer Download and initialize the CTL Tool to set up the APICTL in your development environment.
Now let's deploy our first API by creating an API resource in Kubernetes.
Navigate to a preferred workspace folder using the command line. This is the location that is used to store the Choreo Connect project. Run the following command to create a project named "petstore". This creates the folder structure for the artifacts to be included. Use the --oas option to include the API definition to the project as follows.
apictl init petstore --oas <api definition path>
Let's use the Petstore sample OpenAPI definition
apictl init petstore --oas https://petstore.swagger.io/v2/swagger.json
The project is now initialized. A directory with the name "petstore" has been created.
- For more information on the API project directory that gets created, see APICTL Getting Started.
Step 3 - Deploy the API Project¶
Step 3.1 - Add Choreo Connect Cluster as Environment to APICTL¶
To use APICTL with Choreo Connect, we need to add the Choreo Connect cluster as an environment in the APICTL. Basically, the adapter URL will be added as the Gateway environment, and the added environment can be used in the subsequent commands.
apictl mg add env <ENVIRONMENT_NAME> --adapter <ADAPTER_URL>
apictl mg add env k8s --adapter https://adapter.wso2.com
Step 3.2 - Log in to the Choreo Connect Cluster¶
Next you need to log in to the Choreo Connect environment (log in to the adapter) in order to deploy the API in Choreo Connect.
apictl mg login <ENVIRONMENT_NAME> -u <AUTHORIZED_USER_USERNAME> -p <USER_PASSWORD> -k
apictl mg login k8s -u admin -p admin -k
Following APICTL commands are being executed with -k flag to avoid SSL verification with the Choreo Connect.
To communicate via HTTPS without skipping SSL verification (without -k flag), add the cert of Choreo Connect into
Step 3.3 - Deploy the API in Choreo Connect¶
Now let's deploy our first API to Choreo Connect using the project created in the step 3. Navigate to the location where the petstore project was initialized. Execute the following command to deploy the API in the Choreo Connect.
apictl mg deploy api -f <PROJRECT_NAME> -e <ENVIRONMENT_NAME> -k
apictl mg deploy api -f petstore -e k8s -k
Step 4 - Invoke the sample API¶
Step 4.1 - Obtain a token¶
After the APIs are exposed via WSO2 Choreo Connect, you can invoke an API with a valid token(JWT) or using a test key.
Let's use WSO2 Choreo Connect's test key endpoint to obtain a test key in order to access the API. Refer Generate a Test JWT for more details.
TOKEN=$(curl -X POST "https://gw.wso2.com/testkey" -d "scope=read:pets" -H "Authorization: Basic YWRtaW46YWRtaW4=" -k -v)
More information - You can obtain a JWT token from any third-party secure token service or via the WSO2 API Manager.
Step 4.2 - Invoke the API¶
Execute the following command to invoke the API using the test key: You can now invoke the API running on WSO2 Choreo Connect using the following cURL command.
curl -X GET "<hostname>:<port>/<API-context>/<API-resource>" -H "Authorization: Bearer $TOKEN" -k
curl -X GET "https://gw.wso2.com/v2/pet/findByStatus?status=available" -H "accept: application/json" -H "Authorization:Bearer $TOKEN" -k