Deploying Choreo Connect on Kubernetes With WSO2 API Manager as a Control Plane

Let's deploy an API on Choreo Connect, which running on Kubernetes, with WSO2 API Manager as the Control Plane.

Before you begin

  1. Install kubectl.
  2. Set up a Kubernetes cluster v1.20 or above.
    • Minimum CPU : 4vCPU
    • Minimum Memory : 3GB
  3. Deploy an ingress controller - NGINX Ingress Controller for this sample.


If you are using Rancher Desktop, disable the default Traefik ingress controller in order to deploy the Nginx ingress controller. Refer Rancher Docs for more information

Step 1 - Setup Choreo Connect in Kubernetes

  1. Download and extract the Choreo Connect distribution .zip

    The latest Choreo Connect distribution can be downloaded from Extract the Choreo Connect distribution .zip file. The extracted folder will be called as CHOREO-CONNECT_HOME hereafter.

  2. Add the Kubernetes configurations for Choreo Connect and API Manager using the kubectl tool.

    Click here if you are using an ARM64 based machine (e.g., Apple M1)

    If you are trying out in ARM64 based machine (e.g., Apple M1) update the Docker image names with the following.

    • Kubernetes deployment.yaml files
      • <CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect/adapter-deployment.yaml
      • <CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect/choreo-connect-deployment.yaml
      • <CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect-with-apim/apim/apim-deployment.yaml
      • <CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect-with-apim/choreo-connect/adapter-deployment.yaml
      • <CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect-with-apim/choreo-connect/choreo-connect-deployment.yaml
    Existing (Default) image name Image name for tryout in ARM64 (e.g.: Apple M1)
    wso2/choreo-connect-adapter:1.1.0 wso2/choreo-connect-adapter:1.1.0-ubuntu
    wso2/choreo-connect-enforcer:1.1.0 wso2/choreo-connect-enforcer:1.1.0-ubuntu
    wso2/choreo-connect-router:1.1.0 wso2/choreo-connect-router:1.1.0-ubuntu
    wso2/wso2am:4.0.0-alpine wso2/wso2am:4.1.0-multiarch

    Note that the above Ubuntu based (*-ubuntu) images are for tryout purpose only and are not recommended for a production deployment.

    kubectl apply -f <CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect-with-apim/apim

    Apply the Kubernetes configurations for Choreo Connect after starting the API Manager instance.

    kubectl apply -f <CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect-with-apim/choreo-connect

  3. Add the host entry to the /etc/hosts file.

    Add the following entry to /etc/hosts file in order to access the Choreo Connect Router, API Manager publisher and Developer Portal.


Step 2 - Update the JWKS Endpoint

The JWKS endpoint of the API Manager has the external facing hostname by default, and it is not always routable via Choreo Connect Enforcer. As a result, you can alter the JWKS endpoint in the API Manager to use the API Manager's internal service name in Kubernetes.

  1. Log into Admin portal -
  2. Navigate to Key Managers section and select the Resident Key Manager.
  3. Change the JWKS URL in the Certificates section to https://wso2apim:9443/oauth2/jwks.

Step 3 - Deploy Sample API from API Manager

  • Publisher Portal:
  • Developer Portal:

Follow the instructions in create and publish an API from API Manager using the above URLs to access each of the portals.