Deploying Choreo Connect on Kubernetes With WSO2 API Manager as a Control Plane¶
Let's deploy an API on Choreo Connect, which running on Kubernetes, with WSO2 API Manager as the Control Plane.
Before you begin
- Install kubectl.
- Set up a Kubernetes cluster v1.20 or above.
- Minimum CPU : 4vCPU
- Minimum Memory : 3GB
- Deploy an ingress controller - NGINX Ingress Controller for this sample.
Note
If you are using Rancher Desktop, disable the default Traefik ingress controller in order to deploy the Nginx ingress controller. Refer Rancher Docs for more information
Step 1 - Setup Choreo Connect in Kubernetes¶
-
Download and extract the Choreo Connect distribution .zip
The latest Choreo Connect distribution can be downloaded from https://wso2.com/choreo/choreo-connect/. Extract the Choreo Connect distribution .zip file. The extracted folder will be called as
CHOREO-CONNECT_HOME
hereafter. -
Add the Kubernetes configurations for Choreo Connect and API Manager using the kubectl tool.
Click here if you are using an ARM64 based machine (e.g., Apple M1)
If you are trying out in ARM64 based machine (e.g., Apple M1) update the Docker image names with the following.
- Kubernetes
deployment.yaml
files<CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect/adapter-deployment.yaml
<CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect/choreo-connect-deployment.yaml
<CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect-with-apim/apim/apim-deployment.yaml
<CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect-with-apim/choreo-connect/adapter-deployment.yaml
<CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect-with-apim/choreo-connect/choreo-connect-deployment.yaml
Existing (Default) image name Image name for tryout in ARM64 (e.g.: Apple M1) wso2/choreo-connect-adapter:1.1.0
wso2/choreo-connect-adapter:1.1.0-ubuntu
wso2/choreo-connect-enforcer:1.1.0
wso2/choreo-connect-enforcer:1.1.0-ubuntu
wso2/choreo-connect-router:1.1.0
wso2/choreo-connect-router:1.1.0-ubuntu
wso2/wso2am:4.0.0-alpine
wso2/wso2am:4.1.0-multiarch
Note: Note that the above Ubuntu based (
*-ubuntu
) images are for tryout purpose only and are not recommended for a production deployment.kubectl apply -f <CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect-with-apim/apim
Apply the Kubernetes configurations for Choreo Connect after starting the API Manager instance.
kubectl apply -f <CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect-with-apim/choreo-connect
- Kubernetes
-
Add the host entry to the
/etc/hosts
file.Add the following entry to
/etc/hosts
file in order to access the Choreo Connect Router, API Manager publisher and Developer Portal.<ingress_address> gw.wso2.com apim.wso2.com
Step 2 - Update the JWKS Endpoint¶
The JWKS endpoint of the API Manager has the external facing hostname by default, and it is not always routable via Choreo Connect Enforcer. As a result, you can alter the JWKS endpoint in the API Manager to use the API Manager's internal service name in Kubernetes.
- Log into Admin portal -
https://apim.wso2.com/admin/
- Navigate to
Key Managers
section and select theResident Key Manager
. - Change the JWKS URL in the
Certificates
section tohttps://wso2apim:9443/oauth2/jwks
.
Step 3 - Deploy Sample API from API Manager¶
- Publisher Portal:
https://apim.wso2.com/publisher/
- Developer Portal:
https://apim.wso2.com/devportal/
Follow the instructions in create and publish an API from API Manager using the above URLs to access each of the portals.
Top