Deploying Choreo Connect on Kubernetes With WSO2 API Manager as a Control Plane - Helm Artifacts

Let's deploy an API on Choreo Connect, which running on Kubernetes, with WSO2 API Manager as the Control Plane. You can select one of the options to install Choreo Connect with Helm Chart.

Before you begin

WSO2 product Docker images

WSO2 product Docker images used for this Kubernetes deployment are available at DockerHub. Important to note that they are General Availability (GA) versions and therefore does not include WSO2 Updates.

For a production grade deployment of the desired WSO2 product-version, it is highly recommended to use the relevant Docker image which includes WSO2 Updates, available at WSO2 Private Docker Registry. In order to use these images, you need an active WSO2 Subscription.

Pre-Requisites

Note

If you are using Rancher Desktop, disable the default Traefik ingress controller in order to deploy the Nginx ingress controller. Refer Rancher Docs for more information

Deploy API Manager as Control Plane

Following are some sample instructions to deploy API Manager for quick start purpose.

Tip

Please follow the document Deploying API-M on Kubernetes using Helm Resources which describes deploying API Manager. The following guide describes deploying API Manager for quick start purpose.

Step 1 - Add the WSO2 Helm chart repository

Add the WSO2 Helm chart repository by executing the following command.

helm repo add wso2 https://helm.wso2.com && helm repo update

Step 2 - Install Chart

Execute the command that is relevant to your Helm version.

Tip

If you do not have sufficient resources you can adjust them by setting the following values when installing the chart.

--set wso2.deployment.am.resources.requests.memory=2Gi \
--set wso2.deployment.am.resources.requests.cpu=1000m \
--set wso2.deployment.am.resources.limits.memory=2Gi \
--set wso2.deployment.am.resources.limits.cpu=1000m

  • Using Helm v2

    helm install --name apim-as-cp wso2/am-single-node --version 4.1.0-1 --namespace apim \
        --set wso2.deployment.am.ingress.gateway.hostname=gw.wso2.com \
        --set wso2.deployment.am.ingress.gateway.enabled=false \
        --set wso2.deployment.am.imagePullPolicy=IfNotPresent \
        --set-file wso2.deployment.am.config."deployment\.toml"=https://raw.githubusercontent.com/wso2/kubernetes-microgateway/v1.1.0.6/resources/controlplane-deployment.toml
  • Using Helm v3

    helm install apim-as-cp wso2/am-single-node --version 4.1.0-1 --namespace apim --create-namespace \
        --set wso2.deployment.am.ingress.gateway.hostname=gw.wso2.com \
        --set wso2.deployment.am.ingress.gateway.enabled=false \
        --set wso2.deployment.am.imagePullPolicy=IfNotPresent \
        --set-file wso2.deployment.am.config."deployment\.toml"=https://raw.githubusercontent.com/wso2/kubernetes-microgateway/v1.1.0.6/resources/controlplane-deployment.toml

Option 1: Install Chart from WSO2 Helm Chart Repository

Step 1 - Add the WSO2 Helm chart repository

Add the WSO2 Helm chart repository by executing the following command.

helm repo add wso2 https://helm.wso2.com && helm repo update

Step 2 - Install Chart

Execute the following command to install the Helm Cart by selecting the helm version you installed.

  • Using Helm v2

    helm install --name <RELEASE_NAME> wso2/choreo-connect --version 1.1.0-6 --namespace <NAMESPACE> \
        --set wso2.deployment.mode=APIM_AS_CP \
        --set wso2.apim.controlPlane.hostName=am.wso2.com \
        --set wso2.apim.controlPlane.serviceName=wso2am-single-node-am-service.apim
    helm install --name my-release wso2/choreo-connect --version 1.1.0-6 --namespace cc \
        --set wso2.deployment.mode=APIM_AS_CP \
        --set wso2.apim.controlPlane.hostName=am.wso2.com \
        --set wso2.apim.controlPlane.serviceName=wso2am-single-node-am-service.apim
  • Using Helm v3

    helm install <RELEASE_NAME> wso2/choreo-connect --version 1.1.0-6 --namespace <NAMESPACE> --create-namespace \
        --set wso2.deployment.mode=APIM_AS_CP \
        --set wso2.apim.controlPlane.hostName=am.wso2.com \
        --set wso2.apim.controlPlane.serviceName=wso2am-single-node-am-service.apim
    helm install my-release wso2/choreo-connect --version 1.1.0-6 --namespace cc --create-namespace \
        --set wso2.deployment.mode=APIM_AS_CP \
        --set wso2.apim.controlPlane.hostName=am.wso2.com \
        --set wso2.apim.controlPlane.serviceName=wso2am-single-node-am-service.apim

The above steps will deploy Choreo Connect using WSO2 product Docker images available at DockerHub.

If you are using WSO2 product Docker images available from WSO2 Private Docker Registry, please provide your WSO2 Subscription credentials via input values (using --set argument).

Please see the following example.

  • Using Helm v2

    helm install --name <RELEASE_NAME> wso2/choreo-connect --version 1.1.0-6 --namespace <NAMESPACE> \
        --set wso2.subscription.username=<SUBSCRIPTION_USERNAME> \
        --set wso2.subscription.password=<SUBSCRIPTION_PASSWORD>
  • Using Helm v3

    helm install <RELEASE_NAME> wso2/choreo-connect --version 1.1.0-6 --namespace <NAMESPACE> --create-namespace \
        --set wso2.subscription.username=<SUBSCRIPTION_USERNAME> \
        --set wso2.subscription.password=<SUBSCRIPTION_PASSWORD>


Skip the following section "Option 2: Install Chart from Source" since you have already installed Choreo Connect and jump to Access the Choreo Connect deployment for deploying APIs.

Option 2: Install Chart from Source

Step 1 - Get the Helm resources

Check out the Helm Resources for the Choreo Connect Git repository.

  1. Open a terminal and navigate to the location where you want to save the local copy.
  2. Clone the Choreo Connect Git repository with Helm resources:

    git clone https://github.com/wso2/kubernetes-microgateway.git
    git checkout tags/v1.1.0.6

This creates a local copy of wso2/kubernetes-microgateway, which includes all the Helm Resources for Choreo Connect.

Let's refer to the root folder of the local copy as <KUBERNETES_HOME>.

Step 2 - Update the deployment configurations

Follow the steps given below to configure how your Choreo Connect deployment should be set up.

  1. Open the values.yaml file in the <KUBERNETES_HOME>/helm/choreo-connect directory of your local copy.

    Info

    Before you do any changes, go through the default configurations in this file.

  2. Use the following guidelines to update the deployment configurations:

    • Updating the WSO2 subscription details

      You can update the username and password in the following section. If you don't have an active WSO2 subscription, leave these parameters empty.

      wso2:
          subscription:
              username: "<username>"
              password: "<password>"

      Alternatively, you can skip this step and pass your subscription details at the time of deploying (see the next step for details).

    • Updating Choreo Connect Deployment Mode

      wso2:
          deployment:
              mode: "APIM_AS_CP"
    • Updating Choreo Connect control plane configurations

      wso2:
          apim:
              controlPlane:
                  hostName: "<controlplane host name>"
                  serviceName: "<controlplane kubernetes service name>"
    • You can update other configurations as required.

  3. Save the values.yaml file.

Step 3 - Deploy Choreo Connect

Once you have set up your Helm resources locally, follow the instructions given below to set up the deployment.

  1. Open a terminal and navigate to the <KUBERNETES_HOME> directory.
  2. Execute the command that is relevant to your Helm version.

    Tip

    Be sure to replace NAMESPACE with the Kubernetes namespace in which your resources are deployed.

    • Using Helm v2

      helm install --name <RELEASE_NAME> ./helm/choreo-connect 1.1.0-6 --namespace <NAMESPACE>
    • Using Helm v3

      helm install <RELEASE_NAME> ./helm/choreo-connect 1.1.0-6 --namespace <NAMESPACE> --create-namespace

Update configurations during deployment

If required, you can set any of the deployment configurations at the time of running the deployment (instead of specifying them in the values.yaml file). See the examples given below.

  • Setting the subscription username and password.

    --set wso2.subscription.username=<SUBSCRIPTION_USERNAME>
    --set wso2.subscription.username=<SUBSCRIPTION_USERNAME>
  • Setting the Choreo Connect deployment mode.

    --set wso2.deployment.mode=APIM_AS_CP
  • Use the Choreo Connect control plane configurations.

    --set wso2.apim.controlPlane.hostName=am.wso2.com
    --set wso2.apim.controlPlane.serviceName=wso2am-single-node-am-service.apim

Access the Choreo Connect deployment

Follow the steps given below.

  1. Get the external IP (EXTERNAL-IP) of the Ingress resources by listing down the Kubernetes Ingresses.

    • API Manager - Control Plane

      kubectl get ing -n apim

      Output:

      NAME                                   CLASS    HOSTS                ADDRESS        PORTS     AGE
      wso2am-single-node-am-ingress          <none>   am.wso2.com          <EXTERNAL-IP>  80, 443   8m33s
      wso2am-single-node-am-websub-ingress   <none>   websub.am.wso2.com   <EXTERNAL-IP>  80, 443   8m33s
    • Choreo Connect

      kubectl get ing -n <NAMESPACE>
      kubectl get ing -n cc

      Output:

      NAME                                    CLASS    HOSTS         ADDRESS          PORTS     AGE
      <RELEASE_NAME>-choreo-connect-router    <none>   gw.wso2.com   <EXTERNAL-IP>    80, 443   5s
      NAME                                    CLASS    HOSTS         ADDRESS          PORTS     AGE
      my-release-choreo-connect-router        <none>   gw.wso2.com   127.0.0.1        80, 443   5s
  2. Add the above hosts in the /etc/hosts file as follows:

    <EXTERNAL-IP>   am.wso2.com
    <EXTERNAL-IP>   gw.wso2.com

Update the JWKS Endpoint

The JWKS endpoint of the API Manager has the external facing hostname by default, and it is not always routable via Choreo Connect Enforcer. As a result, you can alter the JWKS endpoint in the API Manager to use the API Manager's internal service name in Kubernetes.

  1. Log into Admin portal - https://am.wso2.com/admin/
  2. Navigate to Key Managers section and select the Resident Key Manager.
  3. Change the JWKS URL in the Certificates section to https://wso2am-single-node-am-service.apim:9443/oauth2/jwks.

Deploy Sample API from API Manager

Follow the instructions in create and publish an API via API Manager using the above URLs to access each of the portals.

Top