I like to installing wso2 api manager in a cluster.Is it possible to create two api manager server in same cluster.
You can configure 2 API Manager nodes in Active-Active. Both starts accepting traffic routing, API creation, etc.
Please refer -
https://apim.docs.wso2.com/en/latest/install-and-setup/setup/single-node/configuring-an-active-active-deployment/#configuring-an-active-active-deployment
Related
and trying to deploy micro-services build in spring boot on aws but didn't know which aws service is suitable for perticular spring micro-service(Could Config, Service Discovery, Api Gatway, and vault).
I build an api gateway service on spring boot, but when it comes to deployment on aws i got confused with the aws api gateway.
Do we need both of the to work together? or we can just setup springBoot Api gatway on ec2 instance.
And its out of context but, do we need separate ec2 for small service like 'Service Discovery', 'Config Service' etc.
thanks
API Gateway is just a kind of routing to your application, no matter if it is hosted on serverless platform or on EC2 container.
You can try to deploy your Spring Boot app on AWS Lambda environment and this way you don't have to think of configuring the server environment. You have to be awarded the cold start of the application in this case. You can google more about it how to solve this problem.
API Gateway is like facade in front of your microservices for communication with external services. There are several ways to use/implement API gateway depending on requirements such as Request Routing, API composition(calling multiple services and combining responses), Authentication, Caching etc.
AWS API gateway is good if you need request routing feature but it can't perform API composition. In such case you need to implement your own custom API gateway using technologies such as Spring Cloud Gateway & Reactive programming.
GraphQL is another popular technology to implement API Gateway.
P.S. - Service Discovery is another concept. In real life you will use Kubernetes or Service Mesh which will internally do Service Registry and Discovery.
We have architecture pattern (Layered DMZ) where:
1. External facing applications are deployed in 3 layered DMZ (DMZ1 for Web Server, DMZ2 for App Server and DMZ3 for Database server)
2. We do not allow DMZ1 directly talking to LAN, however DMZ2, DMZ3 can talk to LAN
WSO2 API Manager will be installed in LAN, the issue is how do we expose services from LAN API store to external world. Which design pattern is best suited for this? I have couple of options
Option 1:
Deploy another instance of API Manager in DMZ1 which 3rd party can access
Deploy set of services in DMZ1 API Manager only for 3rd party access
Have reverse proxy in DMZ2 which talks to LAN server
Option2:
Single instance of API Manager deployed in LAN
Reverse proxy in DMZ1
Forward proxy in DMZ2 (which currently we do not have)
Forward proxy talks to LAN
I remember IBM has virtual/physical Datapower appliance which acts as ab external API gateway, how do we achieve similar design pattern with WSO2?
Many thanks in advance
WSO2 API Manager will be installed in LAN, the issue is how do we expose services from LAN API store to external world
WSO2 API Manager has a component API Gateway. Actually todays there are two ways to do that
Use API Gateway
API Gatway is an instance of API Manager with parameters specifying, that the instance is a gateway, so other modules (key manager, store, publisher) are disabled or not used
We use API Gateway in DMZ. This instace will authenticate and authorize the calling clients. However, the gateway still needs to call KeyManager web services for token validation and the publisher needs to call gateway for API deployment
(KeyManager and publisher are the services in the APIM in LAN)
Using API Micro Gateway
Needs to be deployed as individual modules and are able to validate client's tokens (jwt tokens) even without any connection to the LAN instance
Note: When not using static api keys, but OAuth authentication, then you need to expose a route to the token and revoke service
Resources:
https://docs.wso2.com/m/mobile.action#page/97564467
https://apim.docs.wso2.com/en/latest/Learn/APIGateway/overview-of-the-api-gateway/
https://wso2.com/api-management/api-microgateway/
There are several common deployment patterns recommended by WSO2 for API Manager which can be found below.
https://docs.wso2.com/display/AM260/Deployment+Patterns#DeploymentPatterns-WSO2APIManagerdeploymentpatterns
You can go for pattern #4 or #5. Pattern #5 will keep your total cost down in terms of license fee and infrastructure fee.
I am setting up a WSO2 docker. I am using the WSO2 Dockerfiles from github (https://github.com/wso2/docker-apim) an the latest WSO2 Api Manager version (2.10). The Installation has succeeded, so I started the docker container. WSO2 starts up and I was able to deploy a Swagger URL based API.
I am also able to access the API through the store interface. And here starts my trouble: When I am trying to test the API through the integrated Swagger UI, the API manager is making use of the internal docker IP:
I have set up this port configuration:
How can I force WSO2 Api Manager to use the Docker public IP?
Many thanks :-)
In the repository/conf/api-manager.xml you can find following element
APIGateway/Environments/Environment/GatewayEndpoint
If you have multiple gateways, you may want to create an HTTP(S) load balancer.
I want to set up WSO2 Identity Server cluster and an other for WSO2 API Manager. Identity server will be used to enable SSO for our applications and also to register existing Identity Providers (ex: ADFS). API Manager will be used to manage our Rest API's and to provide them to our applications. I also want to configure the Identity Server to be the Key Manager.
As the documentation says for WSO2 Cluster deployment, Management nodes are specialized in management of the setup, while worker nodes are specialized in serving requests to deployment artifacts. Besides that, API Manager product provides 5 diferent profiles (key-manager, publisher, store, gateway-manager and gateway-worker).
For now, I have 3 servers (server1, server2 and server3) in which I will install and configure the WSO2 Cluster nodes for Identiy Server and API Manager. I also created a load balancer that will be used to forward requests for each cluster nodes (IS and AM).
After some reading, I concluded that I would need to install WSO2 IS and WSO2 AM as manager nodes on the server1 and the two other servers would be used as worker nodes.
I think I already managed to install and configure Identity Server cluster, the url mgt.identity.mydomain.pt points to the server1 node and identity.mydomain.pt points to server2 and server3 nodes for load balancing requests.
Now I'm stuck with API manager cluster configuration, I want to use server2 and server3 as the gateway to load balance requests (apis.mydomain.pt) for our Rest API's and use server1 to manage our API's using store and publiser components (mgt.apis.mydomain.pt). I'm struggling to understand which profile I have to use for each nodes. I tried to install a manager node on server1 with the default profile and install worker nodes on the server2 and server3 with the gateway-worker profile but I'm getting errors related to the Deployment Synchronizer (error logs). I guess I am doing something wrong because those errors only shows up when using the gateway-worker profile.
Anyone can explain me the difference between worker and manager nodes and how they are related with wso2 profiles?
UPDATE:
I found out what I was missing and was causing the error. I was starting the server2 and server3 just with -Dprofile=gateway-worker, I added -DworkerNode=true and I have no errors in log anymore.
Anyway, I am still a little bit confused about using the gateway-manager and gateway-worker profiles.
https://docs.wso2.com/display/CLUSTER44x/Configuring+SVN-Based+Deployment+Synchronizer contains Deployment synchronizer related configurations. Can you check whether you configured the manager and worker nodes correctly
Is there support for Azure integration to deploy and manage WSO2 products, specificaly Elastic Load Balancer. I am also curious if JCloud and Apache Stratos support Azure as an IAAS ?
Thanks
--Mahesh
jclouds Azure support is in the works and scheduled to be released with version 2.0. You can track progress here: https://issues.apache.org/jira/browse/JCLOUDS-664
Once jclouds starts support Azure, this will indeed add Azure support in Apache Stratos, WSO2 Private PaaS, WSO2 App Factory - since these rely on jclouds for IaaS support.
For other WSO2 products, if you do not need the IaaS support and just want to deploy them on VMs in Azure (without autoprovisioning, autoscaling, etc.) you might be able to do so already. I have not tried using Azure ELB specifically but have configured WSO2 stuff with various different load-balancers (WSO2 ELB, AWS ELB, nginx, etc.) and they worked. So Azure ELB might as well, if not - you can probably run nginx in Azure just fine too.