Deploying Choreo Connect on Kubernetes With MWARE ESB as a Control Plane - Helm Artifacts

Let's deploy an API on Choreo Connect, which running on Kubernetes, with MWARE ESB as the Control Plane. You can select one of the options to install Choreo Connect with Helm Chart.

Before you begin

ESB product Docker images

ESB product Docker images used for this Kubernetes deployment are available at DockerHub. Important to note that they are General Availability (GA) versions and therefore does not include ESB Updates.

For a production grade deployment of the desired ESB product-version, it is highly recommended to use the relevant Docker image which includes ESB Updates, available at ESB Private Docker Registry. In order to use these images, you need an active MWARE Subscription.

Pre-Requisites

Note

If you are using Rancher Desktop, disable the default Traefik ingress controller in order to deploy the Nginx ingress controller. Refer Rancher Docs for more information

Deploy ESB as Control Plane

Following are some sample instructions to deploy ESB for quick start purpose.

Tip

Please follow the document Deploying API-M on Kubernetes using Helm Resources which describes deploying ESB. The following guide describes deploying ESB for quick start purpose.

Step 1 - Add the ESB Helm chart repository

Add the ESB Helm chart repository by executing the following command.

helm repo add wso2 https://helm.wso2.com && helm repo update

Step 2 - Install Chart

Execute the command that is relevant to your Helm version.

Tip

If you do not have sufficient resources you can adjust them by setting the following values when installing the chart.

--set wso2.deployment.am.resources.requests.memory=2Gi \
--set wso2.deployment.am.resources.requests.cpu=1000m \
--set wso2.deployment.am.resources.limits.memory=2Gi \
--set wso2.deployment.am.resources.limits.cpu=1000m

MWARE ESB Docker Image

You can get or build a MWARE ESB Docker image using one of these options.

Option 1: MWARE ESB Docker image from your ESB Subscription

If you have an active ESB Subscription, set the following values when installing the chart.

--set wso2.subscription.username=<SUBSCRIPTION_USERNAME> \
--set wso2.subscription.password=<SUBSCRIPTION_PASSWORD>

Option 2: Build your own MWARE ESB Docker image

  1. Download MWARE ESB 4.2.0 distribution .zip file from https://wso2.com/api-manager/.
  2. Create a Docker image using Dockerfiles avaible at wso2/docker-apim.
  • Using Helm v2

    helm install --name apim-as-cp wso2/am-single-node --version 4.2.0-1 --namespace apim \
        --set wso2.deployment.am.ingress.gateway.hostname=gw.wso2.com \
        --set wso2.deployment.am.ingress.gateway.enabled=false \
        --set wso2.deployment.am.imagePullPolicy=IfNotPresent
  • Using Helm v3

    helm install apim-as-cp wso2/am-single-node --version 4.2.0-1 --namespace apim --create-namespace \
        --set wso2.deployment.am.ingress.gateway.hostname=gw.wso2.com \
        --set wso2.deployment.am.ingress.gateway.enabled=false \
        --set wso2.deployment.am.imagePullPolicy=IfNotPresent

Option 1: Install Chart from ESB Helm Chart Repository

Step 1 - Add the ESB Helm chart repository

Add the ESB Helm chart repository by executing the following command.

helm repo add wso2 https://helm.wso2.com && helm repo update

Step 2 - Install Chart

Execute the following command to install the Helm Cart by selecting the helm version you installed.

  • Using Helm v2

    helm install --name <RELEASE_NAME> wso2/choreo-connect --version 1.2.0-1 --namespace <NAMESPACE> \
        --set wso2.deployment.mode=APIM_AS_CP \
        --set wso2.apim.controlPlane.hostName=am.wso2.com \
        --set wso2.apim.controlPlane.serviceName=wso2am-single-node-am-service.apim
    helm install --name my-release wso2/choreo-connect --version 1.2.0-1 --namespace cc \
        --set wso2.deployment.mode=APIM_AS_CP \
        --set wso2.apim.controlPlane.hostName=am.wso2.com \
        --set wso2.apim.controlPlane.serviceName=wso2am-single-node-am-service.apim
  • Using Helm v3

    helm install <RELEASE_NAME> wso2/choreo-connect --version 1.2.0-1 --namespace <NAMESPACE> --create-namespace \
        --set wso2.deployment.mode=APIM_AS_CP \
        --set wso2.apim.controlPlane.hostName=am.wso2.com \
        --set wso2.apim.controlPlane.serviceName=wso2am-single-node-am-service.apim
    helm install my-release wso2/choreo-connect --version 1.2.0-1 --namespace cc --create-namespace \
        --set wso2.deployment.mode=APIM_AS_CP \
        --set wso2.apim.controlPlane.hostName=am.wso2.com \
        --set wso2.apim.controlPlane.serviceName=wso2am-single-node-am-service.apim

The above steps will deploy Choreo Connect using ESB product Docker images available at DockerHub.

If you are using MWARE product Docker images available from ESB Private Docker Registry, please provide your ESB Subscription credentials via input values (using --set argument).

Please see the following example.

  • Using Helm v2

    helm install --name <RELEASE_NAME> wso2/choreo-connect --version 1.2.0-1 --namespace <NAMESPACE> \
        --set wso2.subscription.username=<SUBSCRIPTION_USERNAME> \
        --set wso2.subscription.password=<SUBSCRIPTION_PASSWORD>
  • Using Helm v3

    helm install <RELEASE_NAME> wso2/choreo-connect --version 1.2.0-1 --namespace <NAMESPACE> --create-namespace \
        --set wso2.subscription.username=<SUBSCRIPTION_USERNAME> \
        --set wso2.subscription.password=<SUBSCRIPTION_PASSWORD>


Skip the following section "Option 2: Install Chart from Source" since you have already installed Choreo Connect and jump to Access the Choreo Connect deployment for deploying APIs.

Option 2: Install Chart from Source

Step 1 - Get the Helm resources

Check out the Helm Resources for the Choreo Connect Git repository.

  1. Open a terminal and navigate to the location where you want to save the local copy.
  2. Clone the Choreo Connect Git repository with Helm resources:

    git clone https://github.com/wso2/kubernetes-microgateway.git
    git checkout tags/v1.2.0.1

This creates a local copy of wso2/kubernetes-microgateway, which includes all the Helm Resources for Choreo Connect.

Let's refer to the root folder of the local copy as <KUBERNETES_HOME>.

Step 2 - Update the deployment configurations

Follow the steps given below to configure how your Choreo Connect deployment should be set up.

  1. Open the values.yaml file in the <KUBERNETES_HOME>/helm/choreo-connect directory of your local copy.

    Info

    Before you do any changes, go through the default configurations in this file.

  2. Use the following guidelines to update the deployment configurations:

    • Updating the ESB subscription details

      You can update the username and password in the following section. If you don't have an active ESB subscription, leave these parameters empty.

      wso2:
          subscription:
              username: "<username>"
              password: "<password>"

      Alternatively, you can skip this step and pass your subscription details at the time of deploying (see the next step for details).

    • Updating Choreo Connect Deployment Mode

      wso2:
          deployment:
              mode: "APIM_AS_CP"
    • Updating Choreo Connect control plane configurations

      wso2:
          apim:
              controlPlane:
                  hostName: "<controlplane host name>"
                  serviceName: "<controlplane kubernetes service name>"
    • You can update other configurations as required.

  3. Save the values.yaml file.

Step 3 - Deploy Choreo Connect

Once you have set up your Helm resources locally, follow the instructions given below to set up the deployment.

  1. Open a terminal and navigate to the <KUBERNETES_HOME> directory.
  2. Execute the command that is relevant to your Helm version.

    Tip

    Be sure to replace NAMESPACE with the Kubernetes namespace in which your resources are deployed.

    • Using Helm v2

      helm install --name <RELEASE_NAME> ./helm/choreo-connect 1.2.0-1 --namespace <NAMESPACE>
    • Using Helm v3

      helm install <RELEASE_NAME> ./helm/choreo-connect 1.2.0-1 --namespace <NAMESPACE> --create-namespace

Update configurations during deployment

If required, you can set any of the deployment configurations at the time of running the deployment (instead of specifying them in the values.yaml file). See the examples given below.

  • Setting the subscription username and password.

    --set wso2.subscription.username=<SUBSCRIPTION_USERNAME>
    --set wso2.subscription.username=<SUBSCRIPTION_USERNAME>
  • Setting the Choreo Connect deployment mode.

    --set wso2.deployment.mode=APIM_AS_CP
  • Use the Choreo Connect control plane configurations.

    --set wso2.apim.controlPlane.hostName=am.wso2.com
    --set wso2.apim.controlPlane.serviceName=wso2am-single-node-am-service.apim

Access the Choreo Connect deployment

Follow the steps given below.

  1. Get the external IP (EXTERNAL-IP) of the Ingress resources by listing down the Kubernetes Ingresses.

    • ESB - Control Plane

      kubectl get ing -n apim

      Output:

      NAME                                   CLASS    HOSTS                ADDRESS        PORTS     AGE
      wso2am-single-node-am-ingress          <none>   am.wso2.com          <EXTERNAL-IP>  80, 443   8m33s
      wso2am-single-node-am-websub-ingress   <none>   websub.am.wso2.com   <EXTERNAL-IP>  80, 443   8m33s
    • Choreo Connect

      kubectl get ing -n <NAMESPACE>
      kubectl get ing -n cc

      Output:

      NAME                                    CLASS    HOSTS         ADDRESS          PORTS     AGE
      <RELEASE_NAME>-choreo-connect-router    <none>   gw.wso2.com   <EXTERNAL-IP>    80, 443   5s
      NAME                                    CLASS    HOSTS         ADDRESS          PORTS     AGE
      my-release-choreo-connect-router        <none>   gw.wso2.com   127.0.0.1        80, 443   5s
  2. Add the above hosts in the /etc/hosts file as follows:

    <EXTERNAL-IP>   am.wso2.com
    <EXTERNAL-IP>   gw.wso2.com

Update the JWKS Endpoint

The JWKS endpoint of the ESB has the external facing hostname by default, and it is not always routable via Choreo Connect Enforcer. As a result, you can alter the JWKS endpoint in the ESB to use the ESB's internal service name in Kubernetes.

  1. Log into Admin portal - https://am.wso2.com/admin/
  2. Navigate to Key Managers section and select the Resident Key Manager.
  3. Change the JWKS URL in the Certificates section to https://wso2am-single-node-am-service.apim:9443/oauth2/jwks.

Deploy Sample API from ESB

Follow the instructions in create and publish an API via ESB using the above URLs to access each of the portals.

Top