Announcing WSO2 API Platform for Kubernetes
- Sanjeewa Malalgoda
- Director - Engineering | Architect at WSO2 - WSO2
Our next-generation API management platform built on a Kubernetes-native architecture on top of Envoy Proxy
We’re excited to announce the newest member of our product family — WSO2 API Platform for Kubernetes (WSO2 APK). The platform is specifically engineered to overcome challenges in API management that arise within the context of Kubernetes and cloud native technology. Today, more development teams, particularly those using open source, are increasingly turning to Kubernetes. This is creating demand for a new generation of API management solutions that take advantage of Kubernetes' capabilities to deliver high performance at cloud scale, automate core functions, and increase reliability. WSO2 APK addresses these needs and provides organizations with the tools they need to effectively manage their APIs.
The Kubernetes API Management Gap
It’s vital to have API management solutions that are specifically designed to run on Kubernetes environments. Traditional solutions often struggle to adapt as they don’t leverage native Kubernetes features, which can lead to suboptimal performance, scalability, and resilience in managing APIs in a Kubernetes environment. Many of these solutions are rigid and inflexible and make it difficult for development teams to adapt to changing business needs. These solutions also require developers to manually configure and manage APIs. While this process can be time-consuming and error prone, it’s generally manageable for smaller projects. However, with the larger cloud-scale Kubernetes projects, the number of services and APIs quickly becomes too difficult to handle.
There can be other issues as well. Running old VM-style API management software on Kubernetes can present technical challenges, such as compatibility, scalability, and integration problems. Such software often relies on specific configurations, dependencies, and infrastructure that can be difficult to replicate within a containerized environment. The lack of compatibility with modern technologies like Kubernetes can result in a complicated migration process and reduced performance. For example, modern API management software should be able to leverage Kubernetes service discovery to automatically find new services, endpoints, and metadata and generate corresponding API definitions and documentation. This lowers time and effort for API creation and management and improves system reliability and scalability.
Building a Better Platform
WSO2 APK is based on more than a decade of experience in delivering API management solutions that have often provided industry firsts in addressing development teams’ evolving needs. Since its initial release in November 2012, WSO2 API Manager quickly gained popularity, and our diverse range of clients across various industries and applications have given us valuable insights to continuously innovate and redefine API management solutions for cloud native environments.
Over the years, we’ve made significant enhancements to WSO2 API Manager to make it more cloud native. Docker images were created for WSO2 API Manager product binaries to allow users to deploy them in cloud environments. Components were made more lightweight and independent, enabling easier deployment and management in Kubernetes environments. The introduction of the micro gateway was also a key step in this direction, allowing users to deploy the data plane in Kubernetes environments and utilize all of its capabilities.
Building on this experience, we decided to implement a complete platform using a microservices architecture, enabling it to run natively on Kubernetes. We wanted to create an innovative solution that takes advantage of the latest Envoy gateway implementation while adhering to Kubernetes gateway API specifications and industry standards. The result is WSO2APK — a testament to our commitment to improving and tackling API management challenges using the full capabilities of Kubernetes.
WSO2 APK offers a comprehensive solution for API management with features for the entire API lifecycle, including API design/development, developer portal, API gateway, and marketplace capabilities. The platform also adds key architectural features designed specifically for Kubernetes environments. These include the following:
- WSO2 APK is built as a cloud native solution, making it more scalable and better suited for cloud-based environments.
- With the ability to deploy on any Kubernetes-based infrastructure, WSO2 APK provides more flexibility and portability.
- The platform is designed to work seamlessly with DevOps tools and processes, enabling teams to rapidly develop and deploy APIs.
Moreover, WSO2 APK is built with a microservices architecture that enables developers to build, deploy, and manage APIs more efficiently and with greater flexibility. Additionally, because the various components (including the developer portal, admin service, and publisher) are implemented as separate microservices, the platform supports customization and scaling without affecting the system as a whole. This design makes it possible to add or remove functions and update individual components with ease.
To support cloud native Kubernetes environments, the platform’s deployment consists of two main components.
The Control Plane is responsible for managing the overall functioning of WSO2’s APK system. It includes API management back-office capabilities, admin tasks, and API marketplace functionality. It consists of four main sub-components:
- The Back Office is responsible for configuring the portal aspects of APIs, including description, document, image, etc.
- The Dev Portal allows API consumers to discover and consume APIs.
- The Admin Portal is used to configure rate limit policies, key management services, and other administrative tasks.
- The Management Server communicates with data planes and pushes updates whenever required.
The Data Plane is responsible for handling the runtime design, processing API requests, and applying API management quality of services. It’s designed to handle high volume, real-time data processing and includes functions for routing, rate limiting, and security. The APK runtime consists of three main sub-components:
- The Runtime Manager is responsible for configuring the runtime aspects of APIs, discovering Kubernetes services, and converting them into APIs.
- The Management Client communicates with the management server (control plane) to push and pull updates and maintain connectivity between the data plane and the control plane.
- The API Gateway has two main components. The Router intercepts incoming API traffic and applies quality of service such as authentication, authorization, and rate limiting. Meanwhile, the Enforcer enforces API management capabilities, such as security, rate limiting, analytics, validation, etc.
When it comes to microservices development and deployment, it's common to deploy services in one or more namespaces for logical isolation. This isolation can be based on the business functionality, ownership, access control, and security requirements. Similarly, in WSO2 APK, the control plane and data plane can be deployed on different namespaces or clusters for added security and ease of management.
We’ve also made monitoring namespaces for new service additions easy and seamless. The platform is capable of quickly identifying new services and converting them into APIs with minimal effort. This allows organizations to streamline their API management process and keep pace with their microservices development.
Figure 1 shows the deployment of the control plane, data plane components, and microservices that are being exposed as managed APIs. It depicts the utilization of a single control plane to manage both external and internal data planes (deployed on different Kubernetes clusters for better isolation), which are connected to microservices deployments (on different namespaces within data plane clusters). We also support deploying everything in a single cluster.
Figure 1: WSO2 API Platform for Kubernetes - Deployment Architecture
WSO2 APK adopts a multi-language approach for its implementation, with the management domain services written in Ballerina and Java. For the API gateway, Envoy serves as the foundation and certain gateway extensions are crafted using Go and C++. Additionally, front-end applications are envisioned as being built with the ReactJS framework.
Our team conducted initial product analysis and discovered that the Kubernetes gateway API could effectively define APIs and gateways. The API gateway project from Envoy offered a streamlined deployment model and API layer particularly suited for API gateway use cases. Based on this, we chose to use the Envoy API gateway project as the API gateway implementation and the Kubernetes gateway API for configuring our gateway. The use of Envoy as the foundation for the API gateway offers high performance, a light weight, and rich features, including centralized API traffic management, authentication, rate limiting, and request/response transformation.
Internally, we utilize custom resource definitions (CRDs) to define the APIs (known as ingress resources), policies, and other information required for API deployment, providing greater flexibility and control over artifact management and deployment within the platform. If you want a more comprehensive understanding of the technologies and frameworks shown in the diagram, we invite you to visit our GitHub project.
Next Steps and How to Contribute
WSO2 announced the platform’s first milestone release (version 0.0.1-m1) at the end of December 2022, and we’ve been sending out new releases on a bi-weekly basis. You can visit the WSO2 APK development project dashboard to view project iterations, selected features, execution model, etc. The team plans to release a general availability version by mid 2023. Please visit our GitHub page to learn more. You can use the Git project to create feature requests, improvements, and report product issues.
The project has already garnered significant interest from a diverse range of organizations and individuals, who’ve expressed their eagerness to collaborate and support our development efforts. The enthusiastic feedback we’ve received from engineers has been particularly heartening, with many highlighting the platform's ability to seamlessly monitor and convert new services into APIs. With such positive support from the community, we’re confident that WSO2 APK will emerge as a major player in the API management domain. We remain committed to delivering a best-in-class platform, and we deeply appreciate your support throughout our journey.