Layer7 API Management

  • Private Community
 View Only

Back to discussions
Expand all | Collapse all

Layer7 APIM Portal Operator: Experimental Feature Availability

  • 1.  Layer7 APIM Portal Operator: Experimental Feature Availability

    Broadcom Employee
    Posted Jul 24, 2024 03:16 PM

    Introducing the experimental Layer7 Portal to Kubernetes integration. This integration allows the Layer7 API Portal to manage APIs deployed to db-less gateways (ephemeral) in a Kubernetes cluster, managed by the Layer7 Operator and without the need for the OAuth Toolkit installed on those gateways.

    Defined as an add-on to our standard cloud native deployment, the Portal Integration option will allow you to experiment with both Gateway AND Portal level use cases. 

    How this works

    Using Kubernetes APIs, Portal manages a set of API Custom Resource definitions in your Kubernetes Cluster. From here, the Layer7 Operator works to manage the deployment  of these APIs to the Gateway instances it manages.

     



    Redis Key Store

    The Layer7 Portal to Kubernetes integration also supports using Redis as an API Key Store. With Portal publishing API Keys directly to Redis we are seeing faster app deployment times. This integration packages and integrates the Redis component with Portal and Gateway. In a real deployment, you would be able to share the same redis key store across multiple gateway clusters without the need to synchronize across the various gateway deployments.

    Getting started

    To make it easy to get started, this integration provides a simple deploy-all make file which will installs:

    • A Kind (Kubernetes in Docker) cluster, including an ingress controller

    • The Portal Helm Chart with custom images to support this integration 

    • The Layer7 k8s operator

    • A 'proxy' gateway (db-less, v11.0.00_CR2)

    • A Redis Standalone instance

     

    To start, pull the operator repo branch where this integration resides:

    >git clone -b portal_integration_example https://github.com/CAAPIM/layer7-operator

     

    Then follow the steps in the readme which will involve using one of the make options to create the cluster and deploy all the pods.

     

    Please reach out if you need assistance or have questions or feedback by responding to this post.

    Caveats

    The Portal Operator Integration is considered an experimental capability. It should be deployed in a standalone/sandbox environment. This does not carry any official Broadcom support but we'd love to hear your feedback and suggestions here on the community site.

     

    Limitations

    • APIs must be redeployed if Gateway Deployments are scaled out:

      • Portal managed APIs are only deployed to running gateways.  When Gateways are scaled out, a manual redeployment of the APIs is required from Portal.

    • Compatible with, but OAuth not included

      • The Gateway definitions included with the example deployment are defined without an OAuth provider such as OTK.  Only basic API Key validation flows are supported out of the box. This is by-design to make the gateway pods leaner, but one could integrate an OAuth provider (OTK or other) as needed.

    • Cannot view existing Environment definitions.

    • The Portal UI is currently missing a link that will allow you to view previously defined Environments.  As a work around, bookmark the Environment details page you see after  successfully creating an Environment.  You can then use the bookmark to navigate back to this page. As an additional measure, you may wish to copy the URL and save it elsewhere for future use.



    ------------------------------
    Greg Thompson
    Layer7 Product Management
    ------------------------------