Empowering the Future of API Management: Unveiling the Journey of WSO2 API Platform for Kubernetes (APK) Project and the Anticipated Alpha Release

 

Introduction

In the ever-evolving realm of API management, our journey embarked on the APK project eight months ago, and now, with great anticipation, we stand on the verge of releasing our Alpha version. Our sights are set on the momentous 1.0.0 GA release, scheduled for the end of August 2023. As a team deeply involved in the development of APK, we are compelled to share the motivations driving our efforts, the intricate components shaping our creation, and how this solution will revolutionise API management.


APIs and Importance of APIs

In the digital business era, APIs play a crucial role in enabling services, fostering collaboration, and driving innovation. They empower internal and external teams to collaborate effectively, making collaboration and cooperation easier than ever before. APIs enable businesses to adapt and evolve quickly in a dynamic environment, responding to market changes, customer needs, and emerging opportunities with agility. By seamlessly integrating with various systems, technologies, and platforms, APIs provide the flexibility that organizations need to stay ahead of the curve. Moreover, APIs streamline integration, simplify communication between different components, and enhance operational efficiency, ultimately improving the overall customer experience. In summary, APIs are essential tools for every business, offering countless benefits and opportunities in today's interconnected world.


Some of Our Observations

Based on our recent market analysis, we have made several noteworthy observations in the API management landscape. Firstly, we have noticed a significant shift where APIs are no longer standalone components but have become integral parts of the infrastructure, operating seamlessly behind the scenes. This observation aligns perfectly with our approach in developing APK, which embraces the integration of API management and gateway functionalities into platforms.

Furthermore, we strongly believe that the future of API management lies in the seamless integration of these functionalities with applications and services. This integration will enable developers to focus solely on building their applications, with API management capabilities automatically enabled by default. This trend reflects the increasing importance of API management as a core part of the development process.

Another observation we have made is the growing prominence of Envoy proxy, not only in Kubernetes environments but also in other contexts. Envoy has emerged as a popular gateway choice for many organizations, highlighting its effectiveness and reliability in handling API traffic.

In recent years, we have also witnessed a widespread adoption of Kubernetes for new deployments across various sectors. Organizations have recognized the immense benefits that Kubernetes brings to their containerized applications and microservices architecture, further emphasizing its significance in the API management landscape.

Lastly, there has been a notable shift towards emphasizing the management aspects of APIs, encompassing areas such as governance, administration, and control. Organizations are increasingly realizing the importance of effectively managing APIs to ensure security, scalability, and compliance with regulatory requirements.

These observations provide valuable insights into the evolving API management market and guide our development of APK, as we strive to address the emerging needs and trends in this dynamic industry.



Introduction to APK

Introducing APK, the API Platform for Kubernetes, a next-generation API management solution that harnesses the power of Kubernetes and offers a range of exceptional characteristics to meet the evolving needs of modern API management. With APK, we have leveraged the native features of Kubernetes, enabling it to seamlessly understand concepts like namespaces and clusters. This empowers APK to automatically scale deployments based on load and other parameters, leveraging the rich metrics provided by Kubernetes.


At the core of APK's gateway solution is the carefully chosen Envoy technology. Envoy is renowned for its exceptional characteristics, including its speed, lightweight nature, and perfect fit within the APK ecosystem as the gateway component. As we developed APK, we went beyond building a simple gateway. We created extensions to address specific use cases in API management, some of which we have contributed back to the Envoy community. Collaboration and contributing to the community are deeply ingrained in our philosophy, as we believe in the power of collective innovation.


WSO2 APK proudly adheres to the Kubernetes Gateway API specification, an open-source project managed by the SIG-NETWORK community. This specification defines a set of resources, including GatewayClass, Gateway, HTTPRoute, TCPRoute, and Service, which collectively enhance service networking capabilities in Kubernetes. By embracing this specification, WSO2 APK leverages expressive and extensible interfaces to enable seamless integration with Kubernetes service networking.


APK's microservices architecture is another key strength. All components, such as back office, portals, and admin services, have been developed as microservices. This architecture offers numerous advantages, including easy scalability to handle higher loads and seamless upgrades to newer versions without disruptions. By adopting a microservices approach, we fully harness the benefits of this architecture, ensuring agility and flexibility.


A notable aspect of APK is the separation of the control plane and data plane, which grants users the freedom to integrate any control plane of their choice. Whether it's plugging in your own control plane or utilizing the APK data plane, you can tailor the solution to your specific needs, providing maximum flexibility and customization.


Moreover, APK is an evolving open-source solution, driven by contributions from the community. This collaborative approach enables us to deliver advanced API management capabilities that address the demands of modern API management. APK is designed specifically for cloud-native architectures, seamlessly integrating with Kubernetes and embracing the principles of scalability, resilience, and elasticity required in cloud environments.


With seamless CI/CD integration, APK streamlines the continuous integration/continuous delivery process, offering easy-to-use tools and APIs. This allows for efficient deployment and management of APIs, supporting a streamlined GitOps approach.


APK aims to provide API marketplace capabilities, enabling features for sharing, discovery, and reusability of APIs. By focusing not only on the technical aspects of API management but also on efficient governance and administration, APK empowers organizations to optimize their API ecosystems.


With its Kubernetes-native approach, exceptional characteristics, microservices architecture, and commitment to collaboration and innovation, APK sets a new standard for API management, enabling organizations to embrace the power of APIs in their digital transformation journey.



APK Components



The APK architecture comprises both control plane and data plane components, with a focus on the data plane for our demonstration. The data plane consists of two main domain services: the Config Service and the Deployer Service.


The Config Service is an open API that allows you to generate APK configurations. It enables you to create APK configurations and Kubernetes API artifacts based on inputs such as OpenAPI schema files or API configurations. This service can be invoked without specific security credentials, simplifying the configuration generation process.

On the other hand, the Deployer Service facilitates the creation of API artifacts within the gateway runtime of the data plane. This API is secured with OAuth 2.0, requiring a valid access token for invocation. By invoking the Deployer Service with the necessary APK artifacts, such as APIs and rate limit policies, they can be deployed to the runtime environment.


These components play a crucial role in the APK architecture, enabling efficient configuration generation and deployment of API artifacts within the data plane.

The gateway partition, depicted in the diagram, consists of three key components: the Router, Enforcer, and Management Client. The Router, an Envoy-based gateway proxy, intercepts all incoming API traffic and applies Quality of Service (QoS) policies to ensure optimal performance and reliability.


The Enforcer component handles authentication and authorization for API calls, ensuring that only authorized requests are allowed to access the APIs. Lastly, the Management Client is responsible for configuring the Router and Enforcer with the necessary information. It facilitates seamless communication and synchronization between these components, ensuring the proper functioning of the gateway partition.

These three components, the Router, Enforcer, and Management Client, form the gateway partition, working together to ensure secure and efficient API traffic management within the APK architecture.


In addition to the gateway partition components, the APK architecture includes a crucial service known as the Rate Limiting Service. This service plays a vital role in handling rate limiting for API calls. The Router component communicates with the Rate Limiter to evaluate incoming requests against the allocated quota. The Rate Limiter service maintains rate limit policies and manages counters to enforce the defined limits.

When there is a need for distributed counters across multiple gateways, Redis serves as a recommended shared information store. The inclusion of the Redis service in the architecture facilitates the management of shared information for rate limiting across gateways.


These APK components, both within the data plane and the gateway partition, work in harmony to enable seamless API management, configuration generation, deployment, and rate limiting within the APK architecture. By understanding these components, you gain a comprehensive understanding of how APK operates and supports efficient API traffic management.



Developer Workflows to Create and Deploy API in APK

Standard API Development Flow

The API developer workflow in APK provides a streamlined process for creating and deploying APIs. As an API developer, you can start by providing your API schema file, typically an OpenAPI file, to the Configuration Service. This service generates an APK configuration file that includes important API metadata, rate limiting details, security settings, and other necessary information.


To enhance the configuration process, APK offers a VS Code plugin that provides syntax highlighting and suggestions. This plugin makes it easier to add rate limitations, new resources, and security configurations to your API. Once you have completed the configuration editing, you have two deployment options.


For development scenarios, you can directly deploy the configuration to the runtime by calling the Deployer Service. This allows for quick and iterative deployments during the development phase. However, for production scenarios, it is recommended to commit the configuration to a source control system such as GitHub. This enables controlled and automated deployments through pipelines, ensuring a structured and controlled release process.


By incorporating source control in the workflow, you can effectively manage versions, revisions, and change histories of your configuration files. This enhances collaboration and control within the development team, facilitating better teamwork and code management practices.


API Development Flow for Kubernetes Developers


In the diagram, we showcase how API Kubernetes artifacts can be easily generated from the provided configurations. APK aims to elevate APIs as first-class citizens in Kubernetes environments, and to achieve this, custom resources for APIs were created.

By invoking the Configuration Service, you can generate Kubernetes artifacts specifically tailored for APIs. These artifacts can be applied to a Kubernetes cluster using standard command-line tools like kubectl. However, in production scenarios, direct execution of kubectl commands on the runtime may not be feasible. In such cases, pipeline jobs play a vital role, where the generated artifacts are applied to the runtime through automated processes.


Many organizations have embraced Kubernetes practices and prefer working with Kubernetes configuration files and kubectl commands directly. This feature proves valuable to them, as it aligns with their existing workflows and allows for greater customization and control over API creation.


With this streamlined process, APK seamlessly integrates APIs into Kubernetes environments, enabling better management and utilization of API resources within the Kubernetes ecosystem. The workflow supports both development agility and production reliability, empowering API developers to create and deploy APIs effectively in APK.


APK Gateway 


APK Gateway is a lightweight API gateway specifically designed for microservices architectures, with a strong focus on efficiency. It is purpose-built to seamlessly integrate with modern cloud platforms, ensuring smooth operation in cloud-native environments.

With its engineered scalability, APK Gateway can effortlessly handle increasing API traffic and adapt to growing demands. It offers rapid startup times, with an approximate 1-second initialization, ensuring instant availability and responsiveness.

Security and authentication are paramount, and APK Gateway enhances these processes by supporting self-validating tokens. This helps ensure the integrity and confidentiality of API communications. Additionally, the gateway provides compatibility with both mutable and immutable gateway configurations, allowing for flexibility in configuration management.

Whether you have small-scale or large-scale API deployments, APK Gateway is designed to handle them seamlessly. It is the ideal solution to meet your evolving needs, providing the power and agility required for efficient API management in microservices architectures.

Experience the benefits of APK Gateway and unlock the full potential of your microservices' architecture, with enhanced performance, scalability, and security for your APIs.


APK Control Plane

In APK, the control plane plays a crucial role in managing the API lifecycle and overseeing administrative tasks. It consists of several domain services that work together to provide comprehensive management functionalities.


The Admin service serves as the backbone for administrative tasks, allowing users to manage organizations, users, and other high-level management activities. It provides essential capabilities for maintaining control over the API ecosystem.

The Back Office service is responsible for managing organizations, global policies, and other important aspects. It enables users to add and update documentation, define lifecycles, adjust portal visibility settings, and manage security protocols. It ensures efficient administration and configuration management.

For the developer portal, we have the Developer Portal DS, which offers an intuitive interface for developers. It facilitates API searching, subscription management, consumer application management, and client security. The Developer Portal DS enhances the developer experience by providing easy access to API resources and promoting collaboration.

These domain services expose REST APIs that users can interact with to perform various tasks. They interact with a Postgres database service, chosen for its efficiency in storing API metadata.

The user interface, built with React, hosts a suite of applications that provide user-friendly interfaces for creating, managing, and consuming APIs. These applications enhance the overall user experience by simplifying complex tasks and streamlining workflows.

The Management Server component acts as an intermediary between the control plane and the data plane. It facilitates communication and coordination between these two planes, ensuring efficient operation and seamless integration.

By leveraging the control plane components in APK, users can effectively manage the API lifecycle, perform administrative tasks, and provide a superior developer experience through intuitive interfaces and efficient coordination between the control and data planes.

APK Scaling Capabilities

Scaling capabilities are crucial for ensuring optimal performance and handling increased workload in APK, the API gateway solution. In a Kubernetes environment, APK leverages the Kubernetes Horizontal Pod Autoscaler (HPA) and the Kubernetes Metrics Server for automated scaling.

The Kubernetes HPA allows the gateway's replicas to be automatically adjusted based on specific metrics such as CPU utilization, memory usage, or custom metrics. This dynamic scaling ensures that the gateway can efficiently handle varying traffic loads, maintaining optimal performance and responsiveness.

APK also supports vertical scaling, which enables organizations to manage the number of APIs and other resources. If the API count exceeds a certain limit, organizations have the flexibility to deploy multiple gateway partitions within the same cluster or opt for a multi-cluster deployment strategy. This allows for efficient resource allocation, load balancing, and high availability in the API management infrastructure.

By leveraging both horizontal and vertical scaling capabilities, APK empowers organizations to effectively manage their API traffic, optimize resource allocation, and deliver seamless performance even during peak demand. These scaling mechanisms enable businesses to adapt to changing requirements, scale their API infrastructure as needed, and provide exceptional user experiences to their customers.


WSO2 APK - API Management for Kubernetes

In this article i will discuss about API platform for kubernetes(APK) project we are working these days. The platform is specifically engineered to overcome challenges in API management that arise within the context of Kubernetes and cloud native technology. Today, more development teams, particularly those using open source, are increasingly turning to Kubernetes. This is creating demand for a new generation of API management solutions that take advantage of Kubernetes' capabilities to deliver high performance at cloud scale, automate core functions, and increase reliability. WSO2 APK addresses these needs and provides organisations with the tools they need to effectively manage their APIs.

The Kubernetes API Management Gap

It’s vital to have API management solutions that are specifically designed to run on Kubernetes environments. Traditional solutions often struggle to adapt as they don’t leverage native Kubernetes features, which can lead to suboptimal performance, scalability, and resilience in managing APIs in a Kubernetes environment. Many of these solutions are rigid and inflexible and make it difficult for development teams to adapt to changing business needs. These solutions also require developers to manually configure and manage APIs. While this process can be time-consuming and error prone, it’s generally manageable for smaller projects. However, with the larger cloud-scale Kubernetes projects, the number of services and APIs quickly becomes too difficult to handle. 


There can be other issues as well. Running old VM-style API management software on Kubernetes can present technical challenges, such as compatibility, scalability, and integration problems. Such software often relies on specific configurations, dependencies, and infrastructure that can be difficult to replicate within a containerized environment. The lack of compatibility with modern technologies like Kubernetes can result in a complicated migration process and reduced performance. For example, modern API management software should be able to leverage Kubernetes service discovery to automatically find new services, endpoints, and metadata and generate corresponding API definitions and documentation. This lowers time and effort for API creation and management and improves system reliability and scalability.

Building a Better Platform

WSO2 APK is based on more than a decade of experience in delivering API management solutions that have often provided industry firsts in addressing development teams’ evolving needs. Since its initial release in November 2012, WSO2 API Manager quickly gained popularity, and our diverse range of clients across various industries and applications have given us valuable insights to continuously innovate and redefine API management solutions for cloud native environments.


Over the years, we’ve made significant enhancements to WSO2 API Manager to make it more cloud native. Docker images were created for WSO2 API Manager product binaries to allow users to deploy them in cloud environments. Components were made more lightweight and independent, enabling easier deployment and management in Kubernetes environments. The introduction of the micro gateway was also a key step in this direction, allowing users to deploy the data plane in Kubernetes environments and utilize all of its capabilities. 


Building on this experience, we decided to implement a complete platform using a microservices architecture, enabling it to run natively on Kubernetes. We wanted to create an innovative solution that takes advantage of the latest Envoy gateway implementation while adhering to Kubernetes gateway API specifications and industry standards. The result is WSO2 APK — a testament to our commitment to improving and tackling API management challenges using the full capabilities of Kubernetes. 

Platform Overview

WSO2 APK offers a comprehensive solution for API management with features for the entire API lifecycle, including API design/development, developer portal, API gateway, and marketplace capabilities. The platform also adds key architectural features designed specifically for Kubernetes environments. These include the following:

  • WSO2 APK is built as a cloud native solution, making it more scalable and better suited for cloud-based environments.

  • With the ability to deploy on any Kubernetes-based infrastructure, WSO2 APK provides more flexibility and portability.

  • The platform is designed to work seamlessly with DevOps tools and processes, enabling teams to rapidly develop and deploy APIs.


Moreover, WSO2 APK is built with a microservices architecture that enables developers to build, deploy, and manage APIs more efficiently and with greater flexibility. Additionally, because the various components (including the developer portal, admin service, and publisher) are implemented as separate microservices, the platform supports customization and scaling without affecting the system as a whole. This design makes it possible to add or remove functions and update individual components with ease.


To support cloud native Kubernetes environments, the platform’s deployment consists of two main components.


The Control Plane is responsible for managing the overall functioning of WSO2’s APK system. It includes API management back-office capabilities, admin tasks, and API marketplace functionality. It consists of four main sub-components: 

  • The Back Office is responsible for configuring the portal aspects of APIs, including description, document, image, etc.

  • The Dev Portal allows API consumers to discover and consume APIs.

  • The Admin Portal is used to configure rate limit policies, key management services, and other administrative tasks.

  • The Management Server communicates with data planes and pushes updates whenever required.

The Data Plane is responsible for handling the runtime design, processing API requests, and applying API management quality of services. It’s designed to handle high volume, real-time data processing and includes functions for routing, rate limiting, and security. The APK runtime consists of three main sub-components: 

  • The Runtime Manager is responsible for configuring the runtime aspects of APIs, discovering Kubernetes services, and converting them into APIs.

  • The Management Client communicates with the management server (control plane) to push and pull updates and maintain connectivity between the data plane and the control plane.

  • The API Gateway has two main components. The Router intercepts incoming API traffic and applies quality of service such as authentication, authorization, and rate limiting. Meanwhile, the Enforcer enforces API management capabilities, such as security, rate limiting, analytics, validation, etc. 


When it comes to microservices development and deployment, it's common to deploy services in one or more namespaces for logical isolation. This isolation can be based on the business functionality, ownership, access control, and security requirements. Similarly, in WSO2 APK, the control plane and data plane can be deployed on different namespaces or clusters for added security and ease of management. 


We’ve also made monitoring namespaces for new service additions easy and seamless. The platform is capable of quickly identifying new services and converting them into APIs with minimal effort. This allows organisations to streamline their API management process and keep pace with their microservices development.


Figure 1 shows the deployment of the control plane, data plane components, and microservices that are being exposed as managed APIs. It depicts the utilisation of a single control plane to manage both external and internal data planes (deployed on different Kubernetes clusters for better isolation), which are connected to microservices deployments (on different namespaces within data plane clusters). We also support deploying everything in a single cluster.


Figure 1: WSO2 API Platform for Kubernetes - Deployment Architecture

Key Technologies 

WSO2 APK adopts a multi-language approach for its implementation, with the management domain services written in Ballerina and Java. For the API gateway, Envoy serves as the foundation and certain gateway extensions are crafted using Go and C++. Additionally, front-end applications are envisioned as being built with the ReactJS framework.


Our team conducted initial product analysis and discovered that the Kubernetes gateway API could effectively define APIs and gateways. The API gateway project from Envoy offered a streamlined deployment model and API layer particularly suited for API gateway use cases. Based on this, we chose to use the Envoy API gateway project as the API gateway implementation and the Kubernetes gateway API for configuring our gateway. The use of Envoy as the foundation for the API gateway offers high performance, a light weight, and rich features, including centralised API traffic management, authentication, rate limiting, and request/response transformation. 


Internally, we utilize custom resource definitions (CRDs) to define the APIs (known as ingress resources), policies, and other information required for API deployment, providing greater flexibility and control over artifact management and deployment within the platform. If you want a more comprehensive understanding of the technologies and frameworks shown in the diagram, we invite you to visit our GitHub project

Next Steps and How to Contribute

WSO2 announced the platform’s first milestone release (version 0.0.1-m1) at the end of December 2022, and we’ve been sending out new releases on a bi-weekly basis. You can visit the WSO2 APK development project dashboard to view project iterations, selected features, execution model, etc. The team plans to release a general availability version in early 2Q23. Please visit our GitHub page to learn more. You can use the Git project to create feature requests, improvements, and report product issues. 


The project has already garnered significant interest from a diverse range of organisations and individuals, who’ve expressed their eagerness to collaborate and support our development efforts. The enthusiastic feedback we’ve received from engineers has been particularly heartening, with many highlighting the platform's ability to seamlessly monitor and convert new services into APIs. With such positive support from the community, we’re confident that WSO2 APK will emerge as a major player in the API management domain. We remain committed to delivering a best-in-class platform, and we deeply appreciate your support throughout our journey.


Empowering the Future of API Management: Unveiling the Journey of WSO2 API Platform for Kubernetes (APK) Project and the Anticipated Alpha Release

  Introduction In the ever-evolving realm of API management, our journey embarked on the APK project eight months ago, and now, with great a...