Introduction
In the ever-evolving realm of API management, our journey embarked on the APK project eight months ago, and now, with great anticipation, we stand on the verge of releasing our Alpha version. Our sights are set on the momentous 1.0.0 GA release, scheduled for the end of August 2023. As a team deeply involved in the development of APK, we are compelled to share the motivations driving our efforts, the intricate components shaping our creation, and how this solution will revolutionise API management.
APIs and Importance of APIs
In the digital business era, APIs play a crucial role in enabling services, fostering collaboration, and driving innovation. They empower internal and external teams to collaborate effectively, making collaboration and cooperation easier than ever before. APIs enable businesses to adapt and evolve quickly in a dynamic environment, responding to market changes, customer needs, and emerging opportunities with agility. By seamlessly integrating with various systems, technologies, and platforms, APIs provide the flexibility that organizations need to stay ahead of the curve. Moreover, APIs streamline integration, simplify communication between different components, and enhance operational efficiency, ultimately improving the overall customer experience. In summary, APIs are essential tools for every business, offering countless benefits and opportunities in today's interconnected world.
Some of Our Observations
Based on our recent market analysis, we have made several noteworthy observations in the API management landscape. Firstly, we have noticed a significant shift where APIs are no longer standalone components but have become integral parts of the infrastructure, operating seamlessly behind the scenes. This observation aligns perfectly with our approach in developing APK, which embraces the integration of API management and gateway functionalities into platforms.
Furthermore, we strongly believe that the future of API management lies in the seamless integration of these functionalities with applications and services. This integration will enable developers to focus solely on building their applications, with API management capabilities automatically enabled by default. This trend reflects the increasing importance of API management as a core part of the development process.
Another observation we have made is the growing prominence of Envoy proxy, not only in Kubernetes environments but also in other contexts. Envoy has emerged as a popular gateway choice for many organizations, highlighting its effectiveness and reliability in handling API traffic.
In recent years, we have also witnessed a widespread adoption of Kubernetes for new deployments across various sectors. Organizations have recognized the immense benefits that Kubernetes brings to their containerized applications and microservices architecture, further emphasizing its significance in the API management landscape.
Lastly, there has been a notable shift towards emphasizing the management aspects of APIs, encompassing areas such as governance, administration, and control. Organizations are increasingly realizing the importance of effectively managing APIs to ensure security, scalability, and compliance with regulatory requirements.
These observations provide valuable insights into the evolving API management market and guide our development of APK, as we strive to address the emerging needs and trends in this dynamic industry.
Introduction to APK
Introducing APK, the API Platform for Kubernetes, a next-generation API management solution that harnesses the power of Kubernetes and offers a range of exceptional characteristics to meet the evolving needs of modern API management. With APK, we have leveraged the native features of Kubernetes, enabling it to seamlessly understand concepts like namespaces and clusters. This empowers APK to automatically scale deployments based on load and other parameters, leveraging the rich metrics provided by Kubernetes.
At the core of APK's gateway solution is the carefully chosen Envoy technology. Envoy is renowned for its exceptional characteristics, including its speed, lightweight nature, and perfect fit within the APK ecosystem as the gateway component. As we developed APK, we went beyond building a simple gateway. We created extensions to address specific use cases in API management, some of which we have contributed back to the Envoy community. Collaboration and contributing to the community are deeply ingrained in our philosophy, as we believe in the power of collective innovation.
WSO2 APK proudly adheres to the Kubernetes Gateway API specification, an open-source project managed by the SIG-NETWORK community. This specification defines a set of resources, including GatewayClass, Gateway, HTTPRoute, TCPRoute, and Service, which collectively enhance service networking capabilities in Kubernetes. By embracing this specification, WSO2 APK leverages expressive and extensible interfaces to enable seamless integration with Kubernetes service networking.
APK's microservices architecture is another key strength. All components, such as back office, portals, and admin services, have been developed as microservices. This architecture offers numerous advantages, including easy scalability to handle higher loads and seamless upgrades to newer versions without disruptions. By adopting a microservices approach, we fully harness the benefits of this architecture, ensuring agility and flexibility.
A notable aspect of APK is the separation of the control plane and data plane, which grants users the freedom to integrate any control plane of their choice. Whether it's plugging in your own control plane or utilizing the APK data plane, you can tailor the solution to your specific needs, providing maximum flexibility and customization.
Moreover, APK is an evolving open-source solution, driven by contributions from the community. This collaborative approach enables us to deliver advanced API management capabilities that address the demands of modern API management. APK is designed specifically for cloud-native architectures, seamlessly integrating with Kubernetes and embracing the principles of scalability, resilience, and elasticity required in cloud environments.
With seamless CI/CD integration, APK streamlines the continuous integration/continuous delivery process, offering easy-to-use tools and APIs. This allows for efficient deployment and management of APIs, supporting a streamlined GitOps approach.
APK aims to provide API marketplace capabilities, enabling features for sharing, discovery, and reusability of APIs. By focusing not only on the technical aspects of API management but also on efficient governance and administration, APK empowers organizations to optimize their API ecosystems.
With its Kubernetes-native approach, exceptional characteristics, microservices architecture, and commitment to collaboration and innovation, APK sets a new standard for API management, enabling organizations to embrace the power of APIs in their digital transformation journey.
APK Components
The APK architecture comprises both control plane and data plane components, with a focus on the data plane for our demonstration. The data plane consists of two main domain services: the Config Service and the Deployer Service.
The Config Service is an open API that allows you to generate APK configurations. It enables you to create APK configurations and Kubernetes API artifacts based on inputs such as OpenAPI schema files or API configurations. This service can be invoked without specific security credentials, simplifying the configuration generation process.
On the other hand, the Deployer Service facilitates the creation of API artifacts within the gateway runtime of the data plane. This API is secured with OAuth 2.0, requiring a valid access token for invocation. By invoking the Deployer Service with the necessary APK artifacts, such as APIs and rate limit policies, they can be deployed to the runtime environment.
These components play a crucial role in the APK architecture, enabling efficient configuration generation and deployment of API artifacts within the data plane.
The gateway partition, depicted in the diagram, consists of three key components: the Router, Enforcer, and Management Client. The Router, an Envoy-based gateway proxy, intercepts all incoming API traffic and applies Quality of Service (QoS) policies to ensure optimal performance and reliability.
The Enforcer component handles authentication and authorization for API calls, ensuring that only authorized requests are allowed to access the APIs. Lastly, the Management Client is responsible for configuring the Router and Enforcer with the necessary information. It facilitates seamless communication and synchronization between these components, ensuring the proper functioning of the gateway partition.
These three components, the Router, Enforcer, and Management Client, form the gateway partition, working together to ensure secure and efficient API traffic management within the APK architecture.
In addition to the gateway partition components, the APK architecture includes a crucial service known as the Rate Limiting Service. This service plays a vital role in handling rate limiting for API calls. The Router component communicates with the Rate Limiter to evaluate incoming requests against the allocated quota. The Rate Limiter service maintains rate limit policies and manages counters to enforce the defined limits.
When there is a need for distributed counters across multiple gateways, Redis serves as a recommended shared information store. The inclusion of the Redis service in the architecture facilitates the management of shared information for rate limiting across gateways.
These APK components, both within the data plane and the gateway partition, work in harmony to enable seamless API management, configuration generation, deployment, and rate limiting within the APK architecture. By understanding these components, you gain a comprehensive understanding of how APK operates and supports efficient API traffic management.
Developer Workflows to Create and Deploy API in APK
Standard API Development Flow
The API developer workflow in APK provides a streamlined process for creating and deploying APIs. As an API developer, you can start by providing your API schema file, typically an OpenAPI file, to the Configuration Service. This service generates an APK configuration file that includes important API metadata, rate limiting details, security settings, and other necessary information.
To enhance the configuration process, APK offers a VS Code plugin that provides syntax highlighting and suggestions. This plugin makes it easier to add rate limitations, new resources, and security configurations to your API. Once you have completed the configuration editing, you have two deployment options.
For development scenarios, you can directly deploy the configuration to the runtime by calling the Deployer Service. This allows for quick and iterative deployments during the development phase. However, for production scenarios, it is recommended to commit the configuration to a source control system such as GitHub. This enables controlled and automated deployments through pipelines, ensuring a structured and controlled release process.
By incorporating source control in the workflow, you can effectively manage versions, revisions, and change histories of your configuration files. This enhances collaboration and control within the development team, facilitating better teamwork and code management practices.
API Development Flow for Kubernetes Developers
In the diagram, we showcase how API Kubernetes artifacts can be easily generated from the provided configurations. APK aims to elevate APIs as first-class citizens in Kubernetes environments, and to achieve this, custom resources for APIs were created.
By invoking the Configuration Service, you can generate Kubernetes artifacts specifically tailored for APIs. These artifacts can be applied to a Kubernetes cluster using standard command-line tools like kubectl. However, in production scenarios, direct execution of kubectl commands on the runtime may not be feasible. In such cases, pipeline jobs play a vital role, where the generated artifacts are applied to the runtime through automated processes.
Many organizations have embraced Kubernetes practices and prefer working with Kubernetes configuration files and kubectl commands directly. This feature proves valuable to them, as it aligns with their existing workflows and allows for greater customization and control over API creation.
With this streamlined process, APK seamlessly integrates APIs into Kubernetes environments, enabling better management and utilization of API resources within the Kubernetes ecosystem. The workflow supports both development agility and production reliability, empowering API developers to create and deploy APIs effectively in APK.
APK Gateway
APK Gateway is a lightweight API gateway specifically designed for microservices architectures, with a strong focus on efficiency. It is purpose-built to seamlessly integrate with modern cloud platforms, ensuring smooth operation in cloud-native environments.
With its engineered scalability, APK Gateway can effortlessly handle increasing API traffic and adapt to growing demands. It offers rapid startup times, with an approximate 1-second initialization, ensuring instant availability and responsiveness.
Security and authentication are paramount, and APK Gateway enhances these processes by supporting self-validating tokens. This helps ensure the integrity and confidentiality of API communications. Additionally, the gateway provides compatibility with both mutable and immutable gateway configurations, allowing for flexibility in configuration management.
Whether you have small-scale or large-scale API deployments, APK Gateway is designed to handle them seamlessly. It is the ideal solution to meet your evolving needs, providing the power and agility required for efficient API management in microservices architectures.
Experience the benefits of APK Gateway and unlock the full potential of your microservices' architecture, with enhanced performance, scalability, and security for your APIs.
APK Control Plane
In APK, the control plane plays a crucial role in managing the API lifecycle and overseeing administrative tasks. It consists of several domain services that work together to provide comprehensive management functionalities.
The Admin service serves as the backbone for administrative tasks, allowing users to manage organizations, users, and other high-level management activities. It provides essential capabilities for maintaining control over the API ecosystem.
The Back Office service is responsible for managing organizations, global policies, and other important aspects. It enables users to add and update documentation, define lifecycles, adjust portal visibility settings, and manage security protocols. It ensures efficient administration and configuration management.
For the developer portal, we have the Developer Portal DS, which offers an intuitive interface for developers. It facilitates API searching, subscription management, consumer application management, and client security. The Developer Portal DS enhances the developer experience by providing easy access to API resources and promoting collaboration.
These domain services expose REST APIs that users can interact with to perform various tasks. They interact with a Postgres database service, chosen for its efficiency in storing API metadata.
The user interface, built with React, hosts a suite of applications that provide user-friendly interfaces for creating, managing, and consuming APIs. These applications enhance the overall user experience by simplifying complex tasks and streamlining workflows.
The Management Server component acts as an intermediary between the control plane and the data plane. It facilitates communication and coordination between these two planes, ensuring efficient operation and seamless integration.
By leveraging the control plane components in APK, users can effectively manage the API lifecycle, perform administrative tasks, and provide a superior developer experience through intuitive interfaces and efficient coordination between the control and data planes.
APK Scaling Capabilities
Scaling capabilities are crucial for ensuring optimal performance and handling increased workload in APK, the API gateway solution. In a Kubernetes environment, APK leverages the Kubernetes Horizontal Pod Autoscaler (HPA) and the Kubernetes Metrics Server for automated scaling.
The Kubernetes HPA allows the gateway's replicas to be automatically adjusted based on specific metrics such as CPU utilization, memory usage, or custom metrics. This dynamic scaling ensures that the gateway can efficiently handle varying traffic loads, maintaining optimal performance and responsiveness.
APK also supports vertical scaling, which enables organizations to manage the number of APIs and other resources. If the API count exceeds a certain limit, organizations have the flexibility to deploy multiple gateway partitions within the same cluster or opt for a multi-cluster deployment strategy. This allows for efficient resource allocation, load balancing, and high availability in the API management infrastructure.
By leveraging both horizontal and vertical scaling capabilities, APK empowers organizations to effectively manage their API traffic, optimize resource allocation, and deliver seamless performance even during peak demand. These scaling mechanisms enable businesses to adapt to changing requirements, scale their API infrastructure as needed, and provide exceptional user experiences to their customers.