This presentation shows a possible instantiation of Axway API management in Azure.
After deploy the container infrastructure, we build all docker images and customize helm package.
Then we have a ready for use solution and we are able to demonstrate a policy upgrade and rollback with a simple service virtualized.
This devblog article is a complement. It describes tools used in this presentation:
https://devblog.axway.com/apis/api-management-demonstration-on-azure/
Hello everyone,
What can you do for 20 minutes ? A small meeting or better, a nice break. But at Axway, we are also able to deploy a ready for use instance of our solution API Management Platform. Not possible ?
Ok to do that. We're going to deploy a typical External Managed Topology with Azure services. We will install components Admin node manager, Api manager and Api gateway. Two main steps are necessary to do this within the time of a good coffee break.
First go get yourself a good coffee while we provide all services to support our solution in container mode.
We choose the Azure Portal deployment to be more graphical. This is the only manual action to set some parameters and they will be used for the next 20 minutes. In this context, We choose only a resource group and a project name. Project name will be useful for resources name, Dns records and Kubernetes namespace. Notice secure fields that protect sensitive information. In prerequisite, we had provided a service account with right permissions to configure all ressources. After accepted term and condition, deployment start with a validation of the template by Azure engine.
You can see immediately that Azure is building all objects with our constraints. And you can follow the deployment in real time.
As you can see, the Admin node manager and api manager interface aren’t available.
In less than 6 minutes, a complete solution is built to support a real deployment pipeline :
A virtual network protected by Azure firewall
An Azure Container Registry to store Axway Docker Images and Helmchart package
A virtual machine to execute the install script as a pipeline.
2 storages accounts that will be used by Kubernetes
And the main component
We use only premium ressources for performance reasons.
It’s possible to tighten security with more Azure services than Application Gateway in front of the cluster or Azure Vault.
Now while you are purchasing your donuts, we’ll install the solution.
Azure Notifies us that deployment is completed after 22 minutes. But what did it do ? 8 steps are reported in our Webhook Teams to deploy Api gateway.
First, it configures clients on the VM (Docker, Helm, Azure)then, It configures all components as Kubernetes, Docker Registry and DNS record
Next, It builds 3 docker images ANM Api manager and base OS with Axway’s Python script.
To finish it configures a helm package and deploys it on Kubernetes. Helmchart is also provided by Axway.
Now, let’s have a look at the Kubernetes Dashboard to better understand it.
Kubernetes is working hard to follow behavior of objects that are described in the helmchart.
So don’t worry, the red color will turn to green which is the operational color in a few minutes. So keep
We set an order in kubernetes manifest to deploy each component. It begins by Cassandra, Mysql, then Admin node manager, api manager.
The last object is he Api gateway called traffic in this Dashboard.
(1min46) Now it’s possible to test the User interface after all objects are available,
First Admin node manager
Second Api Manager.
The install script had deployed this architecture diagram.
You can see a typical ntiers architecture with presentation of services, execution of features and storage of data.
Each square is a component. It contains a pod that is a unit of execution of docker images, a service enabling access internaly for others pods. And some secret objects to protect sensitive information such as password or certificates.
We use also a Nginx ingress controller to enable specific services outside the cluster and for ssl terminaison. It concerns gateway trafic , Api manager and admin node manager interface.
Https connexion are secured with let’s encrypt certificate.
Kubernetes uses Azure ressources automatically for data persistance. It’s used by mysql and cassandra data and for events and logs.
Note that Cassandra has to be outside the cluster in production environment.
Axway provides some helmchart example to configure the solution in Kubernetes. You can take some adaptions for your context.
Break is finished and we can savour our effortless work so far. In this step, we will virtualize an API, then we will upgrade to a new version and to finish we will rollback to previous version.
First, Virtualize an API.
Before doing that, we reduce the number of Api gateway replica to be faster for the next tests.
In effect, an upgrade is operational in Kubernetes only when all pod replica of gateway are upgraded and in a successfull state. So Modification takes a few minutes to delete pod traffic-2 and to disappear in Topology section of admin node manager UI.
(29s) Some activities are detected on gateways because a healthcheck is configured in Helmchart.
(45s) To do this test, We added a fed file with a REST api when we built the API Gateway image.
So, we can import it from topology. The name of the host is the admin node manager service in Kubernetes.
(1min20) All of this step can be automated with a tools because Api manager use API.
(2min16) Then we add the api gateway dns ingress name in virtual host parameters to publish the API.
(2min40) Now we are ready to test our API. In this demo, We use the method version that return a contant value version 1.
Second , upgrade the policy version.
Note that gateway Traffic-2 disappears automatically in this dashboard.
To do that, we had generated another gateway images after modify the constant value by version 2 in fed file.
We take a part of the same script and it pushed the image on Azure Container Registry.
(1min) Now we have just to edit the Helmchart file value.yaml to modify the image tag of Api gateway and Api manager.
(1min37) Helm lists all packages that are installed on the cluster. And we have just to find the good one to upgrade it. A simple helm command upgrade the configuration in Kubernetes. And the deployment start after a verification of all all manifests.
(2min13) Immediately, Kubernetes works to apply all modification on components impacted.
(2min32) As you can see, The second replica is not available so the Api method version answer the same value. We have no downtime.
(2min41) But now, the value change to version 2.0. The upgrade is complete.
Now we can take a rollback to cancel the last modifications. With only one command, you can reload the last Helmchart. So Kubernetes replaces the latest image tag by the previous image tag.
(38s) In Kubernetes Dashboard, you can see the same behavior with a reload of pods traffic-0 and traffic-1.
(1m04) The rollback is without downtime.
(1m10) Now all replica are upgrade and our policy display contant value version 2.
Building pipeline can be difficult for complex solution that are API Management. But Axway provides some best practices and powerful tools.
First, Python script to personnalize Docker image.
Second Helmchart to deploy it in Kubernetes.
And some other tools to automate the configuration. They are available in Axway resources.
But then, you will always execute the same pipeline in running mode. Axway choose some robust technologies to facilitate Deployment, upgrade and rollback with more security. One example, the upgrade will be refused by Kubernetes if you make an error in Helmchart.
As showed along this demonstration, It’s possible to deploy a ready for use instance of Api Gateway on Azure in little time. Azure services, notably AKS, are particulary suited to Axway product. Now just imagine what we could build during a lunch break. Thank you.