API Gateway Clustering on Kubernetes

Edit online

When deploying API Gateway on Kubernetes, the intention is to create a highly available and scalable setup that can dynamically scale up and down according to the current load. Hence, always configure API Gateway as a cluster. You can provide the cluster configurations as environment variables in the Kubernetes deployment YAML file for API Gateway. The environment variables are the same as described in the Docker configuration section. For details about Docker configuration, see API Gateway Container Cluster Configuration.

Alternatively, you can also provide the cluster configurations in the externalized configuration files as described in the Using the Externalized Configuration Files section. For Kubernetes, the configuration files are implemented as ConfigMaps, which are then injected into the pods through volume mapping.

Peer-to-peer clustering on Kubernetes

If you have configured API Gateway with peer-to-peer clustering you must consider that in a Kubernetes deployment the clustering is not configured with a list of host names. Instead, the namespace and service name of the API Gateway deployment are used. To detect other cluster members, each API Gateway server talks to the Kubernetes API server in order to analyze the endpoints attached to the service. This lookup operation requires specific Kubernetes permissions, which are not available out of the box. It is necessary to create a role with the appropriate permissions, create a role binding that assigns the role to a service account, and finally start the API Gateway deployment with the service account, instead of the default one.

The Kubernetes YAML file to create a service account 


  apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: cluster-discovery-sa

The Kubernetes YAML file to create a role 

 
  apiVersion: rbac.authorization.k8s.io/v1
  kind: Role
  metadata:
    name: cluster-discovery-role
  rules:
  - apiGroups:
    - ""
    resources:
    - pods
    - endpoints
    verbs:
    - get
    - list
    - watch

The Kubernetes YAML file to assign the role 

kind: RoleBinding
  apiVersion: rbac.authorization.k8s.io/v1
  metadata:
    name: cluster-discovery-rolebinding
  roleRef:
    kind: Role
    name: cluster-discovery-role
    apiGroup: rbac.authorization.k8s.io
  subjects:
  - kind: ServiceAccount
    name: cluster-discovery-sa
The Kubernetes YAML file to use the service account in the API Gateway deployment YAML file 
 apiVersion: apps/v1
  kind: Deployment
  spec:
    template:
      spec:
        serviceAccountName: cluster-discovery-sa