Skip to main content

Who is This Section For?

Network Specialists

You can find detailed information on network architecture design, port and firewall configuration, load balancing strategies, and network segmentation.

Security Teams (SecOps)

Critical information on secure deployment patterns, DMZ/LAN separation, security layers, and compliance requirements is available.

DevOps Engineers

You can find practical information on Kubernetes cluster installation, container orchestration, automation, and monitoring.

System Architects

Comprehensive guidance is provided for architectural decision-making, scalability planning, high availability design, and capacity planning.

Section Content Summary

In this section, you can find all topology and architectural information necessary for installing the Apinizer platform. Below, the headings and scopes within the section are summarized:

Deployment Topologies

The Deployment Models page explains in detail three basic installation topologies that Apinizer can use according to different requirements:
  • Topology 1: Test and PoC - Ideal for test and proof of concept environments with quick installation and low resource requirements
  • Topology 2: Professional Installation - Structure that provides load balancing between worker nodes for medium-scale production environments
  • Topology 3: High Availability - HA structure that provides %99.9+ uptime, automatic failover, and data replication for critical production environments
Detailed system requirements, hardware specifications, network topology, and capacity planning information for each topology can be found on the relevant pages:

Network Topology and Port Requirements

The Network Topology and Port Requirements page contains network configuration information critical for secure deployment:
  • DMZ and LAN Zones - Secure network segmentation and component placement
  • Firewall Rules - Required port and protocol requirements for inter-component communication
  • Kubernetes Port Requirements - Communication ports between control-plane and worker nodes
  • Apinizer Component Ports - Manager, Worker, MongoDB, and Elasticsearch port configurations
  • Network Segmentation - VLAN, subnet, and routing configuration recommendations
  • Security Layers - Defense in depth strategy and security best practices
This page contains all technical details needed for network and security teams to configure firewall rules and define port access permissions.

Installation Prerequisites

Before installing the Apinizer Platform, ensure that appropriate prerequisites are available. Before starting installation, verify that the operating system is supported and that you have the necessary development platforms.

Supported Operating Systems

Since Apinizer runs on Kubernetes, it supports all operating systems that have Kubernetes installed. However, the from-scratch installations in the documentation are aimed at Linux-based operating systems.

Components Required by Apinizer

NameVersion/Requirement
Kubernetes / Tanzu / OpenShift / RKE2There is no version dependency. Since Apinizer images are provided rootless from DockerHub, they can be run on any container orchestration-based platform.
MongodbThere is no version dependency. However, the MongoDB to be installed must be configured as a replica set (Even if it is a single node, it must be configured as a replica set. It should not be configured as a Standalone Instance).
ElasticsearchMinimum version 7.9.2 is supported. The officially recommended version is 8.17.10. Versions above 8.17.10 are not recommended as they have not been tested.

Elasticsearch Version Support

VersionStatusNotes
Elasticsearch 7.9.2SupportedMinimum supported version
Elasticsearch 8.17.10Officially Recommended✓✓ Recommended version
Elasticsearch 8.x (< 8.17.10)TestedNo official support, can be used
Elasticsearch 8.x (> 8.17.10)Not RecommendedNot recommended as it has not been tested

Topics to Focus on for Each Role

Network Specialists (Network Engineers)

Network specialists should focus on the following topics in this section:
  • Network Architecture: Placement of Apinizer components on the network and traffic flow
  • Port Requirements: Required ports for Kubernetes, MongoDB, Elasticsearch, and Apinizer components
  • Traffic Flow: Traffic flow between Client → Load Balancer → Worker → Backend
  • Load Balancing: Load balancing strategies and configuration (HAProxy/Nginx)
  • Network Segmentation: DMZ and LAN separation, VLAN configuration
  • Firewall Rules: Firewall configuration requirements for inter-component communication
  • Routing: Subnet configuration and routing rules
Priority Pages:

Security Teams (SecOps)

Security teams should focus on the following topics in this section:
  • Secure Deployment Patterns: Best practice architectural approaches and defense in depth strategy
  • DMZ Placement: Which components should be in DMZ and security rules
  • LAN Protection: Protection of sensitive components in the internal network (Manager, MongoDB, Elasticsearch)
  • TLS/SSL Termination: Encryption and certificate management requirements
  • Access Control: Inter-component communication security and principle of least privilege
  • Compliance: Required configurations for compliance with security standards
  • Security Layers: Security at Network, Transport, Application, and Data layers
Priority Pages:

DevOps Engineers

DevOps engineers should focus on the following topics in this section:
  • Kubernetes Installation: Control-plane and worker node configuration
  • Container Orchestration: Pod placement and resource management
  • Automation: Requirements for installation and configuration automation
  • Monitoring and Logging: System monitoring and log collection configuration
  • CI/CD Integration: Required information for deployment pipelines
  • Scaling: Horizontal and vertical scaling strategies
Priority Pages:
  • Deployment Models - For topology selection
  • Relevant topology pages - For system requirements and installation steps

System Architects

System architects should focus on the following topics in this section:
  • Architectural Decision Making: Selecting appropriate topology according to business requirements
  • Scalability Planning: Scaling strategies according to traffic increase
  • High Availability Design: HA requirements and failover mechanisms
  • Capacity Planning: Traffic estimation, data size, and performance expectations
  • Disaster Recovery: Geographic backup and recovery strategies
  • Cost Optimization: Resource requirements and cost analysis
Priority Pages:
  • Deployment Models - Topology comparison and selection guide
  • All topology pages - For detailed architecture and capacity planning information

Core Concepts

DMZ (Demilitarized Zone)

DMZ is a network region protected by firewalls, open to the outside world but isolated from the internal network. Components Running in DMZ:

LAN (Local Area Network)

LAN is the secure internal network region of the organization. It cannot be accessed from the outside world and is under strict security controls. Components Running in LAN:

Deployment Topologies

The Apinizer platform supports three basic deployment topologies. For detailed information, you can refer to the Deployment Models page:
  1. Topology 1: Test and PoC - Ideal for test and proof of concept environments with quick installation and low resource requirements
  2. Topology 2: Professional Installation - Structure that provides load balancing between worker nodes for medium-scale production environments
  3. Topology 3: High Availability - HA structure that provides %99.9+ uptime, automatic failover, and data replication for critical production environments

Security Architecture

Defense in Depth

Apinizer is designed with a layered security approach:

Internet

Outside world and client traffic

Firewall (1) - First Defense Line

First security layer filtering external traffic

DMZ Zone - Public API

Worker modules and services open to external access

Firewall (2) - Second Defense Line

Second security layer controlling transition from DMZ to LAN

LAN Zone - Internal

Manager, MongoDB, Elasticsearch, and sensitive management components

Security Layers

  1. Network Layer: Firewall rules and network segmentation
  2. Transport Layer: TLS/SSL encryption
  3. Application Layer: API security policies (OAuth2, JWT, mTLS)
  4. Data Layer: Data encryption and masking

Decision-Making Guide

Which Deployment Topology Should Be Selected?

When to use:
  • Proof of Concept (POC) projects
  • Development and test environments
  • Low-traffic applications (< 500K requests/day)
  • Quick installation requirements
  • Limited resources and budget
  • For training and learning purposes
Advantages:
  • Lowest resource requirements
  • Quick installation
  • Low cost
  • Simple management
Disadvantages:
  • Single point of failure risk
  • No high availability
  • Not suitable for production
  • Limited scalability
When to use:
  • Medium-scale production environments
  • Medium-traffic applications (500K - 3M requests/day)
  • Basic high availability requirements
  • Situations requiring budget optimization
  • Enterprise applications
Advantages:
  • Load balancing between worker nodes
  • Medium-level resource requirements
  • Suitable for production
  • Flexible scaling
Disadvantages:
  • Limited high availability
  • Database single point of failure risk
  • No geographic distribution
When to use:
  • Critical production environments
  • High-traffic applications (> 3M requests/day)
  • High availability requirements (%99.9+ uptime)
  • Critical business processes
  • Data security and replication requirements
Advantages:
  • High availability (%99.9+)
  • Automatic failover
  • Data replication
  • Load balancing
  • Zero-downtime updates
Disadvantages:
  • High resource requirements
  • Complex installation
  • High cost
  • Cluster management requirements
The topology and architectural information in this section is used in the planning phase of the installation process. For installation operations, it is recommended to follow the steps below:

1. Planning and Preparation (This Section)

  • Topology Selection: Select the appropriate topology according to your business requirements (Deployment Models)
  • Network Planning: Design DMZ/LAN structure and determine port requirements (Network Topology and Port Requirements)
  • Capacity Planning: Calculate traffic estimation and resource requirements (relevant topology pages)

2. Installation Steps (Installation Section)

Installation operations can be performed in different ways. If you have an existing Kubernetes Cluster, you can use it, install on Cloud environments, perform installation from scratch on a Linux-based operating system, or perform quick installation with Helm. For detailed installation steps, refer to the relevant pages under the Installation Section:
  • Installation Overview: Pre-installation information and preparations
  • Kubernetes Installation: Kubernetes cluster installation (standalone or HA)
  • MongoDB Installation: MongoDB installation and replica set configuration
  • Elasticsearch Installation: Elasticsearch installation and cluster configuration
  • Apinizer Installation: Apinizer installation and configuration
  • Installation with Helm: Quick installation using Helm chart
  • Offline Installation: Installation in environments without internet connection
  • Installation on Cloud Environments: Installation on cloud environments such as AWS, Azure, GCP

Next Steps

You can plan your installation by reviewing the pages in the Deployment Topologies section:

Deployment Models

Compare three different installation topologies and select the one suitable for you

Network Topology and Port Requirements

Learn about DMZ/LAN structure and port requirements

Topology 1: Test and PoC

Review requirements for test and PoC environments

Topology 2: Professional Installation

Review requirements for medium-scale production environments

Topology 3: High Availability

Review HA requirements for critical production environments

Capacity Planning

Plan traffic and resources
Important: For production environments, Topology 3: High Availability topology and DMZ/LAN separation must be used. This is critical for security and high availability.