Gateway Environments
Environment is a runtime execution context for API Proxies in an enterprise.
This section describes environment creation and related operations.
When the Manage Kubernetes Namespace and Resources with Apinizer option is enabled in System General Settings screen, it becomes available.
Environment Creation
The picture below shows the Environment Settings:
Fields that contains general information about the environment are shown in the table below.
Field | Description |
|---|---|
Type | Test or Production can be selected as the type so that the test is not deducted from the license. |
Name | Name of environment. |
Key | An environment-specific abbreviated key used for the created environment. |
| Node List | It is selected on which kubernetes worker servers the created environment will run. |
Project | You can choose the projects where the environment can be used, or leave it blank so that it can be used in all projects. If one or more projects are selected, they must also be added to be used in newly created projects. It comes with no selection by default. If a project is selected, it means that only API Proxies included in that project can be deployed to this environment. |
| It is the external access address of API Proxies running in the environment. It has been explained in detail in the previous section. | |
Description | It can be used for ease of management and important notes. |
Gateway Server Access URL | The nodeport or ingress type service access address required to deploy the configurations made in the Apinizer API Manager to the Gateway Pods is entered here. Example: http://worker-service.prod.svc.cluster.local:8091 If the HTTPS Enabled option is selected, the address here should also be taken into consideration. Example: https://worker-https-service.prod.svc.cluster.local:8443 |
Cache Server Access URL | The nodeport or ingress type service access address required for deploying the configurations made in the Apinizer API Manager to the Cache Pods or for the Gateway Pods to access the cache pods is entered here. |
API Proxy Traffic Log Connectors
Log connectors where all API Proxy Traffic and extensions in the environment will be logged are defined here.
The picture below shows the API Proxy Traffic Log Connector definitions:
Please refer to this page for more information about adding a connector to environment.
Gateway Engine and Cache Server Settings
Gateway engine and Cache server correspond to pods in Kubernetes environment.
Gateway engine's name in Apinizer Platform is apinizer-worker. It is the core module of Apinizer Platform, responsible for routing all API requests to BackendAPI and works as Policy Enforcement Point.
The cache server is called apinizer-cache on the Apinizer Platform. It is the environment where the Cache values required in Apinizer are kept.
The picture below shows the Gateway and Cache server settings:
The fields used for configuration in the Gateway Engine section are shown in the table below.
Field | Description |
|---|---|
Count | Gateway engine count is equivalent to replicaSet in Kubernetes Cluster. |
CPU | The maximum number of CPU cores that the pod will use. |
Memory | The maximum amount of memory the pod will use. |
Memory Unit | The unit of value required for the memory is selected; MB, GB. |
Protocol Settings | The HTTP Enabled option is selected by default. If HTTPS is desired to be used, the HTTPS Enabled option is also selected. In this case required keystore and truststore files must be uploaded. Since the mTLS setting works over the HTTPS protocol, it can only be selected when the HTTPS setting is on and allows the server to request authentication from the client, but does not enforce this as a strict requirement to establish the connection. If mTLS authorization is required, the mTLS policy should be used. |
Keystore | When HTTPS protocol is selected, keystore files can be loaded in JKS or PFX format. |
Truststore | When HTTPS protocol is selected, truststore files can be loaded in JKS or PFX format. |
Keystore Password | Enter the password of the keystore file. |
Truststore Password | Enter the password of the truststore file. |
Https Engine Service Port | The port of a service is entered in the range of 30080-32767. |
Http Engine Service Port | It is the port information required to access the services running in the application. |
Additional Variables
Default and optional variables and their values to be run in the pod are defined in this section.
Default variables cannot be deleted, only their values can be edited or new ones can be added.
| Değişken Adı | Açıklaması | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| JAVA_OPTS | -XX: MaxRAMPercentage: sets the JVM Heap values to use 75% of the memory allocated to the container because it runs inside the container. http.maxConnections: Max http connection count that can be created from this environment. | ||||||||||||||||||||
| tuneWorkerThreads | Specifies the minimum number of Worker threads the server is running. The recommended values are as follows:
| ||||||||||||||||||||
| tuneWorkerMaxThreads | Specifies the maximum number of Worker threads the server is running. The recommended values are as follows:
| ||||||||||||||||||||
| tuneBufferSize | It is the size of the buffer area in bytes that a thread will use for writing. | ||||||||||||||||||||
| tuneIoThreads | Number of IO Threads. Its recommended values are to be in parallel with the number of processors. | ||||||||||||||||||||
| tuneBacklog | Specifies the maximum pending connection queue size if the server is ready to accept connections. | ||||||||||||||||||||
| tuneRoutingConnectionPoolMaxConnectionPerHost | Specifies the maximum connection pool value that can be used per host in the backend connections of API Proxies. | ||||||||||||||||||||
| tuneRoutingConnectionPoolMaxConnectionTotal | Specifies the maximum connection pool value to be used for backend connections of API Proxies. The recommended values are as follows:
| ||||||||||||||||||||
| logLevel | It allows the application logs to be started by default with this parameter when starting the environments. It can take ERROR, WARNING, INFO, DEBUG, TRACE and OFF values. | ||||||||||||||||||||
| defaultCharset | When this field is not added, UTF-8 character set is used by default; this field specifies the character set used in request and response operations | ||||||||||||||||||||
| multi-part / File Upload Parameters | The following key concepts should be used to configure settings for multi-part HTTP requests for file uploads;
The size value of all key concepts is in bytes, so 1024*1024*100 is 100MB. | ||||||||||||||||||||
| Token Service CORS Parameters | When a javascript application connects to receive a JWT or OAuth2 Token via Apinizer, the CORS values need to be returned from the Apinizer token service. If JWT or OAuth2 Token settings will be managed;
| ||||||||||||||||||||
| Token Service X-Forwarded-For Parameters | When a request is made to get a JWT or OAuth2 Token via Apinizer, the client's IP must be obtained. If JWT or OAuth2 Token settings will be managed;
|
Cache Server configuration
The fields used for Cache Server configuration are shown in the table below.
Field | Description |
|---|---|
| Cache Count | Cache count is equivalent to replicaSet in Kubernetes Cluster. |
| CPU | The maximum number of CPU cores that the pod will use. |
Memory | The maximum amount of memory the pod will use. |
Memory Unit | The unit of value required for the memory is selected; MB, GB. |
Additional Variables | Default and optional variables and their values to be run in the pod are defined. Default variables cannot be deleted, only their values can be edited.
For cache pods to be accessible to other cache pods via Kubernetes, the CACHE_SERVICE_NAME value should be added.
Daily quota information is also kept in the cache. Daily quota information is reset according to UTC timezone. If you want the starting time of the daily changing quota to be reset to your local time, you can add the value of CACHE_QUOTA_TIMEZONE to the additional variables. The value added here must be written as "+03:00".
If it is not desired for cache pods to try to load the values from the database all at once when first opened, the CACHE_LAZY_MODE value can be added as lazy. In this case, priority is given to opening the pod and the values can continue to be loaded after the pod is opened. It is recommended to enter this value if there are a large number of records in the database.
|
The following warning should be taken into account when configuring the Java Options setting in the additional variables area;
Please note that the -Xmx and -Xms settings disable automatic heap sizing.
Apinizer sets the JVM Heap values to use 75% of the memory allocated to the container because it runs inside the container.
UseContainerSupport is enabled by default.
Old (and somehow broken) flags -XX: {Min | Max} RAMFraction is now deprecated. There is a new -XX:MaxRAMPercentage flag that takes a value between 0.0 and 100.0 and defaults to 25.0. So if there is a 1GB memory limit, the JVM heap is limited to ~250MB by default.
Setting Host Aliases
What is Host Alias? Why is it needed?
IP addresses in the network can sometimes be put behind host names, if they are not defined in the nameserver or host file, or if Apinizer has not been able to resolve them somehow, HostAlias must be defined for the worker pods to resolve these names.
Republishing is required for the changes made here to take effect. It should be noted that there will be a few minutes of interruption in this process compared to the version update.
On Kubernetes, hostnames or their corresponding IP addresses can be given host alias of hostnames. This setting is defined in the deployment.yaml file.
The picture below shows the Host Alias settings:
Publishing Environment
Click the Unpublished button to publish a environment.
Click the Publish button to confirm the operation from the incoming window and the environment is deployed to the kubernetes server.
Republishing Environment
By hovering over a published environment, the Published button is clicked.
Click the Republish button to confirm the operation from the incoming window.
After the Republishing Environment, the Pods are also restarted.
JWT Token Validation Key
If the environment is registered, the JWT Token Authentication Key is generated. This token is the value of the private key involved in generating tokens through the Apinizer Token Service for authentication policies. If the user wants to generate his own token, he should make use of the private key here.
To access this information, go to the JWT Token Validation Keys tab.
By clicking the Redeploy button, the existing key can be redeployed to the servers without making any changes to the key.
By clicking the Regenerate & Deploy button, a new key can be generated and deployed to the servers.
By clicking the Upload & Deploy button, the PEM Encoded Private Key file can be uploaded and a new key can be generated and used according to this key.
Deleting a Environment
By selecting the environment and clicking Remove Environment from the Remove Environment tab at the bottom, information about the environment is deleted from the database.
When the deletion is complete, the installation of all API Proxies registered in this environment is also deleted, and API Proxies that were previously installed in this environment can no longer be accessed through this environment.
Cache Monitor
With the settings in the Cache section of the Overview tab of the API Proxy screen, the request can be cached and answered without going to the Backend API. At the same time, quota and throttle policies are also managed via the cache pod.
In order to monitor, view and delete the cache operations based on the environment, go to this page from the Cache link of the environment.
The picture below shows the Cache Monitor:
Metric Monitor
To monitor the status of Worker and Cache pods on Kubernetes, click the Pods link of the relevant environment from the environment list.
The picture below shows the Pods Screen:
If you want to access metrics for all environments, click here.