Gateway Environments

Environment is a runtime execution context for API Proxies in an enterprise.

This section describes environment creation and related operations.

When the Manage Kubernetes Namespace and Resources with Apinizer option is enabled in System General Settings screen, it becomes available.

Environment Creation

The picture below shows the Environment Settings:

Fields that contains general information about the environment are shown in the table below.

Field	Description
Name	Name of environment.
Key	An environment-specific abbreviated key used for the created environment.
Node List	It is selected on which kubernetes worker servers the created environment will run.
Project	You can choose the projects where the environment can be used, or leave it blank so that it can be used in all projects. If one or more projects are selected, they must also be added to be used in newly created projects. It comes with no selection by default. If a project is selected, it means that only API Proxies included in that project can be deployed to this environment.
Access URL	It is the external access address of API Proxies running in the environment. It has been explained in detail in the previous section.
Description	It can be used for ease of management and important notes.
Gateway Server Access URL	The nodeport or ingress type service access address required to deploy the configurations made in the Apinizer Management console to the Gateway Pods is entered here. Example: http://worker-service.prod.svc.cluster.local:8091 If the HTTPS Enabled option is selected, the address here should also be taken into consideration. Example: https://worker-https-service.prod.svc.cluster.local:8443
Cache Server Access URL	The nodeport or ingress type service access address required for deploying the configurations made in the Apinizer Management Console to the Cache Pods or for the Gateway Pods to access the cache pods is entered here. Example: http://cache-service.prod.svc.cluster.local:8090

API Proxy Traffic Log Connectors

Log connectors where all API Proxy Traffic and extensions in the environment will be logged are defined here.

The picture below shows the API Proxy Traffic Log Connector definitions:

Please refer to this page for more information about adding a connector to environment.

Gateway Engine and Cache Server Settings

Gateway engine and Cache server correspond to pods in Kubernetes environment.

Gateway engine's name in Apinizer Platform is apinizer-worker. It is the core module of Apinizer Platform, responsible for routing all API requests to BackendAPI and works as Policy Enforcement Point.

The cache server is called apinizer-cache on the Apinizer Platform. It is the environment where the Cache values required in Apinizer are kept.

The picture below shows the Gateway and Cache server settings:

The fields used for configuration in the Gateway Engine section are shown in the table below.

Field

Description

Count

Gateway engine count is equivalent to replicaSet in Kubernetes Cluster.

CPU

The maximum number of CPU cores that the pod will use.

Memory

The maximum amount of memory the pod will use.

Memory Unit

The unit of value required for the memory is selected; MB, GB.

Protocol Settings

The HTTP Enabled option is selected by default.

If HTTPS is desired to be used, the HTTPS Enabled option is also selected. In this case required keystore and truststore files must be uploaded.

Since the mTLS setting works over the HTTPS protocol, it can only be selected when the HTTPS setting is on and allows the server to request authentication from the client, but does not enforce this as a strict requirement to establish the connection. If mTLS authorization is required, the mTLS policy should be used.

Keystore

When HTTPS protocol is selected, keystore files can be loaded in JKS or PFX format.

Truststore

When HTTPS protocol is selected, truststore files can be loaded in JKS or PFX format.

Keystore Password

Enter the password of the keystore file.

Truststore Password

Enter the password of the truststore file.

Https Engine Service Port

The port of a service is entered in the range of 30080-32767.

Http Engine Service Port

It is the port information required to access the services running in the application.

Additional Variables

Default and optional variables and their values to be run in the pod are defined.

Default variables cannot be deleted, only their values can be edited or new ones can be added.

Değişken Adı

Açıklaması

JAVA_OPTS

-XX: MaxRAMPercentage: sets the JVM Heap values to use 75% of the memory allocated to the container because it runs inside the container.

http.maxConnections: Max http connection count that can be created from this environment.

tuneWorkerThreads

Specifies the minimum number of Worker threads the server is running.

The recommended values are as follows:

CPU	Thread Sayısı
1	512
2	1024
4	2048
8	4096

tuneWorkerMaxThreads

Specifies the maximum number of Worker threads the server is running.

The recommended values are as follows:

CPU	Thread Sayısı
1	1024
2	2048
4	4096
8	8192

tuneBufferSize

It is the size of the buffer area in bytes that a thread will use for writing.

tuneIoThreads

Number of IO Threads. Its recommended values are to be in parallel with the number of processors.

tuneBacklog

Specifies the maximum pending connection queue size if the server is ready to accept connections.

tuneRoutingConnectionPoolMaxConnectionPerHost

Specifies the maximum connection pool value that can be used per host in the backend connections of API Proxies.

tuneRoutingConnectionPoolMaxConnectionTotal

Specifies the maximum connection pool value to be used for backend connections of API Proxies.

The recommended values are as follows:

CPU	Bağlantısı Sayısı
1	1024
2	2048
4	4096
8	8192

logLevel

It allows the application logs to be started by default with this parameter when starting the environments. It can take ERROR, WARNING, INFO, DEBUG, TRACE and OFF values.

c

The following key concepts should be used to configure settings for multi-part HTTP requests for file uploads;

multipartConfigMaxFileSize: The maximum size allowed to upload files.
multipartConfigMaxRequestSize: The maximum size allowed for a multi-part/form-data request.
multipartConfigFileSizeThreshold: The size threshold at which the file will be written to disk.

The size value of all key concepts is in bytes, so 1024*1024*100 is 100MB.
The picture containing these fields in the Additional Variables table are given below:

The fields used for Cache Server configuration are shown in the table below.

Field	Description
Cache Count	Cache count is equivalent to replicaSet in Kubernetes Cluster.
CPU	The maximum number of CPU cores that the pod will use.
Memory	The maximum amount of memory the pod will use.
Memory Unit	The unit of value required for the memory is selected; MB, GB.
Additional Variables	Default and optional variables and their values to be run in the pod are defined. Default variables cannot be deleted, only their values can be edited. For cache to be accessible via Kubernetes, the CACHE_SERVICE_NAME value should be added. "It should not be forgotten that the environment name should replace the "tester" expression." Daily quota information is also kept in the cache. Quota information is reset to UTC timezone. If you want the starting time of the daily changing quota to be reset to your local time, you can add the value of CACHE_QUOTA_TIMEZONE to the additional variables. The value added here must be written as "+03:00".

The following warning should be taken into account when configuring the Java Options setting in the additional variables area;

Please note that the -Xmx and -Xms settings disable automatic heap sizing.

Apinizer sets the JVM Heap values to use 75% of the memory allocated to the container because it runs inside the container.

UseContainerSupport is enabled by default.

Old (and somehow broken) flags -XX: {Min | Max} RAMFraction is now deprecated. There is a new -XX:MaxRAMPercentage flag that takes a value between 0.0 and 100.0 and defaults to 25.0. So if there is a 1GB memory limit, the JVM heap is limited to ~250MB by default.

Click for detailed information.

Setting Host Aliases

What is Host Alias? Why is it needed?

IP addresses in the network can sometimes be put behind host names, if they are not defined in the nameserver or host file, or if Apinizer has not been able to resolve them somehow, HostAlias must be defined for the worker pods to resolve these names.

Republishing is required for the changes made here to take effect. It should be noted that there will be a few minutes of interruption in this process compared to the version update.

On Kubernetes, hostnames or their corresponding IP addresses can be given host alias of hostnames. This setting is defined in the deployment.yaml file.

The picture below shows the Host Alias settings:

Publishing Environment

Click the Unpublished button to publish a environment.

Click the Publish button to confirm the operation from the incoming window and the environment is deployed to the kubernetes server.

Republishing Environment

By hovering over a published environment, the Republish button is clicked.

Click the Republish button to confirm the operation from the incoming window.

After the Republishing Environment, the Pods are also restarted.

JWT Token Validation Key

If the environment is registered, the JWT Token Authentication Key is generated. This token is the value of the private key involved in generating tokens through the Apinizer Token Service for authentication policies. If the user wants to generate his own token, he should make use of the private key here.

To access this information, go to the JWT Token Validation Keys tab.

By clicking the Redeploy button, the existing key can be redeployed to the servers without making any changes to the key.

By clicking the Regenerate & Deploy button, a new key can be generated and deployed to the servers.

By clicking the Upload & Deploy button, the PEM Encoded Private Key file can be uploaded and a new key can be generated and used according to this key.

Deleting a Environment

By selecting the environment and clicking Remove Environment from the Remove Environment tab at the bottom, information about the environment is deleted from the database.

When the deletion is complete, the installation of all API Proxies registered in this environment is also deleted, and API Proxies that were previously installed in this environment can no longer be accessed through this environment.

Cache Monitor

With the settings in the Cache section of the Overview tab of the API Proxy screen, the request can be cached and answered without going to the Backend API.

In order to monitor, view and delete the cache operations based on the environment, go to this page from the Cache link of the environment.

The picture below shows the Cache Monitor:

Metric Monitor

To monitor the status of Worker and Cache pods on Kubernetes, click the Pods link of the relevant environment from the environment list.

The picture below shows the Pods Screen:

If you want to access metrics for all environments, click here.