API Gateway 10.11 | Administering API Gateway | Container-based Provisioning | Kubernetes Support | API Gateway Clustering on Kubernetes
 
API Gateway Clustering on Kubernetes
When deploying API Gateway on Kubernetes, the intention is to create a highly available and scalable setup that can dynamically scale up and down according to the current load. Hence, always configure API Gateway as a cluster. You can provide the cluster configurations as environment variables in the Kubernetes deployment YAML file for API Gateway. The environment variables are the same as described in the Docker configuration section. For details about Docker configuration, see API Gateway Container Cluster Configuration.
Alternatively, you can also provide the cluster configurations in the externalized configuration files as described in the Using the Externalized Configuration Files section. For Kubernetes, the configuration files are implemented as ConfigMaps, which are then injected into the pods through volume mapping.
Peer-to-peer clustering on Kubernetes
If you have configured API Gateway with peer-to-peer clustering you must consider that in a Kubernetes deployment the clustering is not configured with a list of host names. Instead, the namespace and service name of the API Gateway deployment are used. To detect other cluster members, each API Gateway server talks to the Kubernetes API server in order to analyze the endpoints attached to the service. This lookup operation requires specific Kubernetes permissions, which are not available out of the box. It is necessary to create a role with the appropriate permissions, create a role binding that assigns the role to a service account, and finally start the API Gateway deployment with the service account, instead of the default one.
The Kubernetes YAML file to create a service account

apiVersion: v1
kind: ServiceAccount
metadata:
name: cluster-discovery-sa
The Kubernetes YAML file to create a role

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: cluster-discovery-role
rules:
- apiGroups:
- ""
resources:
- pods
- endpoints
verbs:
- get
- list
- watch
The Kubernetes YAML file to assign the role
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cluster-discovery-rolebinding
roleRef:
kind: Role
name: cluster-discovery-role
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: cluster-discovery-sa
The Kubernetes YAML file to use the service account in the API Gateway deployment YAML file
apiVersion: apps/v1
kind: Deployment
spec:
template:
spec:
serviceAccountName: cluster-discovery-sa