-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplify Namespace Configuration in WSO2 APK #2663
Comments
Additional Enhancement SuggestionBuilding upon the current resolution, I would like to propose a feature request to introduce a more centralized and user-friendly approach for managing namespace configurations. Feature Suggestion:Introduce a Custom Resource Definition (CRD): apiVersion: maistra.io/v1
kind: ServiceMeshMemberRoll
metadata:
name: default
namespace: istio-system
spec:
members:
# List of namespaces participating in the service mesh
- your-namespace
- another-namespace Benefits:
Proposed Implementation:
This feature would make WSO2 APK more aligned with user expectations for enterprise-grade, multi-namespace Kubernetes environments. I hope this suggestion can help in making WSO2 APK more robust and easier to use for diverse deployment scenarios. Thank you for considering this proposal. |
Building upon the previous suggestions, I propose an additional feature to enhance the management of namespaces within the WSO2 API Platform for Kubernetes (APK): Feature Suggestion: Namespace Annotation for Data Plane Inclusion: Proposed Implementation:
Benefits:
Implementing this feature would streamline the process of managing multi-namespace environments in WSO2 APK, making it more intuitive and efficient for users. |
Problem
I have successfully configured WSO2 API Platform for Kubernetes (APK) on OpenShift, integrating it with Keycloak as the identity provider. This setup allows for API deployment across multiple namespaces, with each API secured using OAuth2 tokens from Keycloak.
Current Configuration:
TokenIssuer
is configured in APK to facilitate authentication via Keycloak.Issue Encountered:
When deploying an API in a namespace different from the one housing the APK data plane, I encountered a
503 Service Temporarily Unavailable
error upon invoking the API with a valid token. Notably, when using an invalid token, the system correctly responds with anAccess Token Expired
message, indicating that the request reaches the router and undergoes validation.Solution
Resolution:
The issue was resolved by specifying the relevant namespaces in both the
adapter
andcommonController
configurations within the Helmvalues.yaml
file, as follows:This dual configuration enabled the APK data plane to recognize and manage APIs across the specified namespaces.
Affected Component
Common-controller
Version
1.2.0
Implementation
Improvement Suggestion:
The necessity to list namespaces in two separate sections (
adapter
andcommonController
) within the Helm configuration can lead to confusion and potential misconfigurations. Next to that this information is not clearly documented in the Administration guidelines. To enhance user experience and streamline the setup process, I propose consolidating the namespace specification into a single configuration parameter. This approach would simplify the deployment process and reduce the likelihood of errors, thereby improving the overall usability of WSO2 APK in multi-namespace environments.I appreciate the efforts of the WSO2 team in developing and maintaining APK and hope this suggestion contributes to its continued improvement.
Related Issues
No response
Suggested Labels
helm apk cluster namespace
The text was updated successfully, but these errors were encountered: