Did you ever wish to be able to use a single API management solution for all your APIs deployed in multiple clouds and on-premises? Now you can! In this session, Vlad Vinogradsky, Product Leader for Azure API Management will explain how to do just that with Azure API Management.
This article explains how self-hosted gateway feature of Azure API Management enables hybrid and multi-cloud API management, presents its high-level architecture, and highlights its capabilities.
Hybrid and multi-cloud API management
The self-hosted gateway feature expands API Management support for hybrid and multi-cloud environments and enables organizations to efficiently and securely manage APIs hosted on-premises and across clouds from a single API Management service in Azure.
With the self-hosted gateway, customers have the flexibility to deploy a containerized version of the API Management gateway component to the same environments where they host their APIs.
All self-hosted gateways are managed from the API Management service they are federated with, thus providing customers with the visibility and unified management experience across all internal and external APIs.
Agenda
- API management refresher
- Distributed API management
- Self-hosted gateway
- Demo
- What’s next
Azure API Management
Unitary API Management
Distributed API Management
Distributed API management pros and cons
Assuming APIs hosted across Azure, on-premises, and other clouds.
Self-hosted gateway – new feature of API Management
Generally available since April 28, 2020
Deployable to on premises or to a cloud
- Functionally equivalent to the managed gateway
- Packaged as a Linux-based Docker container image
- Available from the Microsoft Container Registry
Managed and observed from Azure
- Requires only outgoing connectivity to Azure
- Connects to an API Management service
- Pulls down configuration and pushes up telemetry
Simple to provision and operate
- Just a single container
- Easy to evaluate on a laptop using Docket Desktop or Minikube
- Kubernetes provides availability, scaling, rolling upgrades, and more
Connectivity to Azure
- Self-hosted gateway requires connectivity to Azure
- Without a connection to Azure gateway can’t receive configuration updates or upload telemetry
- It is designed to “fail static” – i.e. it continues to function when connectivity is lost
- Configuration backup to a persistent volume improves resiliency
When Backup is off
- Run using in-memory configuration
- Fail to initialize if restarted
When Backup is on
- Run using in-memory configuration
- Use saved configuration to initialize if restarted
Observability
Demo
- Create gateway resource
- Deploy gateway to Kubernetes (Minikube)
- Configure caching
- Configure gateway to use backend service deployed to the same cluster
- Collect and view metrics locally
Create gateway resource
Deploy gateway to Kubernetes (Minikube)
Configure caching
Configure gateway to use backend service deployed to the same cluster
Collect and view metrics locally
What’s next for self-hosted gateway
Self-hosted gateway logs in Log Analytics – Metrics are available now
Azure AD credentials – Alternative to SAS tokens
Custom CA root certificates – From linked API Management service
Upstream TLS and cypher configuration – From linked API Management service
Self-hosted gateway on Arc Kubernetes – Use Azure control plane and policies to deploy and keep self-hosted gateways up to date
Self-hosted gateway limitations
- Built-in cache
- Service Fabric integration
- TLS session resumption
- Client certificate renegotiation
- Windows container
- Fully disconnected mode
