Our trade has seen an evolution in how we run software program. Traditionally, platforms have been working in on-premises datacenters however began to transition to the cloud. However, not all workloads can transfer or clients need to have resiliency throughout clouds and edge which launched multi-cloud eventualities.
With our self-hosted gateway capabilities, clients can use our present tooling to increase to their on-premises and multi-cloud APIs with the identical role-based entry controls, API insurance policies, observability choices, and administration aircraft that they’re already utilizing for his or her Azure-based APIs.
New to the self-hosted gateway, how does it work?
When deploying an Azure API Management occasion in Azure clients get three primary constructing blocks:
- A developer portal (additionally referred to as person aircraft) for permitting inside and exterior customers to seek out documentation, check APIs, get entry to APIs, and see fundamental utilization information amongst different options.
- An API gateway (additionally referred to as information aircraft), which accommodates the primary networking element that exposes API implementations, applies API insurance policies, secures APIs, and captures metrics and logs of utilization amongst different options.
- Finally, a Management Plane, which is used via the Azure Portal, Azure Resource Manager (ARM), Azure Software Development Kits (SDKs), Visual Studio and Code extensions, and command-line interfaces (CLIs) that permit to handle and implement permissions to the opposite elements. Examples of this are establishing APIs, configuring the infrastructure, and defining insurance policies.
Figure 1: Architecture diagram depicting the elements and options of Azure API Management Gateway.
In the case of the self-hosted gateway, we offer clients with a container picture that hosts a model of our API Gateway. Customers can run a number of cases of this API Gateway in non-Azure environments and the one requirement is to permit outbound communications to the Management Plane of an Azure API Management occasion to fetch configuration and expose APIs working in these non-Azure environments.
Figure 2: Architecture diagram depicting the elements of a distributed API Gateway resolution utilizing the self-hosted gateway.
Supported Azure API Management tiers
The self-hosted gateway v2 is now typically obtainable and totally supported. However, the next situations apply:
- You want an energetic Azure API Management occasion; this occasion needs to be on the Developer tier or Premium tier.
- In the developer tier, on this case the characteristic is free for testing, with limitations of 1 energetic occasion.
- In the Premium tier, you may run as many cases as you need. Learn extra about pricing at our pricing desk.
- Azure API Management will at all times provision an API Gateway in Azure, which we usually name our managed API gateway.
- Be conscious that there are variations in options between our numerous API gateway choices. Learn extra in regards to the variations in our documentation.
Pricing and gateway deployment
In the case of the self-hosted gateway, we will outline a self-hosted gateway by assigning a reputation to our gateway, a location (which is a logical grouping that aligns with your online business, not an Azure area), an outline, and eventually what APIs we need to expose on this gateway. This permits us to do bodily isolation of APIs on the gateway stage, which is simply doable within the self-hosted gateway at this second. This mixture of location, APIs, and hostname is what defines a self-hosted gateway deployment, this “self-hosted gateway deployment” shouldn’t be confused with a Kubernetes “deployment” object.
For instance, utilizing a single deployment, the place the identical APIs are configured in all areas:
Figure 3: Architecture diagram describing the pricing mannequin for a single deployment of a self-hosted gateway.
However, you too can create a number of self-hosted gateway deployments to have extra granular management over the totally different APIs which are being uncovered:
Figure 4: Architecture diagram describing the pricing mannequin for 2 deployments of a self-hosted gateway.
Supportability and shared tasks
Another essential facet is the help, within the case of the self-hosted gateway, the infrastructure just isn’t essentially managed by Azure, subsequently as a buyer you could have extra tasks to make sure the right functioning of the gateway:
|
Microsoft Azure
|
Shared Responsibilities
|
Customers
|
|
Managed service service stage agreements ( SLA), for the administration aircraft, entry to configuration and talent to obtain telemetry.
|
Securing self-hosted gateway communication with Configuration endpoint: the communication between the self-hosted gateway and the configuration endpoint is secured by an entry token, this token expires routinely each 30 days and must be up to date for the working containers.
|
Gateway internet hosting, deploying, and working the gateway infrastructure: digital machines with container runtime or Kubernetes clusters.
|
|
Gateway upkeep, bug fixes and patches to container picture.
|
Keeping the gateway updated: often updating the gateway to the most recent model and newest options.
|
Network configuration, needed to keep up administration aircraft connectivity and API entry.
|
|
Gateway updates, efficiency, and useful enhancements to container picture.
|
|
Gateway SLA, capability administration, scaling, and uptime
|
|
|
Keeping the gateway updated, often updating the gateway to the most recent model and newest options.
|
|
|
|
Providing diagnostics information to help, accumulating, and sharing diagnostics information with help engineers
|
|
|
|
Third celebration open-source software program (OSS ) software program elements, including extra layers like Prometheus, Grafana, service meshes, container runtimes, Kubernetes distributions, proxies are buyer duty.
|
New options and capabilities of v2 and v1 retirement
When utilizing the most recent variations of our v2 container picture, tag 2.0.0 and or larger, you’d be capable to use the next options:
- Opentelemetry metrics: the self-hosted gateway will be configured to routinely accumulate and ship metrics to an OpenTelemetry Collector. This lets you carry your individual metrics assortment and reporting resolution for the self-hosted gateway. Here you will discover an inventory of supported metrics.
- New picture tagging: we offer 4 tagging methods to satisfy your wants concerning updates, stability, patching, and manufacturing environments.
- Helm chart: a new deployment possibility with a number of variables so that you can configure at deployment time like backups, logs, OpenTelemetry, ingress, probes, and in addition Distributed Application Runtime (DAPR) configurations. This helm chart along with our pattern Yaml recordsdata can be utilized for automated deployments with steady integration and steady supply (CI and CD ) instruments and even Gitops instruments.
- Artifact registry: you will discover all our artifacts in our centralized Microsoft Artifact Registry for all of the container photos offered by Microsoft.
- New EventGrid occasions: a brand new batch of supported EventGrid occasions associated to the self-hosted gateway operations and configurations. The full checklist of occasions will be discovered right here.
Please keep in mind that we’ll be retiring help for the v1 model of our self-hosted gateway, so that is the right time to improve to v2. We additionally present a migration information and a information for working the self-hosted gateway in manufacturing.