How Does API7 Enterprise Proxy Applications in Kubernetes Clusters?

January 24, 2024


In the dynamic era of cloud-native technologies, Kubernetes has emerged as the go-to solution for many enterprises seeking to build resilient and scalable applications. API7 Enterprise offers powerful capabilities in security and traffic management, coupled with exceptional performance. API7 Enterprise integrates with the Kubernetes Service Discovery, serving as a proxy for applications deployed within a Kubernetes cluster. Let's go exploring the process of utilizing API7 Enterprise to proxy applications in your Kubernetes cluster.


  1. Install API7 Enterprise

Note: If API7 Enterprise is not already deployed within Kubernetes clusters, configure the network settings of the machine hosting API7 EE to ensure accessibility to upstream pods in the Kubernetes environment.

  1. Deploy Services in Kubernetes

If you've already deployed services in Kubernetes, you can skip this step. Otherwise, execute the following command to create services:

# create a new namespace
kubectl create namespace api7ee

kubectl create deployment httpbin --image=kennethreitz/httpbin:latest -n api7ee
kubectl create service clusterip httpbin --tcp=80:80 -n api7ee
  1. Create a Kubernetes Service Account
  • API7 Enterprise relies on this credential for accessing the Kubernetes API and fetching upstream configurations. Consequently, We need to create an RBAC resource first. The following is the specific YAML file configuration:

      # rbac.yaml
      kind: ClusterRole
        name: api7-k8s-sd-watcher
        - apiGroups: [""]
          resources: ["endpoints"]
          verbs: ["list", "watch"]
      kind: ClusterRoleBinding
        name: api7-k8s-sd-watcher-binding
        - kind: ServiceAccount
          name: api7-k8s-sd-sa
          namespace: api7ee
        kind: ClusterRole
        name: api7-k8s-sd-watcher
      apiVersion: v1
      kind: ServiceAccount
        name: api7-k8s-sd-sa
        namespace: api7ee
      apiVersion: v1
      kind: Secret
        name: api7-k8s-sd-secret
        namespace: api7ee
  • Create RBAC resources and get this token.

    kubectl apply -f rbac.yaml -n api7ee
    kubectl get secrets api7-k8s-sd-secret -n api7ee -ojsonpath='{.data.token}' | base64 -d

Implementation of Kubernetes Service Discovery in API7 Enterprise

Connecting to the Kubernetes Service Registry

  1. Go to an existing gateway group and access the Service Registry through the left-hand menu.

  2. Click the Add Service Registry Connection button. Select Kubernetes as the discovery type and provide the Kubernetes API service access address and token.


  1. Once API7 Enterprise establishes a successful connection to the service registry, you will see a healthy status.


Publishing the Service for Testing

  1. Navigate to the service page, click to create a new service, and add the /anything route.

  2. Proceed to publish the service, and choose the appropriate upstream:


  1. After publishing, you can test it using curl.


In conclusion, we have talked about the steps to leverage the API7 Enterprise for proxying Kubernetes services. For more information about the features of the API7 Enterprise, please don't hesitate to get in touch with us.

Proxy ApplicationKubernetes ClusterAPISIX Basics