This guide provides step-by-step instructions to deploy WSO2 Micro Integrator (MI) and Integration Control Plane (ICP) in a Kubernetes environment using Helm charts. Both MI and ICP will be deployed in the same namespace for seamless integration.
- Git: Install Git on your machine.
- Helm: Install Helm (version 3 or later) on your machine.
- Kubernetes Cluster: Ensure you have an operational Kubernetes cluster (e.g. AKS, EKS, GKE, or a local Kubernetes cluster).
- Traffic Routing (one of the following):
- Ingress Controller (Default): Deploy an ingress controller (e.g. NGINX Ingress Controller).
- Gateway API Controller (Recommended): Deploy a Gateway API compatible controller (e.g. Envoy Gateway, NGINX Gateway Fabric).
- Docker Images: Acquire WSO2 product Docker images. Push them to a container registry (e.g. ACR, ECR, GCR) if necessary.
- WSO2 Subscription: A valid WSO2 subscription is required to access Docker images from the WSO2 private registry. If you don't have a subscription, sign up for a WSO2 Free Trial Subscription .
You can utilize either Minikube or Rancher Desktop to establish a local Kubernetes cluster:
-
Install Minikube by following the official documentation.
-
Start a Minikube cluster:
minikube start
-
Set up traffic routing (choose one):
Option A: Ingress Controller
minikube addons enable ingressOption B: Gateway API (Recommended)
# Install Gateway API CRDs kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml # Install Envoy Gateway helm install eg oci://docker.io/envoyproxy/gateway-helm \ --version v1.2.1 -n envoy-gateway-system --create-namespace
- Install Rancher Desktop from the official website.
- Configure Rancher Desktop to use Kubernetes and set the desired Kubernetes version.
- Set up traffic routing (choose one):
- Ingress: Install the NGINX ingress controller.
- Gateway API: Install Gateway API CRDs and a Gateway controller (see Minikube Option B above).
Clone the Helm chart repository containing the MI and ICP Helm charts:
git clone https://github.com/wso2/helm-mi.gitCheckout to your preferred MI runtime version branch:
cd helm-mi
git checkout origin/4.5.xCreate a unified namespace for both MI and ICP:
kubectl create namespace wso2-integration- Edit the
mi/values_local.yamlfile to configure MI-specific parameters. - Edit the
icp/values_local.yamlfile to configure ICP-specific parameters.
Important
The configurations described below apply to both MI and ICP deployments. Ensure that the parameters are correctly set in the respective values_local.yaml files for seamless functionality.
If you intend to use the WSO2 released server image, obtain a subscription and update the following configurations:
containerRegistry: "wso2"
wso2:
subscription:
username: "<username>"
password: "<password>"If you are using your own customized MI server images, set containerRegistry to the specific private docker registry:
containerRegistry: "<private-registry-name>"
wso2:
deployment:
imagePullSecrets: "<image-pull-secret>"
image:
repository: "<image-name>"
digest: "<image-digest>"
tag: "<image-tag>"
pullPolicy: IfNotPresentWhen running on a local Kubernetes cluster using a local image, leave this empty:
containerRegistry: ""
wso2:
deployment:
image:
repository: "<image-name>"
digest: "<image-digest>"
tag: "<image-tag>"
pullPolicy: IfNotPresentNote
The values_local.yaml is preconfigured to use a file-based user store by default. If you wish to proceed with this configuration, skip the following section.
- You can use default ADMIN user [username='admin', password='admin'] for testing purposes.
Example for READ ONLY LDAP:
wso2:
config:
userstore:
file:
enabled: false
ldap:
type: "read_only_ldap"
connectionUrl: "ldap://{hostname}:{port}"
connectionName: "uid=admin,ou=system"
connectionPassword: "admin"
userSearchBase: "ou=Users,dc=wso2,dc=org"Refer to MI documentation for complete list of parameters.
Example for MySQL:
wso2:
config:
userstore:
file:
enabled: false
rdbms:
url: "jdbc:mysql://{hostname}:{port}/userdb"
username: "<username>"
password: "<password>"
jdbc:
driver: "com.mysql.jdbc.Driver"
poolParameters:
maxActive: 50
maxWait: 60000Refer to MI documentation for more information on supporting RDBMS types.
Note
When using RDBMS, the JDBC driver must be added to the <SERVER_HOME>/lib folder. To achieve this, you need to build a custom server image.
Follow these steps below to add JDBC driver:
-
Create the Dockerfile
- BASE_IMAGE:
- MI:
wso2/wso2mi:4.5.0 - ICP:
wso2/wso2-integration-control-plane:1.0.0
- MI:
- WSO2_SERVER_HOME:
- MI:
/home/wso2carbon/wso2mi-4.5.0 - ICP:
/home/wso2carbon/wso2-integration-control-plane-1.0.0
- MI:
Example for MySQL:
FROM <BASE_IMAGE> USER root RUN apt-get update && \ apt-get install -y wget && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* ENV WSO2_SERVER_HOME=<WSO2_SERVER_HOME> RUN mkdir -p ${WSO2_SERVER_HOME}/lib ARG JDBC_DRIVER_URL=https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-8.0.33.tar.gz RUN wget -O /tmp/mysql-connector.tar.gz "${JDBC_DRIVER_URL}" && \ tar -xzf /tmp/mysql-connector.tar.gz -C /tmp && \ find /tmp -name "mysql-connector*.jar" -exec cp {} ${WSO2_SERVER_HOME}/lib/ \; && \ rm -rf /tmp/mysql-connector.tar.gz RUN chown -R wso2carbon:wso2 ${WSO2_SERVER_HOME}/lib && \ chmod -R 755 ${WSO2_SERVER_HOME}/lib USER wso2carbon
- BASE_IMAGE:
-
Build the image:
docker build -t customized-wso2-img:1.0.0 . -
Update the following configurations in
values_local.yaml:containerRegistry: "" wso2: deployment: image: repository: "customized-wso2-img" tag: "1.0.0" pullPolicy: IfNotPresent
Tip
For integration development, if you are using the MI VSCode extension, you can add JDBC drivers to MI server image by placing the JAR file in the <PROJECT_DIR>/deployment/libs folder and then clicking "Create Docker Image" under Deployment Options. This will build the Docker image and push it to the local registry.
- Add following instruction to '<PROJECT_DIR>/deployment/docker/Dockerfile'. Please make sure that only JDBC driver resides in '<PROJECT_DIR>/deployment/libs' folder.
- COPY libs/*.jar ${WSO2_SERVER_HOME}/lib/
Navigate to the mi directory and deploy MI using Helm:
cd mi
helm install wso2-mi ./ -f values_local.yaml --namespace wso2-integrationNavigate to the icp directory and deploy ICP using Helm:
cd icp
helm install wso2-icp ./ -f values_local.yaml --namespace wso2-integrationEnsure all pods are running:
kubectl get pods -n wso2-integration
Verify that services are exposed:
kubectl get svc -n wso2-integration
If using Ingress:
kubectl get ingress -n wso2-integrationIf using Gateway API:
# Check Gateway resources
kubectl get gateway -n wso2-integration
# Check HTTPRoute resources
kubectl get httproute -n wso2-integrationTip
The HOST is the hostname specified in deployment.hostname in the values_local.yaml file. The default values are,
- MI : mi.wso2.com
- ICP : icp.wso2.com
kubectl logs <pod-name> -n wso2-integration
Please follow these steps
-
Get the external IP (EXTERNAL-IP) of the Ingress resources by listing the Kubernetes ingresses.
kubectl get ingress -n wso2-integration
-
Add the host information to your /etc/hosts file.
<EXTERNAL-IP> mi.wso2.com <EXTERNAL-IP> icp.wso2.com
-
Now you can access as follows
- Access the ICP dashboard at
https://icp.wso2.com/login. - Invoke the MI integrations as
curl https://mi.wso2.com/<resource-path> -k.
- Access the ICP dashboard at
-
Get the external IP of the Gateway:
kubectl get gateway -n wso2-integration
On a local Minikube cluster, use
minikube serviceto get access URLs for the Gateway services in theenvoy-gateway-systemnamespace. -
Add the host information to your /etc/hosts file.
<EXTERNAL-IP> mi.wso2.com <EXTERNAL-IP> icp.wso2.com
-
Now you can access as follows
- Access the ICP dashboard at
https://icp.wso2.com/login. - Invoke the MI integrations as
curl https://mi.wso2.com/<resource-path> -k -H "Host: mi.wso2.com".
- Access the ICP dashboard at
You can also invoke the MI integration solutions and ICP without going through the Ingress or Gateway by using the port-forward method for services.
For ICP:
kubectl port-forward service/cloud-wso2-icp -n wso2-integration 8080:9743Then, you can access the ICP dashboard at https://localhost:8080/login.
For MI Integrations:
kubectl port-forward service/cloud-wso2-mi -n wso2-integration 8290:8290Then, you can invoke the MI integrations as curl https://localhost:8290/<resource-path> -k.
Provision a Kubernetes cluster using a CSP (e.g., AKS, EKS, GKE). Follow the respective CSP official documentation for cluster setup.
Push the WSO2 product Docker images to the CSP's container registry (e.g., ACR for Azure, ECR for AWS, GCR for Google Cloud).
Update the values.yaml files for MI and ICP to use the container registry paths and CSP-specific configurations (e.g. storage classes, load balancer annotations). Configure either Ingress or Gateway API for traffic routing.
Follow the same deployment steps as in the local setup, ensuring the values.yaml files are updated for the CSP environment.
Validate the deployment and access the applications using the CSP's load balancer, ingress, or Gateway API configurations.
-
Amazon Elastic Kubernetes Service (EKS)
Refer EKS Configs section to configure the required parameters to run MI in EKS.
-
Azure Kubernetes Service (AKS)
Refer AKS Configs section to configure the required parameters to run MI in AKS.
-
Google Kubernetes Engine (GKE)
Refer GKE Configs section to configure the required parameters to run MI in GKE.
To delete the deployments:
helm uninstall wso2-mi -n wso2-integration
helm uninstall wso2-icp -n wso2-integration
kubectl delete namespace wso2-integrationThis guide provides a foundational setup. For advanced configurations, refer to the CONFIG.md and EXAMPLES.md files in the respective Helm chart directories.