Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
github.com/amalimatharaarachchi/apk
Cloud native API management refers to the use of API management tools and practices that are designed to be natively integrated with cloud computing environments, such as Kubernetes. These tools and practices help organizations to manage and govern their APIs in a more effective and efficient way, leveraging the benefits of cloud computing such as scalability, reliability, and cost-effectiveness. Cloud native API management is also a way of designing, building, and deploying APIs in a cloud environment. There are several characteristics that are commonly associated with cloud native API management:
WSO2 APK, designed to help you build, deploy, and manage APIs in a cloud environment. Our platform is built on top of a microservices architecture and uses containerization technologies to ensure scalability and flexibility. With features like automatic failover and load balancing, our APK platform is designed to be highly available and able to handle large numbers of API requests without performance degradation. We've also added support for continuous delivery and deployment, so you can quickly and easily push updates to your API services.
Some characteristics of APK
For more information about APK release planning and project management information, visit APK Project Dashboard
For in-depth information about WSO2 API Management Platform, visit WSO2 API Management
To ask questions and get assistance from our community, visit WSO2 Discord
To learn how to participate in our overall community, visit our community page
In this README:
You'll find many other useful documents on our Documentation.
APK is an open-source platform for providing complete API Management capabilities on top of the Kubernetes cluster management platform.
APK is composed of these components:
Control Plane - The APK control plane. It provides API Management capabilities, marketplace capabilities along with domain services and web applications. It consists of the following sub-components:
Back Office - Responsible for configuring the portal aspects of API including descriptions, documents, images, etc. Also, manage API visibility and lifecycle. The backend component was developed using Ballerina
Dev Portal - Responsible for API consumer interaction. API consumers can discover APIs, read documents, try them out and eventually subscribe to and consume APIs. The backend component was developed using Ballerina
Admin Portal - Responsible for configuring rate limit policies, key management services, and other administrative tasks. Backend components developed using Ballerina
Management Server - Responsible for communication with data planes and pushing updates. Backend components developed using Go lang
Data Plane - The APK data plane. It provides API runtime capabilities such as gateway, rate-limiting services, and runtime management. It consists of the following sub-components:
Runtime Manager - Responsible for configuring the runtime aspects of API including API endpoints, discovering Kubernetes services, and converting them into APIs, etc. The backend component was developed using Ballerina
Management Client - Responsible for communication with the management server(control plane) to push/pull updates and maintain connectivity between the data plane and the control plane. The backend component was developed using Go
API Gateway - Router - Router will intercept incoming API traffic and apply quality of services such as authentication, authorization, and rate limiting. The router uses the Envoy Proxy as the core component that does the traffic routing. Required additional extensions were developed using C++
API Gateway - Enforcer - The Enforcer is the component that enforces the API management capabilities such as security, Rate Limiting, analytics, validation and etc. When the Router receives a request, it forwards that request to the Enforcer in order to perform the additional QoS. Plugins were developed using Java
Identity Platform - Responsible for authentication and authorization happens in the data plane.
WSO2 APK comes with Postman collections to test product APIs and developers can use collection of API requests and configure them to test different scenarios. For example, they can reuse available requests to verify that the API returns the correct responses for different requests. These tests will users t identify potential issues or bugs that may need to be addressed before using it. Please refer Postman Tests section of the repo for more information about tests and test artifacts.
WSO2 API Kubernetes Platform has released following docker images in the WSO2 public docker hub.
Adapter: wso2/adapter:0.0.1-m1 Gateway Enforcer: wso2/choreo-connect-enforcer:1.1.0-ubuntu Gatewary Router: wso2/choreo-connect-router:1.1.0 Management Server: wso2/management-server:0.0.1-m1 Runtime DS: wso2/runtime-domain-service:0.0.1-m1 Admin DS: wso2/admin-domain-service:0.0.1-m1 BackOffice DS: wso2/backoffice-domain-service:0.0.1-m1 BackOffice Internal DS: wso2/backoffice-internal-domain-service:0.0.1-m1 Devportal DS: wso2/devportal-domain-service:0.0.1-m1
Install Helm
and Kubernetes client
An already setup Kubernetes cluster. If you want to run it on the local you can use Minikube or Kind or a similar software.
Install NGINX Ingress Controller. If you are using Minikube you can install ingress by running minikube addons enable ingress
HELM-HOME
= apk/helm
helm repo add bitnami https://charts.bitnami.com/bitnami
and helm repo add jetstack https://charts.jetstack.io
HELM-HOME
folder.helm dependency build
command to download the dependent charts.helm install apk-test . -n apk
to install the APK components.kubectl get pods -n apk
Execute kubectl get ing -n apk
command
Execute minikube tunnel
command
We use GitHub to track all of our bugs and feature requests. Each issue we track has a variety of metadata:
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.