Fix/k8s deployment 470 by Saadha123 · Pull Request #11330 · wso2/docs-apim

Saadha123 · 2026-05-07T06:48:55Z

Purpose

Rewrites the WSO2 API Manager 4.7.0 Kubernetes deployment documentation for all seven deployment patterns (Patterns 0–6). The previous docs had broken references, incorrect Dockerfile instructions, missing prerequisites, outdated step structures, and several configuration errors introduced in 4.7.0 that would cause deployments to fail.

Resolves https://github.com/wso2-enterprise/wso2-apim-internal/issues/16522

Goals

Provide accurate, step-by-step deployment guides for all seven Kubernetes deployment patterns that reflect the 4.7.0 release.
Correct four configuration errors present in the previous docs:
1. Missing backendTrafficPolicy block (sticky sessions for HA patterns)
2. Spurious aws.enabled: true field in the AWS Secrets Manager YAML (not a valid field)
3. Missing wso2internal.jks from the keystore secret creation commands
4. Missing guidance on encrypting the internal encryption key when using the cipher tool

Approach

Each pattern doc was rewritten end-to-end with a consistent Quick Start structure followed by an Additional Configuration section. Changes were verified against the upstream Helm chart (helm-apim 4.7.0-1) and the 4.7.0 configuration reference. Key structural improvements include:

Unified step flow across all patterns (install tools → verify cluster → add Helm repo → install routing controller → build images → set up DB → create keystore secret → deploy → configure DNS → access portals)
Envoy Gateway documented as the default routing controller; NGINX documented as the deprecated alternative
backendTrafficPolicy added to all HA pattern Envoy Gateway YAML blocks (Patterns 1–6)
AWS Secrets Manager YAML corrected — removed non-existent enabled: true field
wso2internal.jks added to docker run extract commands and kubectl create secret commands in all patterns
Cipher tool note added to the internal encryption key section across all patterns, clarifying that the key itself must also be encrypted if secrets are being encrypted

User stories

As a developer evaluating WSO2 APIM, I can follow the Pattern 0 quick start and reach the portals without hitting undocumented blockers.
As a platform engineer setting up a production HA deployment, I have correct YAML for sticky sessions and TLS backend verification out of the box.
As a security-conscious operator, I have clear guidance on encrypting the internal encryption key when using the cipher tool.

Release note

Updated Kubernetes deployment documentation for WSO2 API Manager 4.7.0 — rewrote all seven pattern guides with corrected configuration examples, Envoy Gateway as default routing controller, and fixed keystore and encryption key setup instructions.

Documentation

This PR is the documentation change. N/A for additional doc links.

Training

N/A — no training content impact.

Certification

N/A — documentation-only change with no impact on certification exam topics.

Marketing

N/A

Automation tests

Unit tests: N/A — documentation only
Integration tests: N/A — documentation only

Security checks

Followed secure coding standards: N/A — documentation only
Ran FindSecurityBugs: N/A — documentation only
Confirmed no secrets committed: Yes

Samples

N/A

Related PRs

N/A

Migrations

N/A

Learning

N/A

- Bump version references: 4.6.0 → 4.7.0, 4.6.x → 4.7.x, chart version 4.6.0-1 → 4.7.0-1 - Update Docker registry: docker.wso2.com → registry.wso2.com with new image path format (wso2-apim/am, wso2-apim/am-acp, etc.) - Change default Kubernetes namespace from wso2 to apim - Rename Step 4 to "Install a Routing Controller" with Envoy Gateway as default tab and NGINX as legacy - Update DNS step to include Gateway API note and kubectl get gateway/ing sub-tabs - Update Access Portals step with Envoy Gateway and NGINX tabs - Rename Section 4 from "Ingress" to "Routing Controller" with Envoy Gateway (4.1) and NGINX (4.2) - Add mandatory internal encryption key section (3.2) to pattern-0 and pattern-6 - Update AWS Secrets Manager YAML to new nested secretsManager.secretIdentifiers.secretEncryptionKey structure Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

- Rename Step 2 to "Install a Routing Controller" with Envoy Gateway as default and NGINX as legacy - Update helm install: version 4.6.0-1 → 4.7.0-1, namespace wso2 → apim, branch 4.6.x → 4.7.x - Update DNS step to show kubectl get gateway / kubectl get ing tabs per routing controller - Remove hardcoded wso2 namespace from kubectl commands Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…-470 # Conflicts: # en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-0-all-in-one.md # en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-1-all-in-one-ha.md # en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-2-all-in-one-gw.md # en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-3-acp-tm-gw.md # en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-4-acp-tm-gw-km.md # en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-5-all-in-one-gw-km.md # en/docs/install-and-setup/setup/kubernetes-deployment/kubernetes/am-pattern-6-all-in-one-is-as-km.md

coderabbitai · 2026-05-07T06:49:03Z

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7ddd735b-8188-4434-be0e-cb2c5dd20c2a

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

Generate code and open pull requests
Plan features and break down work
Investigate incidents and troubleshoot customer tickets together
Automate recurring tasks and respond to alerts with triggers
Summarize progress and report instantly

Built for teams:

Shared memory across your entire org—no repeating context
Per-thread sandboxes to safely plan and execute work
Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Saadha123 added 30 commits April 22, 2026 15:09

overview, pattern 0, pattern 1 updates

2b3f22b

pattern 1 changes

638bb38

pattern 1 changes

629e6a2

pattern 0 changes

633a6fb

Changes done for local cluster

6b9f916

Added a qsg

d28cde2

Local cluster setup docs

0fdf3d9

Local cluster setup docs

628d618

overview update

95f7613

QSG update

0718819

pattern 0 doc updates

36fef78

pattern 1 doc updates

4e4e546

pattern 2 doc updates

98ba9d5

pattern 2 doc updates

ff8e6eb

pattern 3 doc updates

39d1d08

Updated pattern 4 docs

472563d

Updated pattern 5 docs

96d5bb3

Updated pattern 5 docs

98dd924

Updated pattern 6 name

6752e50

Updated overview page

cdf03e4

Removed pattern 5 image

5e9da7d

Updated warning

99a3355

Removed reference to EKS

1c36aa3

Improved kubernetes overview doc

f4c1c16

Removed local cluster setup docs

d9e69b7

Updated pattern 5 diagram

09c99c3

Updated version numbers

60d6d1e

Updated helm versions

e4c262c

Rename vm deployment names

4d31005

Secret encryption updates

b40c755

Saadha123 and others added 27 commits May 5, 2026 11:35

Pattern 4 fixes

8dbc713

Pattern 5 fixes

b9da4b8

supported version updates

9b472b3

supported version updates

facb8dc

vm pattern names updates

8131369

db script updates

0c56304

updated image building steps

1ee3638

deployment steps updated

ca7c90c

Pattern 0 additional configs updated

46a394b

Pattern 1 additional configs updated

ecb2437

Pattern 2 additional configs updated

49cb665

Pattern 3 additional configs updated

7f64f02

Organizing steps

00475d5

Organizing steps

ef043ae

Pattern 5 updates

c1e520e

Pattern 6 latest

8b761ff

Added internal key encryption

fc0c2be

Removed docker file step for gw and tm

26cf900

Updated routing controller

0fc8e6e

docker file names update

d3bffec

included missing additional configs

3f7fe41

included missing additional configs p1

c565ce6

included missing additional configs p2

304e016

included missing additional configs p3 p4 p5 p6

d1171f4

Saadha123 requested review from chamilaadhi and tharikaGitHub as code owners May 7, 2026 06:48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix/k8s deployment 470#11330

Fix/k8s deployment 470#11330
Saadha123 wants to merge 64 commits intowso2:4.7.0from
Saadha123:fix/k8s-deployment-470

Saadha123 commented May 7, 2026 •

edited

Loading

Uh oh!

coderabbitai Bot commented May 7, 2026

Review skipped

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

Saadha123 commented May 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Purpose

Goals

Approach

User stories

Release note

Documentation

Training

Certification

Marketing

Automation tests

Security checks

Samples

Related PRs

Migrations

Learning

Uh oh!

coderabbitai Bot commented May 7, 2026

Review skipped

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Saadha123 commented May 7, 2026 •

edited

Loading