Implement Data Plane Resilience
Resilience refers to a system's ability to withstand and recover from failures, disruptions, or unexpected events.
In this document, you will learn why you should consider data plane (DP) resilience pattern in API7 and how to implement it, such that when the control plane (CP) becomes unavailable, the DP instances can still operate normally. This helps you formulate a disaster recovery plan and quickly resume mission-critical functions when the control plane (CP) becomes unavailable, ensuring the high availability of your system.
Below is an interactive demo providing a hands-on introduction to implementing data plane resilience.
Why Consider DP Resilience
DP could encounter issues connecting with CP. The following are a few potential causes:
- Poor network connectivity between DP and CP instances
- CP database crash
- CP upgrade
- Resource contention on the CP host
- CP host hardware failure
DP Resilience Pattern
API7 Enterprise supports configuring CP to periodically dump configurations to AWS S3 buckets, so that in the event of a CP outage, DP can start in the standalone mode and pull the latest gateway configurations from the storage to continue proxying requests.
Once the CP is recovered, DP should continue fetching configurations from the CP.
Implement DP Resilience
Prerequisites
Provision AWS Resources
- Create an AWS account and log in as an IAM user.
- Create two S3 buckets, one for gateway instance configurations, such as keyring and discovery; and one for gateway resource configurations, such as routes and services.
- Obtain the IAM user access key and secret access key.
- Attach the policy that allows read and write access to objects in S3 buckets to the IAM user.
Configure CP to Back Up Configurations
In the working directory where you ran the quickstart command to install API7 Enterprise, you should find a api7-ee
directory, in which there is a docker-compose.yaml
and various service configuration files.
Add the fallback_cp
configuration to the dashboard configuration file:
fallback_cp:
aws_s3:
access_key: your-aws-iam-access-key
region: ap-south-1
config_bucket: bucket-to-push-config-data
resource_bucket: bucket-to-push-resource-data
secret_key: your-aws-iam-secret-access-key
cron_spec: '@every 1m'
❶ Replace with your AWS IAM user access key.
❷ Replace with your AWS region.