All docs This doc
Skip to end of metadata
Go to start of metadata

Setting up a basic pipeline for WSO2 API Microgateway on Kubernetes is quick and simple.

Before you begin to develop your pipeline, set up the following prerequisites in a  running Kubernetes cluster.


  • Install and set up Helm (Supported version 2.14.3)
  • Install Nginx Ingress Controller Git release nginx-0.22.0

Deploy the CI/CD pipeline

  1. Download and save the following values file and replace the placeholders with their respective values.

    $ wget
    • <REGISTRY_USERNAME> - Docker organization name.
    • <REGISTRY_PASSWORD> - Docker password.
    • <REGISTRY_EMAIL> - Email address of Docker organization.
    • <EMAIL> - Email address notifications should be sent to in case of failure.
    • <GITHUB_USERNAME> - GitHub username.
    • <GITHUB_PASSWORD> - GitHub password.
  2. Add the WSO2 helm repository by running the following commands.

    $ helm repo add wso2
    $ helm repo update
  3. Install the pipeline Helm chart by pointing to the updated values-mgw.yaml file.

    $ helm install --name <RELEASE_NAME> wso2/kubernetes-pipeline -f values-mgw.yaml --namespace <NAMESPACE>
    The installation will take up to 10 minutes.
  4. After the installation has completed successfully, obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses.

    $ kubectl get ing -n <NAMESPACE>
    <RELEASE_NAME>-grafana grafana  <EXTERNAL_IP>8020m
    <RELEASE_NAME>-kibana kibana<EXTERNAL_IP>8020m
    RELEASE_NAME>-spinnaker-deckspinnaker<EXTERNAL_IP>80, 443 20m
    <RELEASE_NAME>-spinnaker-gategate.spinnaker<EXTERNAL_IP>80, 443 20m
    jenkins-ingress jenkins  <EXTERNAL_IP>80, 443 20m
  5. Add the above hosts as an entry in /etc/hosts as follows:

    <EXTERNAL_IP>  grafana kibana spinnaker jenkins
  6. Navigate to the following URLs on any web browser:

    1. Continuous Integration:
    2. Continuous Delivery:
    3. Monitoring:
    4. Logging:

What’s next:

Setting up a basic pipeline for WSO2 API Manager on AWS is quick and simple.

Before you begin to develop your pipeline, set up the following prerequisites.


  1. C reate and upload an SSL certificate to AWS, which is required to initiate the SSL handshake for HTTPS. Please see AWS Load Balancing documentation for further details.

  2. Create a key pair for the desired region, which is required to SSH to instances. (Skip this step if you want to use an existing key pair) See Amazon EC2 Key Pairs document for further details.

  3. Create an IAM role and attach policy created in Step4.

  4. A first-time AWS user should have a policy created to set permissions when creating a  pipeline. 

    To create a policy follow the below steps. 

    1. Go to IAM service console in AWS. 
    2. Click on Policies and then click on Create policy.
    3. When page load switch to JSON tab. 
    4. Copy-paste the below JSON code
    5. Click on the Review policy button 

"Version": "2012-10-17",    "Statement": [
    "Effect": "Allow",
    "Action": "iam:CreateServiceLinkedRole",
    "Resource": "*",
    "Condition": {
        "StringLike": {
            "iam:AWSServiceName": [
    "Effect": "Allow",
    "Action": "iam:CreateServiceLinkedRole",
    "Resource": "*",
    "Condition": {
        "StringEquals": {
            "iam:AWSServiceName": [
    "Effect": "Allow",
    "Action": [
    "Resource": "*"
    "Effect": "Allow",
    "Action": [
    "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"


  1. Login to AWS Console. 
  2. Navigate to AWS Cloudformation page. Click on "Create Stack"
  3. Use the Amazon S3 URL[] on  "Create stack" page.   
  4.  Click the “Next” button. 
  5. Specify the stack details. Leave values filled by default. Give an appropriate name for the stack and fill in the required values under the ‘Parameter’ Heading

    • Cluster Configuration: Mandatory to fill all the fields here. Add the AM role name created in prerequisites section[3] for AM Role field.

    • Database Configuration: Enter the database username and password. This will be used to create the login for RDS instance

    • WSO2 Subscription Credentials: You may skip this if you do not have a valid WSO2 subscription or if you do not require wum updates. 

    • SSL Certificate Name: Add the SSL Certificate name created in the prerequisites section[1].

    • Key Pair Name: Add the key pair created in the prerequisites section[2].

    • Jenkins console login Password: Enter a password to login to the Jenkins console

    • Email:  Better to include email to  receive notifications on pipeline

    If you have specified values for Github Configuration then put the URL of specified repository for GitRepoArtifacts.

    Once you have filled in the required fields, click “Next” and proceed with ‘Configure stack options’ options. After completing adding Configure stack options, click the “Next” button, review your stack information thoroughly and Edit if needed, or click “Create stack”

    It might take a few minutes (~8 minutes) to create the stack.Once the status of the stack changes to CREATE_COMPLET , click the"Output" tab to get the JenkinsConsoleURL.
  6. Log in to the JenkinsConsoleURL with the password you provided in point 02 under Jenkins console login Password . The default username is admin

    After you have logged in, click on the wso2am-2.6.0job.  Click “Run” on the pop-up window to start the pipeline for configured product and its current version.

  7. You can view the pipeline progress under the pipeline tab in the view.  Each step will be displayed with relevant logs. 

    Approve and select “OK” on the “Approve Staging” stage pop-up to deploy the product into the staging environment. Once the deployment to staging is completed Approve and select “OK” on the “Approve Production” stage pop-up to deploy the product into the production environment. Once the deployment to environments are complete, you will be able to see three stacks, namely ‘dev-stack’, ‘staging-stack’ and ‘prod-stack’ on your AWS Cloudformation console. Click on the "Outputs" tab of each stack to get the Management Console URL of each environment.

What’s next:

  • No labels