The self-hosted gateway is an optional, containerized version of the default managed gateway included in every API Management service. It's useful for scenarios such as placing gateways in the same environments where you host your APIs. Use the self-hosted gateway to improve API traffic flow and address API security and compliance requirements.
Now it's time to deploy our HTTP API behind API Management self hosted gateway (SHGW) to protect it from direct internet access.
Note
The API Management creation in this challenge takes about 30-45 minutes to complete. Plan accordingly and perhaps start the deployment before a break.
The following image illustrates the steps in this challenge
- Create an API Management service with self hosted gateway
- Deploy self hosted gateway as Container App
- Configure internal ingress for HTTP API
- Expose an internal HTTP API operation via the self hosted gatway
- Verify changes after deployment
- Create an API Management service with self hosted gateway. Grab the Gateway token from the provisioned SHGW
- Create a new Container App HTTP API 2 (httpapi2) based on the same image used in previous challenge
- Configure an internal ingress for httpapi2 Container App
- Create a new Container App apim based on an image provided by Microsoft
- Configure an external ingress for apim Container App
- Configure an API, operation in API Management and expose the API inside the SHGW
- Created an API Management service with self hosted gateway using existing Bicep apim template
- Deployed Bicep template v5 which includes a new HTTP API 2 app
- Added a new order by doing a HTTP POST to HTTP API Container App (https://httpapi.[your container app environment domain]/data?message=[your message]) with a APIM subscription key in the header (X-API-key)
- Verified logs in Log Analytics for Queue Reader application that the Queue Reader app is logging with your order message.
- API Management self-hosted gateway overview (learn.microsoft.com)
- curl manual (curl.se)
- Invoke-RestMethod (learn.microsoft.com)
- Monitor logs in Azure Container Apps with Log Analytics (learn.microsoft.com)
- View the solution here: Challenge 6 - Solution
- Challenge 1: Setup the environment
- Challenge 2: Deploy Container Apps Environment and troubleshoot Container Apps
- Challenge 3: Split traffic for controlled rollout
- Challenge 4: Scale Container Apps
- Challenge 5: Configure CI/CD for Container Apps
- Challenge 6: Protect Container App with API Management
- Challenge 7: Enable Container App authentication