以下是使用Docker部署WSO2 API Manager（WSO2 APIM）的詳細步驟，分為快速測試部署和生產級部署兩種場景：

一、前提條件

1. 安裝Docker環境
   • 確保已安裝Docker Engine和Docker Compose。
2. 硬件要求
   • 內存：建議4GB以上（默認鏡像包含Java進程，內存需求較高）。
   • 磁盤空間：至少2GB可用空間。

二、快速啟動（單容器測試）

適用于快速體驗，數據保存在容器內（重啟后丟失）：

# 拉取官方鏡像（以最新版本為例）
docker pull wso2/wso2am:4.2.0

# 運行容器（映射管理端口和網關端口）

* 9443:9443  # 管理控制臺（Publisher/Dev Portal）
* 8243:8243  # API Gateway HTTPS端口
* 8280:8280  # API Gateway HTTP端口
  
docker run -d \
  --name wso2-apim \
  -p 9443:9443 \
  -p 8243:8243 \
  -p 8280:8280 \
  harbor.pkulaw.cn:8443/library/wso2am/wso2am:4.2.0-alpine

  docker run -it -d \
  --name wso2-apim \
  -p 9443:9443 \
  -p 8243:8243 \
  -p 8280:8280 \
  --user root  \
  --privileged=true \
  -v /root/carbon/carbon.xml:/home/wso2carbon/wso2am-4.2.0/repository/conf/carbon.xml \
  harbor.pkulaw.cn:8443/library/wso2am/wso2am:4.2.0-alpine

# 訪問管理界面
默認賬號：admin/admin
地址：https://localhost:9443/devportal

三、生產級部署（Docker Compose多容器）

推薦使用Docker Compose部署，支持持久化數據和外部數據庫（以MySQL為例）：

1. 創建docker-compose.yml文件

   version: '3.8'
   services:
     mysql-db:
       image: mysql:5.7
       environment:
         MYSQL_ROOT_PASSWORD: root
         MYSQL_DATABASE: wso2am_db
       volumes:
         - mysql-data:/var/lib/mysql
       networks:
         - apim-network
     
     wso2-apim:
       image: wso2/wso2am:4.2.0
       depends_on:
         - mysql-db
       ports:
         - "9443:9443"
         - "8243:8243"
         - "8280:8280"
       volumes:
         - apim-configs:/home/wso2carbon/wso2am-4.2.0/repository/conf
         - apim-logs:/home/wso2carbon/wso2am-4.2.0/repository/logs
       environment:
         # 配置MySQL連接（覆蓋默認H2）
         - DB_HOST=mysql-db
         - DB_PORT=3306
         - DB_USER=root
         - DB_PASSWORD=root
       networks:
         - apim-network
   
   volumes:
     mysql-data:
     apim-configs:
     apim-logs:
   
   networks:
     apim-network:
       driver: bridge
   

2. 初始化MySQL數據庫
   下載官方SQL腳本并執行：

   # 下載APIM數據庫腳本
   wget https://raw.githubusercontent.com/wso2/docker-apim/master/docker-compose/apim-with-analytics/mysql/scripts/apimgt.sql
   
   # 進入MySQL容器執行初始化
   docker exec -i mysql-db mysql -uroot -proot wso2am_db < apimgt.sql
   

3. 啟動服務

   docker-compose up -d
   

四、關鍵配置說明

1. 持久化數據
   • 配置文件：掛載/repository/conf目錄，避免容器重啟后配置丟失。
   • 日志文件：掛載/repository/logs目錄，便于排查問題。
2. 更換數據庫
   修改repository/conf/deployment.toml，配置MySQL連接：

   [database.apim_db]
   type = "mysql"
   url = "jdbc:mysql://mysql-db:3306/wso2am_db"
   username = "root"
   password = "root"
   

3. 集群部署
   若需橫向擴展API Gateway節點，可復制wso2-apim服務并配置共享數據庫和注冊表（參考官方集群指南）。

五、常見問題

1. 啟動超時
   首次啟動較慢（需等待Java初始化），查看日志：

   docker logs -f wso2-apim
   

2. 端口沖突
   確保本地9443、8243、8280端口未被占用。
3. 數據庫連接失敗
   檢查MySQL容器是否正常啟動，以及deployment.toml中的連接參數。

六、其他資源

• 官方Docker文檔：WSO2 APIM Docker指南
• 自定義鏡像構建：支持通過Dockerfile集成第三方庫或修改主題。

k8s-helm部署

helm repo add wso2 https://helm.wso2.com && helm repo update
helm install wso2 wso2/am-single-node --version 4.2.0-alpine --namespace default


#查看helm倉庫里有哪些景象
[root@cicd001 ~]# helm repo list
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/test-config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/test-config
NAME            URL
apisix          https://charts.apiseven.com
wso2            https://helm.wso2.com
graviteeio      https://helm.gravitee.io

root@cicd001 ~]# helm search repo wso2
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/test-config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/test-config
NAME                            CHART VERSION   APP VERSION     DESCRIPTION
wso2/apim-apk-agent             1.3.0           1.3.0           A Helm chart for deploying apim-apk-agent
wso2/apk-helm                   1.3.0           1.3.0           A Helm chart for APK components
wso2/kubernetes-pipeline        1.2.0           1.2.0           A Helm chart to deploy a CI/CD Pipeline in a Ku...
wso2/mysql                      1.6.9           5.7.30          Fast, reliable, scalable, and easy to use open-...
wso2/nfs-server-provisioner     1.1.0           2.3.0           nfs-server-provisioner is an out-of-tree dynami...
wso2/spinnaker                  2.2.6           1.16.2          Open source, multi-cloud continuous delivery pl...

# 由于docker景象國內云無法下載，需要我們修改景象地址，所以需要手動編輯values.yaml文件 
helm pull  wso2/am-single-node:4.2.0-alpine #可能沒有這個景象，那么需要下載原代碼來修改values.yaml
tar -xvf apim-4.7.2.tgz

helm upgrade wso2 ./am-single -f ./am-single/values.yaml -i -n default

/publisher出錯，需要修改配置

Sign in to the Management Console (https://<hostname>:9443/carbon).

Navigate to service providers list.

SP list

Click on the Edit button of API Publisher service provider

SP list

Navigate to Inbound Authentication Configuration > OAuth/OpenID Connect Configuration and click on OAuth application edit button.

OAuth app edit

See the Callback Url regex value configured under Application Settings. You will observe that the callback URL value is having a different hostname(localhost or previous hostname which was configured before the hostname change).

regexp=(https://localhost:9443/publisher/services/auth/callback/login|https://localhost:9443/publisher/services/auth/callback/logout)

Then replace the callback URL hostname with the current hostname of the server. For example, if the current hostname of the server is apim.wso2.com, the callback URL regex has to be changes as follows.

regexp=(https://apim.wso2.com:9443/publisher/services/auth/callback/login|https://apim.wso2.com:9443/publisher/services/auth/callback/logout)