Apigee

This component was created and is maintained by an Istio partner. Please address support questions to the partner directly.

PartnerApigee
Support Sitehttps://apigee.com/about/support/portal
Source Codehttps://github.com/apigee/istio-mixer-adapter
Latest Releasehttps://github.com/apigee/istio-mixer-adapter/releases
Tested by Apigee with these Istio Versions1.1.x, 1.2.x, 1.3.x
Supported Templates Analytics, Authorization

The Apigee Mixer adapter provides Apigee’s distributed authentication and quota policy checks as well as the ingestion of Istio telemetry for analysis and reporting.

Important: The adapter is provided in an enhanced Mixer image. The default Mixer image must be replaced and the proper CRDs must be applied in order to use these features. Complete Apigee documentation on the concepts and usage of this adapter is available on the Apigee Adapter for Istio site. For more information and product support, please contact Apigee support.

This adapter supports the authorization template and Apigee’s analytics template.

Example config:

apiVersion: config.istio.io/v1alpha2
kind: apigee
metadata:
  name: apigee-handler
  namespace: istio-system
spec:
  apigee_base: https://istioservices.apigee.net/edgemicro
  customer_base: https://myorg-test.apigee.net/istio-auth
  hybrid_config: /opt/apigee/customer/default.properties
  org_name: myorg
  env_name: test
  key: mykey
  secret: mysecret
  temp_dir: /tmp/apigee-istio
  client_timeout: 30s
  allowUnverifiedSSLCert: false
  products:
    refresh_rate: 2m
  analytics:
    legacy_endpoint: false
    file_limit: 1024
  auth:
    api_key_claim:
    api_key_cache_duration: 30m

Params

The Configuration for the Apigee adapter provides information on how the adapter should contact the Apigee proxies and how it should operate. Running the apigee-istio provision CLI command will ensure that all proxies are installed into your Apigee environment and generate this file with all required settings for you. For additional information on this adapter or support please contact anchor-prega-support@google.com.

Field Type Description
apigeeBase string

Apigee Base is the URI for a shared proxy on Apigee. Required.

customerBase string

Customer Base is the URI for an organization-specific proxy on Apigee. Required.

orgName string

Org Name is the name of the organization on Apigee. Required.

envName string

Env Name is the name of the environment on Apigee. Required.

key string

Key is used to authenticate to the Apigee proxy endpoints, generated during provisioning. Required.

secret string

Secret is used to authenticate to the Apigee proxy endpoints, generated during provisioning. Required.

tempDir string

The local directory to be used by the adapter for temporary files. Optional. Default: “/tmp/apigee-istio”.

clientTimeout google.protobuf.Duration

The timeout to be used for adapter requests to Apigee servers. Optional. Default: “30s” (30 seconds).

allowUnverifiedSSLCert bool

Set to true to allow an unknown server SSL Certificate (eg. self-signed) Optional. Default: false.

hybridConfig string

Path to the local Apigee Hybrid configuration file. Optional. Presence indicates Hybrid environment, must not be set for SaaS or OPDK.

products Params.product_options

Options specific to to products handling.

analytics Params.analytics_options

Options specific to to analytics handling.

auth Params.auth_options

Options specific to to auth handling.

Params.analytics_options

Options specific to to analytics handling.

Field Type Description
legacyEndpoint bool

If true, use legacy direct communication analytics protocol instead of buffering. Must be true for OPDK. Optional. Default: false.

fileLimit int64

The number of analytics files that can be buffered before oldest files are dropped. Optional. Default: 1024.

sendChannelSize int64

The size of the channel used to buffer rfecord sends in memory. Optional. Default: 10.

collectionInterval google.protobuf.Duration

How often spooled analytics are swept and sent to Apigee. Optional. Default: “2m” (2 minutes).

Params.auth_options

Options specific to to auth handling.

Field Type Description
apiKeyCacheDuration google.protobuf.Duration

The length of time API Keys are valid in the cache. Optional. Default: “30m” (30 minutes).

apiKeyClaim string

The name of a JWT claim from which to look for an api_key. Optional. Default: none.

Params.product_options

Options specific to to products handling.

Field Type Description
refreshRate google.protobuf.Duration

The rate at which the list of products is refreshed from Apigee. Optional. Default: “2m” (2 minutes).