Apigee

This component was created and is maintained by an Istio partner. Please address support questions to the partner directly.

PartnerApigee
Support Sitehttps://apigee.com/about/support/portal
Source Codehttps://github.com/apigee/istio-mixer-adapter
Latest Releasehttps://github.com/apigee/istio-mixer-adapter/releases
Tested by Apigee with these Istio Versions1.1.x, 1.2.x, 1.3.x
Supported TemplatesAnalytics, Authorization

The Apigee Mixer adapter provides Apigee’s distributed authentication and quota policy checks as well as the ingestion of Istio telemetry for analysis and reporting.

Important: The adapter is provided in an enhanced Mixer image. The default Mixer image must be replaced and the proper CRDs must be applied in order to use these features. Complete Apigee documentation on the concepts and usage of this adapter is available on the Apigee Adapter for Istio site. For more information and product support, please contact Apigee support.

This adapter supports the authorization template and Apigee’s analytics template.

Example config:

apiVersion: config.istio.io/v1alpha2
kind: apigee
metadata:
  name: apigee-handler
  namespace: istio-system
spec:
  apigee_base: https://istioservices.apigee.net/edgemicro
  customer_base: https://myorg-test.apigee.net/istio-auth
  hybrid_config: /opt/apigee/customer/default.properties
  org_name: myorg
  env_name: test
  key: mykey
  secret: mysecret
  temp_dir: /tmp/apigee-istio
  client_timeout: 30s
  allowUnverifiedSSLCert: false
  products:
    refresh_rate: 2m
  analytics:
    legacy_endpoint: false
    file_limit: 1024
  auth:
    api_key_claim:
    api_key_cache_duration: 30m

Params

The Configuration for the Apigee adapter provides information on how the adapter should contact the Apigee proxies and how it should operate. Running the apigee-istio provision CLI command will ensure that all proxies are installed into your Apigee environment and generate this file with all required settings for you. For additional information on this adapter or support please contact anchor-prega-support@google.com.

FieldTypeDescription
apigeeBasestring

Apigee Base is the URI for a shared proxy on Apigee. Required.

customerBasestring

Customer Base is the URI for an organization-specific proxy on Apigee. Required.

orgNamestring

Org Name is the name of the organization on Apigee. Required.

envNamestring

Env Name is the name of the environment on Apigee. Required.

keystring

Key is used to authenticate to the Apigee proxy endpoints, generated during provisioning. Required.

secretstring

Secret is used to authenticate to the Apigee proxy endpoints, generated during provisioning. Required.

tempDirstring

The local directory to be used by the adapter for temporary files. Optional. Default: “/tmp/apigee-istio”.

clientTimeoutgoogle.protobuf.Duration

The timeout to be used for adapter requests to Apigee servers. Optional. Default: “30s” (30 seconds).

allowUnverifiedSSLCertbool

Set to true to allow an unknown server SSL Certificate (eg. self-signed) Optional. Default: false.

hybridConfigstring

Path to the local Apigee Hybrid configuration file. Optional. Presence indicates Hybrid environment, must not be set for SaaS or OPDK.

productsParams.product_options

Options specific to to products handling.

analyticsParams.analytics_options

Options specific to to analytics handling.

authParams.auth_options

Options specific to to auth handling.

Params.analytics_options

Options specific to to analytics handling.

FieldTypeDescription
legacyEndpointbool

If true, use legacy direct communication analytics protocol instead of buffering. Must be true for OPDK. Optional. Default: false.

fileLimitint64

The number of analytics files that can be buffered before oldest files are dropped. Optional. Default: 1024.

sendChannelSizeint64

The size of the channel used to buffer rfecord sends in memory. Optional. Default: 10.

collectionIntervalgoogle.protobuf.Duration

How often spooled analytics are swept and sent to Apigee. Optional. Default: “2m” (2 minutes).

Params.auth_options

Options specific to to auth handling.

FieldTypeDescription
apiKeyCacheDurationgoogle.protobuf.Duration

The length of time API Keys are valid in the cache. Optional. Default: “30m” (30 minutes).

apiKeyClaimstring

The name of a JWT claim from which to look for an api_key. Optional. Default: none.

Params.product_options

Options specific to to products handling.

FieldTypeDescription
refreshRategoogle.protobuf.Duration

The rate at which the list of products is refreshed from Apigee. Optional. Default: “2m” (2 minutes).