Skip to content

Latest commit

 

History

History
 
 

apigee-envoy-quickstart

Apigee Envoy Quickstart Toolkit

The Apigee Envoy Quickstart Toolkit sets up the Envoy proxies with Apigee adapters.

Envoy with Apigee adapter as containers within Kubernetes platform


Apigee protected ASM Envoy Proxies within Kubernetes Engine.

poc-setup

Prerequisites

  1. Create a Google Cloud Project and connect it to an existing Billing account.

  2. (For the Kubernetes environment demo) Setup a GKE cluster. Have the cluster enabled with Anthos Service Mesh. Checkout this gke poc toolkit to standup a GKE cluster via automation with ASM enabled.

  3. If your GKE cluster is version 1.25+ follow this link for enabling required changes for kubectl authentication

  4. The GCP Apigee project should be enabled for service-account key generation.

  5. This toolkit is validated in a Linux environment. Needed libraries : wget, jq.

Installation - X/Hybrid platform

  1. Set your GCP Project ID, Apigee platform environment variables.

    export PROJECT_ID=<your-project-id>
    export CLUSTER_NAME=<gke-cluster-name>
    export CLUSTER_LOCATION=<gke-cluster-region>
    export APIGEE_PROJECT_ID=<apigee-project-id>
    export APIGEE_X_ORG=<apigee-org>
    export APIGEE_X_ENV=<apigee-env>
    export APIGEE_X_HOSTNAME=<env-group-virtualhost-prefixed with http/https>
    export APIGEE_REMOTE_SRVC_CLI_VERSION=<version for Apigee Remote Service cli for Envoy>
    export APIGEE_REMOTE_SRVC_ENVOY_VERSION=<version for Apigee Remote Service for Envoy>

    When specifying the version numbers, ignore the 'v' prefix and use just the number.

    Latest cli version can be found here. Please ignore the prefix "v" and just use the version number.
    Latest apigee-envoy version can be found here

  2. Set up local authentication to your project.

    gcloud config set project $APIGEE_PROJECT_ID
    gcloud auth application-default login --no-launch-browser
    
    export TOKEN=$(gcloud auth print-access-token)
  3. Set apigee-envoy home directory where the tool will be executed and the binaries will be loaded

    mkdir apigee-envoy-toolkit && cd "$_"
    export ENVOY_HOME=$(pwd)
  4. Clone Apigee DevRel repository, if not exists.

    git clone https://github.com/apigee/devrel.git
  5. Set the devrel project location

    export DEVREL_HOME=<cloned-devrel-directory>
  6. Run to install the quickstart toolkit.

    cd ${DEVREL_HOME}/tools/apigee-envoy-quickstart/
    ./aekitctl.sh --type istio-apigee-envoy --action install
  7. On successful run, it displays the commands (kubeclt run, curl) to validate the traffic intiated to the Envoy endpoints being protected by Apigee Adapter service.

Cleanup

  1. Run to cleanup the PoC setup from the GKE and Apigee platform
    cd ${ENVOY_HOME}/apigee-devrel/tools/apigee-envoy-quickstart/
    ./aekitctl.sh --type istio-apigee-envoy --action delete

Envoy with Apigee adapter as native docker containers for Apigee X/Hybrid

Apigee protected Envoy Proxies in docker containers.

poc-setup

Prerequisites

  1. The GCP Apigee project should be enabled for service-account key generation.

  2. This toolkit is validated in a Linux environment. Needed libraries : wget, jq.

Installation - X/Hybrid platform

  1. Set your GCP Project ID, Apigee platform environment variables.

    export APIGEE_PROJECT_ID=<apigee-project-id>
    export APIGEE_X_ORG=<apigee-org>
    export APIGEE_X_ENV=<apigee-env>
    export APIGEE_X_HOSTNAME=<env-group-virtualhost-prefixed with http/https>
    export APIGEE_REMOTE_SRVC_CLI_VERSION=<version for Apigee Remote Service cli for Envoy>
    export APIGEE_REMOTE_SRVC_ENVOY_VERSION=<version for Apigee Remote Service for Envoy>

    Latest cli version can be found here
    Latest apigee-envoy version can be found here

  2. Set up local authentication to your project.

    gcloud config set project $APIGEE_PROJECT_ID
    gcloud auth application-default login --no-launch-browser
    
    export TOKEN=$(gcloud auth print-access-token)
  3. Set apigee-envoy home directory where the tool will be executed and the binaries will be loaded

    mkdir apigee-envoy-toolkit && cd "$_"
    export ENVOY_HOME=$(pwd)
  4. Clone Apigee DevRel repository, if not exists.

    git clone https://github.com/apigee/devrel.git
  5. Set the devrel project location

    export DEVREL_HOME=<cloned-devrel-directory>
  6. Run to install the quickstart toolkit.

    cd ${DEVREL_HOME}/tools/apigee-envoy-quickstart/
    ./aekitctl.sh --type istio-apigee-envoy --action install
  7. On successful run, it displays the commands (kubeclt run, curl) to validate the traffic intiated to the Envoy endpoints being protected by Apigee Adapter service.

Cleanup

  1. Run to cleanup the PoC setup from the GKE and Apigee platform
    cd ${ENVOY_HOME}/apigee-devrel/tools/apigee-envoy-quickstart/
    ./aekitctl.sh --type standalone-apigee-envoy --action delete

Envoy with Apigee adapter as docker containers for OPDK/Edge

Apigee protected Envoy Proxies in docker containers for OPDK platform.

poc-setup

Prerequisites

  1. The GCP Apigee project should be enabled for service-account key generation.

  2. This toolkit is validated in a Linux environment. Needed libraries : wget, jq.

Installation - OPDK / Edge platform

  1. Set environment variables for OPDK.

    export MGMT_HOST=<Mgmt host of the opdk platform, including the http/https and port number>
    export APIGEE_USER=<Mgmt host credential, username>
    export APIGEE_PASS=<Mgmt host credential, password>
    export APIGEE_ORG=<apigee-org>
    export APIGEE_ENV=<apigee-env>
    export APIGEE_X_HOSTNAME=<virtualhost-uri-prefixed with http/https>
    export APIGEE_REMOTE_SRVC_CLI_VERSION=<version for Apigee Remote Service cli for Envoy>
    export APIGEE_REMOTE_SRVC_ENVOY_VERSION=<version for Apigee Remote Service for Envoy>
  2. Set environment variables for EDGE.

    export MGMT_HOST=<Mgmt host of the opdk platform, including the http/https and port number>
    export APIGEE_USER=<Mgmt host credential, username>
    export APIGEE_PASS=<Mgmt host credential, password>
    export APIGEE_ORG=<apigee-org>
    export APIGEE_ENV=<apigee-env>
    export APIGEE_REMOTE_SRVC_CLI_VERSION=<version for Apigee Remote Service cli for Envoy>
    export APIGEE_REMOTE_SRVC_ENVOY_VERSION=<version for Apigee Remote Service for Envoy>
  3. Set apigee-envoy home directory where the tool will be executed and the binaries will be loaded

    mkdir apigee-envoy-toolkit && cd "$_"
    export ENVOY_HOME=$(pwd)
  4. Clone Apigee DevRel repository, if not exists.

    git clone https://github.com/apigee/devrel.git
  5. Set the devrel project location

    export DEVREL_HOME=<cloned-devrel-directory>
  6. Run to install the quickstart toolkit for opdk.

    cd ${DEVREL_HOME}/tools/apigee-envoy-quickstart/
    ./aekitctl.sh --type standalone-apigee-envoy --action install --platform opdk
  7. Run to install the quickstart toolkit for edge.

    cd ${DEVREL_HOME}/tools/apigee-envoy-quickstart/
    ./aekitctl.sh --type standalone-apigee-envoy --action install --platform edge
  8. On successful run, it displays the commands (kubeclt run, curl) to validate the traffic intiated to the Envoy endpoints being protected by Apigee Adapter service.

Cleanup

  1. Run to cleanup the PoC setup from OPDK Apigee platform

    cd ${ENVOY_HOME}/apigee-devrel/tools/apigee-envoy-quickstart/
    ./aekitctl.sh --type standalone-apigee-envoy --action delete --platform opdk
  2. Run to cleanup the PoC setup from Edge Apigee platform

    cd ${ENVOY_HOME}/apigee-devrel/tools/apigee-envoy-quickstart/
    ./aekitctl.sh --type standalone-apigee-envoy --action delete --platform edge