forked from pivotal-cf/docs-apigee
-
Notifications
You must be signed in to change notification settings - Fork 0
/
proxying-microgateway.html.md.erb
288 lines (213 loc) · 15.7 KB
/
proxying-microgateway.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
---
title: Proxying a PCF App with Apigee Edge Microgateway ("microgateway" plan)
owner: Partners
---
<strong><%= modified_date %></strong>
This topic describes how to push a sample app to Pivotal Cloud Foundry (PCF),
create an Apigee Edge service instance using Apigee Edge Microgateway,
and bind the application to it.
After binding the application to the Apigee Edge service instance, requests to the app will be forwarded to an Apigee Edge API proxy for management.
In the process described here, the PCF app and Microgateway are in separate Cloud Foundry containers.
For a process that has them in the same container,
see [Proxying a PCF App with Apigee Edge Microgateway ("microgateway-coresident" plan)](proxying-microgateway-coresident.html).
Before performing the procedures in this topic, you must [install and configure](installing.html) the Apigee Edge Service Broker for PCF tile.
Steps in these instructions use CF CLI with an Apigee plugin.
To see corresponding CF CLI commands,
see [Mapping for Apigee and Cloud Foundry integration commands](https://github.com/apigee/cloud-foundry-apigee/tree/master/docs/mapping-apigee-cf-cli.md).
## <a id="push-sample"></a>Step 1: Push the Sample App
Perform the following steps to push a sample application to PCF.
1. Clone the Apigee Edge GitHub repo:
<pre class="terminal">$ git clone <span>https:</span>//github.com/apigee/cloud-foundry-apigee.git</pre>
1. Change to the `org-and-microgateway-sample` directory of the cloned repo:
<pre class="terminal">$ cd cloud-foundry-apigee/samples/org-and-microgateway-sample</pre>
1. In the `org-and-microgateway-sample` directory, open `manifest.yml`.
1. Edit `manifest.yml` to change the `name` and `host` properties to values specific to your deployment. See the following example:
```
applications:
- name: sample-api
memory: 128M
instances: 1
host: sample-api-apigee
path: .
buildpack: nodejs_buildpack
```
1. Save the edited file.
1. Set your API endpoint to the Cloud Controller of your deployment.
<pre class="terminal">
$ cf api api.YOUR-SYSTEM-DOMAIN
Setting api endpoint to api.YOUR-SYSTEM-DOMAIN...
OK
API endpoint: <span>https:</span>//api.YOUR-SYSTEM-DOMAIN (API version: 2.59.0)
Not logged in. Use 'cf login' to log in.
</pre>
1. Log in to your deployment and select an org and a space.
<pre class="terminal">
$ cf login
API endpoint: <span>https:</span>//api.YOUR-SYSTEM-DOMAIN
Email> user<span>@</span>example.com
Password>
</pre>
1. Push the sample app to PCF:
<pre class="terminal">$ cf push YOUR-SAMPLE-APP</pre>
1. Use `curl` to send a test request to the app you pushed:
<pre class="terminal">
$ curl YOUR-SAMPLE-APP.YOUR-SYSTEM-DOMAIN
{"hello":"hello from cf app"}
</pre>
If you receive the above response, the sample app is running successfully.
## <a name="instance"></a>Step 2: Install the Plugin
1. Install the Apigee Broker Plugin as follows.
<pre class="terminal">
$ cf install-plugin -r CF-Community "apigee-broker-plugin"
Searching CF-Community for plugin apigee-broker-plugin...
Plugin apigee-broker-plugin 0.1.1 found in: CF-Community
Attention: Plugins are binaries written by potentially untrusted authors.
Install and use plugins at your own risk.
Do you want to install the plugin apigee-broker-plugin? [yN]: y
Starting download of plugin binary from repository CF-Community...
7.85 MiB / 7.85 MiB [===========================================================================================================================================================================================================================================] 100.00% 11s
Installing plugin Apigee-Broker-Plugin...
OK
Plugin Apigee-Broker-Plugin 0.1.1 successfully installed.
</pre>
1. Make sure the plugin is available by running the following command:
<pre class="terminal">
$ cf -h
…
Commands offered by installed plugins:
apigee-bind-mg,abm apigee-unbind-mgc,auc enable-diego
apigee-bind-mgc,abc apigee-unbind-org,auo has-diego-enabled
apigee-bind-org,abo dea-apps migrate-apps
apigee-push,ap diego-apps dev,pcfdev
apigee-unbind-mg,aum disable-diego
</pre>
## <a id="create-instance"></a>Step 3: Create a Service Instance
Perform the following steps to create an instance of the Apigee Edge service:
1. List the Marketplace services and locate the Apigee Edge service:
<pre class="terminal">
$ cf marketplace
Getting services from marketplace in org example / space development as user<span>@</span>example.com...
OK
service plans description
apigee-edge org, microgateway, microgateway-coresident Apigee Edge API Platform
</pre>
1. Create an instance of the Apigee Edge service. Select the `microgateway` service plan to have Apigee Edge Microgateway run in a separate container from your Cloud Foundry app.
<pre class="terminal">$ cf create-service apigee-edge microgateway YOUR-SERVICE-INSTANCE -c \
'{"org":"YOUR-ORG", "env":"YOUR-ENV"}'</pre>
1. Use the `cf service` command to display information about the service instance:
<pre class="terminal">
$ cf service apigee-service
Service instance: apigee-service
Service: apigee-edge
Bound apps:
Tags:
Plan: microgateway
Description: Apigee Edge API Platform
Documentation url: http://apigee.com/docs/
Dashboard: https://enterprise.apigee.com/platform/#/
Last Operation
Status: create succeeded
Message:
Started: 2016-10-27T20:47:43Z
Updated:
</pre>
## <a name="install-microgateway"></a>Step 4: Install Apigee Edge Microgateway and Cloud Foundry App
Here, you install Apigee Edge Microgateway and your Cloud Foundry app to the same Cloud Foundry container.
1. [Install and configure Apigee Edge Microgateway.](http://docs.apigee.com/microgateway/latest/installing-edge-microgateway)
1. Locate and make any desired changes to the configuration YAML file created in your Apigee Edge Microgateway installation, typically in the `.edgemicro` directory.
1. Clone the Apigee Microgateway repository.
<pre class="terminal">$ git clone https://github.com/apigee-internal/microgateway.git
cd microgateway
git checkout tags/v.2.5.4</pre>
1. Copy the configuration file to the following directory in your Cloud Foundry app: `<application-folder>/<config-directory>`.
1. Edit the application manifest as follows:
1. Edit the following env values so that they correspond to your Apigee Edge Microgateway configuration:
```yaml
env:
EDGEMICRO_KEY: 'microgateway-key'
EDGEMICRO_SECRET: 'microgateway-secret'
EDGEMICRO_CONFIG_DIR: '/app/<config-directory>'
EDGEMICRO_ENV: 'your-microgateway-env-name'
EDGEMICRO_ORG: 'your-microgateway-org-name'
```
1. Push Apigee Microgateway as its own app.
<pre class="terminal">cf push</pre>
## <a id="bind-app-route"></a>Step 5: Bind the App Route to the Service Instance
In this step, you bind a Cloud Foundry app to the Apigee service instance you
created. The `apigee-bind-mg` command creates the proxy for you and binds the app to the service.
Each bind attempt requires authorization with Apigee Edge, with credentials
passed as additional parameters to the `apigee-bind-mg` command. You can pass
these credentials as arguments of the `apigee-bind-mg` command or by using a
bearer token.
1. If you're using a bearer token to authenticate with Apigee Edge, get or
update the token using the Apigee SSO CLI script. (If you're instead using
command-line arguments to authenticate with username and password, specify
the credentials in the next step.)
1. Download the Apigee Edge scripts:
<pre class="terminal">$ curl <span>https:</span>//login.apigee.com/resources/scripts/sso-cli/ssocli-bundle.zip -o "ssocli-bundle.zip"</pre>
1. Unzip the `ssocli-bundle.zip` file. This includes `get_token`, a script that gets or updates a token that you use to authenticate with your Apigee Edge organization. You need this token to bind the Apigee Edge route service to your app.
<pre class="terminal">$ tar xvf ssocli-bundle.zip</pre>
1. Create a `.sso-cli` directory in your user directory:
<pre class="terminal">$ mkdir ~/.sso-cli</pre>
1. Use the `get_token` script to create a token. When prompted, enter the Apigee Edge username and password you use to log in to your organization.
<pre class="terminal">$ ./get\_token</pre>
The `get_token` script writes the token file into `~/.sso-cli`. For more about `get_token`, see the [Apigee documentation](http://docs.apigee.com/api-services/content/using-oauth2-security-apigee-edge-management-api).
1. Use the `apigee-bind-mg` command to create an Apigee Edge API proxy and bind your Cloud Foundry app to the proxy. (See the reference on this page for more about this command.)
You'll need to run the command twice: once to create the proxy, then again to bind the service to the proxy. The proxy must be loaded by Microgateway instances before binding.
When you use the command without arguments, you'll be prompted for argument values. To use the command with arguments, see the command reference at the end of this topic. For help on the command, type `cf apigee-bind-mg -h`. Without arguments, you'll be prompted for the following:
Argument | Description
--- | ---
Apigee username | Apigee user name. Not used if you pass a bearer token with the `--bearer` argument.
Apigee password | Apigee password. Not used if you pass a bearer token with the `--bearer` argument.
Action to take | Required. `proxy` to generate an API proxy; `bind` to bind the service with the proxy; `proxy bind` to generate the proxy and bind with a single command.
Apigee environment | Required. The Apigee environment where your proxy should be deployed.
Apigee organization | Required. The Apigee organization where your proxy should be created.
Application to bind to | Required. Name of the the Cloud Foundry application to bind to.
Domain to bind to | Required. Domain of the application to bind to.
Route of the application acting as microgateway | Required. Route of the application acting as Edge Microgateway.
Target application protocol | Optional. The application protocol, such as http or https.
Service instance name to bind to | Required. Name of the Apigee service to bind to.
1. First, create the proxy. When prompted for the action to take, enter `proxy`.
<pre class="terminal">$ cf apigee-bind-mg</pre>
The command creates an API proxy on the specified Apigee org and environment, then binds the Apigee service to the target app. The protocol parameter specifies the protocol through which the proxy's target endpoint will be called. To do its work, this command authenticates with Apigee Edge using the credentials you specified.
Cloud Foundry will report an error because the bind was not attempted. But the message returned should indicate that the proxy was created, which you can check with the Edge management UI or API. The proxies created by the bind for Microgateway have an additional edgemicro_ at the beginning of their name, a general requirement unrelated to Cloud Foundry and service brokers.
Wait for the configuration to reload on the Edge Microgateway instance(s) before binding. You might have to wait 5 to 10 minutes. When it has reloaded, the console will list the proxy you just created.
1. Next, bind the service to the proxy by running the command again. This time, for the action, specify bind for the `action` argument.
<pre class="terminal">$ cf apigee-bind-mg</pre>
The proxy is part of a published API Product; a change you must make manually by following the instructions [here](http://docs.apigee.com/microgateway/latest/setting-and-configuring-edge-microgateway#Part2) to create a product with your newly created proxy.
### apigee-bind-mg Reference
Use the apigee-bind-mg command to generate an API proxy on Apigee Edge and to bind the Cloud Foundry service to the proxy.
The command requires your Apigee Edge credentials in order to create and bind to an API proxy. You can specify credentials either with a bearer token or by giving a username and password at the command line. To use a token, you must provide the --bearer argument.
To be prompted for argument values (and provide a username and password at prompts), use the command without arguments.
<pre class="terminal">$ cf apigee-bind-mg</pre>
To specify arguments on the command line, use the following syntax (be sure to
use quotes and command expansion, as shown here):
```bash
$ cf apigee-bind-mg [--app APP_NAME] [--service SERVICE_INSTANCE] \
[--apigee_org APIGEE_ORGANIZATION] [--apigee_env APIGEE_ENVIRONMENT] \
[--micro MICROGATEWAY_APP_ROUTE] [--protocol TARGET_APP_PROTOCOL]
[--domain APP_DOMAIN] [--action ACTION] \
[--user APIGEE_USERNAME] [--pass APIGEE_PASSWORD] \
[--bearer APIGEE_BEARER_TOKEN]
```
Parameter | Purpose | Allowed Values
---- | ---- | ----
`action` | Required. A value specifying whether to create or bind an API proxy | `proxy` to generate an API proxy; `bind` to bind the service with the proxy; `proxy bind` to generate the proxy and bind with a single command.
`apigee_env` | Required. Apigee Edge environment to which the API proxy is (or will be) deployed | Your environment.
`apigee_org` | Required. Apigee Edge organization hosting the API proxy to be called | Your organization (must be reachable via the authentication token specified in the `bearer` parameter)
`app` | Required. Name of the the Cloud Foundry application to bind to. | The app name.
`bearer` | Path to a file containing an authentication token valid for your organization | An authentication token, such as one generated with Apigee's get_token command. The broker does not store any data; it requires credentials and other parameters for each individual `cf` command. Instead of a `bearer` token, credentials can also be expressed as:<ul><li>`basic`: standard HTTP Base-64 encoded username and password for `Authorization: Basic`. Note that this is *not encrypted* and easily converted to clear text. But a jumble of digits and letters may provide some protection in case of momentary exposure (but no better than if the password is already a jumble of digits, letters, and symbols)</li><li>username and password in clear text</li></ul>
`domain` | Required. Domain of the application to bind to. |
`micro` | Required. Route of the application acting as Edge Microgateway. | Required.
`pass` | Apigee password. Not used if you pass a bearer token with the --bearer argument. | Your password.
`protocol` | The protocol through which the proxy should be accessed by Cloud Foundry | `http` or `https`; default is `https`.
`service` | Required. Name of the Apigee service to bind to. | The service name.
`user` | Apigee user name. Not used if you pass a bearer token with the --bearer argument. | Your user name.
## <a id="test-binding"></a>Step 5: Test the Binding
Once you’ve bound your app’s path to the Apigee service (creating an Apigee proxy in the process), you can try it out with the sample app.
- From a command line run the curl command you ran earlier to make a request to your Cloud Foundry app you pushed, such as:
<pre class="terminal">
$ curl https://sample-api-apigee.cfapps.pivotal.io
{“hello”:“hello from cf app”}</pre>
The console outputs the app’s response.
The new proxy is just a pass-through, but it is now ready for you or someone on your team to add policies to define security, traffic management, and more.