Interesting evolution to see how Apigee can integrate with Istio. While working through this new world of Kubernetes and Istio, I gave the apigee istio adapter a try following the instructions.
Used Google's Istio GKE Deployment Manager to create 4 node Kubernetes cluster with Istio installed. Locaten europe-west-1d (Belgium). Unchecked the deploy of the sample bookinfo app, but still gets installed.
Provisioning the Istio adapter from Windows failed. Resolved by switching to Linux.
.\apigee-istio.exe provision -o <myorg> -e <myenv> -u <email> -p <password> > samples\apigee\handler.yaml error deploying auth proxy: error importing proxy istio-auth: POST https://api.enterprise.apigee.com/v1/o/<myorg>/apis?action=import&name=istio-auth: 400 Bundle is invalid. Empty bundle
Ran into the 404 error as well described, caused by the sample Istio bookinfo application. Easily resolved by executing kubectl delete gateway bookinfo-gateway as described in the docs.
Applied the configuration changes.
kubectl apply -f samples/apigee/definitions.yaml kubectlapply -f samples/apigee/handler.yaml kubectl apply -f samples/apigee/rule.yaml
Failure: do not get the expected PERMISSION_DENIED error calling the /hello URL. Stuck.
[vagrant@localhost apigee-istio-adapter]$ curl http://$HELLOWORLD_URL/hello Hello version: v2, instance: helloworld-v2-857dfd6c45-z7mbq
Some suggestions very welcome!
A bigger architectural picture would also be welcome, still struggling a bit to grasp the big picture and future evolution.
Thank you for trying this @guycrets
Regarding problem #1 (provisioning on Windows), I have opened a GitHub issue here.
Regarding problem #2, it takes about a minute for the Istio rule to take effect. Here are some tips to debug:
1) Check the istio-policy logs, ensure the call is reaching Mixer.
2) Trace the istio-auth proxy, ensure Mixer calls the proxy.
ps: For future reference, here is the link to the official docs.
Some background information between Apigee and Istio is available in the talk "Introduction to Service Management with Istio Service Mesh" from Google conference in July 2018. Good background material.
Questions solved:
1) Was using git bash. From Windows command line, the apigee-istio.exe is working OK.
2) One must use the istio-demo.yaml as provided by Apigee in samples/istio and NOT use the install file that comes with the Istio 1.0.0 download. Apigee has changed the image for the mixer. This was not clear from the docs.
containers: - name: mixer # image: "gcr.io/istio-release/mixer:1.0.0" image: "gcr.io/apigee-api-management-istio/istio-mixer:1.0.0"
Steps I took to experiment on Google Kubernetes (based on Google Istio docs). Used git bash on Windows 10, except for the apigee-istio commands.
gcloud components install kubectl
gcloud config set project <project> gcloud config set gcloud config set compute/zone europe-west1-d
container clusters create <project> --num-nodes 2 --machine-type n1-standard-2 --no-enable-legacy-authorization
kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin--user=$(gcloud config get-value core/account)
gcloud container clusters get-credentials <project>
If you have multiple kubernetes clusters or earlier installs, see https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/)
kubectl apply -f samples/istio/istio-demo.yaml kubectl get pods -n istio-system
And continue as described on https://github.com/apigee/istio-mixer-adapter.
Make sure that your product name only contains characters, numbers and hyphens (and not underscores as I initially did).
To view Istio logs, e.g. from Mixer, see here.
Hola, tengo un problema similar, el detalle es que no funciona apigee-istio.exe, trato de hacer todo con la cloud shell de GCP, pero no logro editar handler.yaml
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |