This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

What is the correct way to configure Apigee Edge Saas integration with GKE

Posted on 05-20-2021 12:26 PM
juliourbina
New Member
Reply posted on --/--/---- --:-- AM

I don´t have much expirence in Apigee. Therefore, i have the following doubt.

I have an API expose with an Ingress Controller on GKE, but and I need to expose the same API in Apigee Edge instead.

I don´t know if i have to set up an API Proxies with a target server 2 - way TLS or it neccesary set up edge microgateway on GKE.


I´m an bit confused which is the correct way based on my needs.

Regards,

Solved Solved
0 2 584
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

No you do not need (should not use) Edge microgateway.

To connect Apigee Edge to GKE, the obvious approach is to expose the GKE via one of the load balancer mechanisms that permits external (internet) traffic. See this article. But external HTTP(s) Load balancers do not support mTLS at this time.

That means you must use the L4 Load Balancer; in that case you must terminate TLS (and enforce mutual TLS) at your ingress controller on the GKE cluster itself. There are multiple kubernetes ingress controller options out there that can terminate TLS and perform client authentication, among them are: nginx-ingress, istio ingress gateway, and contour. But if you are running on GKE, you can use Anthos Service Mesh , which relies on Istio. ASM may be more than you need if you just want mTLS on ingress.

Exposing apps through GKE ingress is described here.

The doc for mutual TLS for the Istio ingress gateway is here.

Then set the corresponding configuration on the target server on the Apigee SaaS side. The documentation for that is pretty clear.

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

No you do not need (should not use) Edge microgateway.

To connect Apigee Edge to GKE, the obvious approach is to expose the GKE via one of the load balancer mechanisms that permits external (internet) traffic. See this article. But external HTTP(s) Load balancers do not support mTLS at this time.

That means you must use the L4 Load Balancer; in that case you must terminate TLS (and enforce mutual TLS) at your ingress controller on the GKE cluster itself. There are multiple kubernetes ingress controller options out there that can terminate TLS and perform client authentication, among them are: nginx-ingress, istio ingress gateway, and contour. But if you are running on GKE, you can use Anthos Service Mesh , which relies on Istio. ASM may be more than you need if you just want mTLS on ingress.

Exposing apps through GKE ingress is described here.

The doc for mutual TLS for the Istio ingress gateway is here.

Then set the corresponding configuration on the target server on the Apigee SaaS side. The documentation for that is pretty clear.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
juliourbina
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thank you for the answer. It helped me to understand what is the next step to take.

Regards,

Jump to Solution
0 Likes