This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee Istio Queries

Posted on 08-23-2018 05:19 PM
cladius_fernand
New Member
Reply posted on --/--/---- --:-- AM
  1. In the tutorial we are leveraging a Hello World image. Is the idea that we would be using Apigee Microgateways in place of this?
  2. What is the roadmap for the Istio-Apigee mixer? Currently we have authentication, quota-check and analytics implemented. Anything else to follow?
  3. Is there a benefit in using Istio without an underlying container orchestration engine like Kubernetes or Consul?
  4. What are the different configurations in which we are currently foreseeing to use Istio in combination with Apigee Edge? Is it restricted to the micro-gateway scenario or can it be used beyond that as well?
Solved Solved
1 3 586
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

#1: I'm not sure I understand this question. How does Microgateway fit in here? The "hello world" application is the microservice that is managed.

#2: There is authentication (mTLS) and Authorization (apikey, oauth and RBAC) in addition to the ones you have mentioned. At this time we are looking for feedback from users/customers on what new feature they'd like to see in the adapter.

#3: We recommend using Kubernetes at least to host the Istio control plane (Mixer, Pilot, Citadel). The applications/microservices can be on VMs. Ingress and sidecar proxies can be installed on VMs. The benefits of Istio can be applied to applications running outside k8s.

For workloads on VMs, if the VMs are auto-scaled, then it makes sense to use a service discovery like Consul. Otherwise, you probably don't need it.

#4: I'd pose the question slightly differently. "What are the use cases for Istio?" - Istio provides service management (Load balancing, TLS, Telemetry, etc.). These are needed for all services (web apps, APIs, databases etc.). Some of those services are APIs and those APIs need API Management. The Istio adapter provides API Management within the service mesh.

For APIs exposed externally (and by definition outside the mesh), Edge is still used to manage, protect those endpoints. From my point of view, they complement each other.

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

#1: I'm not sure I understand this question. How does Microgateway fit in here? The "hello world" application is the microservice that is managed.

#2: There is authentication (mTLS) and Authorization (apikey, oauth and RBAC) in addition to the ones you have mentioned. At this time we are looking for feedback from users/customers on what new feature they'd like to see in the adapter.

#3: We recommend using Kubernetes at least to host the Istio control plane (Mixer, Pilot, Citadel). The applications/microservices can be on VMs. Ingress and sidecar proxies can be installed on VMs. The benefits of Istio can be applied to applications running outside k8s.

For workloads on VMs, if the VMs are auto-scaled, then it makes sense to use a service discovery like Consul. Otherwise, you probably don't need it.

#4: I'd pose the question slightly differently. "What are the use cases for Istio?" - Istio provides service management (Load balancing, TLS, Telemetry, etc.). These are needed for all services (web apps, APIs, databases etc.). Some of those services are APIs and those APIs need API Management. The Istio adapter provides API Management within the service mesh.

For APIs exposed externally (and by definition outside the mesh), Edge is still used to manage, protect those endpoints. From my point of view, they complement each other.

Jump to Solution

Posted on --/--/---- --:-- AM
cladius_fernand
New Member
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

Thanks @srinandans for the replies.

Regarding #1: the current example in the tutorial is about the HelloWorld microservice interacting with istio-auth Api proxy on Edge. My query is can we replace the HelloWorld microservice in this scenario with an Edge microgateway process. Does that make sense? Is that possible and is there any benefit in that use case?

Is there any other way to run an Edge Api proxy (which has my api processing logic) in conjunction with Istio?

Or is it expected that we modify the istio-auth proxy and the definitions.yaml to introduce our custom api-processing logic?

In the handler.yaml file, I noticed a line 

apigee_base: https://istioservices.apigee.net/edgemicro

What is the significance of that?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
In response to cladius_fernand
Reply posted on --/--/---- --:-- AM

#1, Technically, yes you can add Microgateway there. It should work. The only reason I see for this model is to retain investments in custom plugins for MG.

#2: Edge API Proxy can be called before the ingress (before it reaches the mesh) and as a callout by another mixer adapter.

#3: Yes

#4: The URL is where AX from Istio is sent to Apigee.

Jump to Solution