Difference in feature between Apigee Istio adapter and Hybrid Cloud

claxmana
Participant I

Hi,

I'm new to APIGEE, and still in evaluation phase.

Could you please help me understand when would one use Istio adapter topology Vs Hybrid Cloud?

I understand, if the micro services are exposed via Istio service mesh, one can use Apigee's Istio adapter. Other than that is there any more criteria to consider? Is Apigee Istio adapter is functional rich as Apigee Edge Gateway or does it support only subset of policies and feature provided by Edge Gateway? Sorry if the question is very loose. Please point me to any reference material that can be used to choose between various hybrid option offered by Apigee. Thanks in advance.

1 4 1,040
4 REPLIES 4

Yes, I can help you, Chari.

The Apigee Adapter for Istio, as you understand, is a way to bring API Management to Istio. This means:

  • API Consumption: discover and documentation, as well as self-service credential provisioning via the developer portal
  • API Usage analysis - via Apigee analytics
  • API Security - via JWT and product-based Quota enforcement.

The adapter may be interesting if:

  1. You have Istio, and want to share some of the services inside the Istio cluster to outside API Consumers
  2. You want the Istio ingress gateway to enforce API security
  3. You want to see API Analytics for APIs exposed from Istio directly, alongside analytics for APIs exposed by the Apigee Edge gateway.

Apigee hybrid is a deployment option for Apigee. It allows you full API Management, all the features of Apigee that you know about. The key difference for hybrid is, you manage and operate the gateways yourself. This means, in contrast to Apigee SaaS:

  • you install and configure the gateway machines. (These need to run in k8s, in fact in Anthos or GKE)
  • You control the data path. This is nice for when clients are on the same corporate network as the gateway and upstream; no data need cross public networks. This also is nice if you want to shorten the data path (may get you lower latency).

Both options give you developer portal and API Analytics. The difference is in the capability of the Gateways. The Apigee Adapter for Istio relies on the existing Envoy + Mixer for ingress gateway. Basically the Istio Mixer "learns a few new tricks" when you install the adapter, but it's still basically Istio.

The Apigee hybrid gateway is the full-featured, mature Apigee gateway. It supports 35+ policies, with more being added regularly.

Apigee hybrid does not require you to use Istio for your services. Even so, It may be interesting to use an Apigee hybrid as an API Gateway, in front of your services, whether you use Istio as the service mesh infrastructure or not.

Apigee hybrid could act as a gateway in front of an Istio Ingress (which would operate WITHOUT the Apigee Adapter). It's one less moving part.

Thank you Dino, very clear and elaborate.

Is all the 35+ policies is available in Istio adapter based topology? Or is it a subset.

If it is subset of features, could you please point me to any documentation, I can refer.

If you use the Istio Adapter, then you get Analytics, API Key or Token verification, and Quota. That's it!

Hi Chari,

BTW, in Istio v1.5, the Mixer (and the Mixer adapter model) is deprecated. It still works, but it will be removed in the future. Speaking with the Istio engineering team, it seems that Mixer will no longer be included in Istio in v1.7.

So, you should expect to see some other mechanism for connecting Apigee to Istio services, in the future. I don't have any further information to share with you at this time... but I'm sure there will be something very similar to the Apigee Mixer Adapter.