Demo Hybrid
1. Install Apigee hybrid
2. Ensure policy is not disabled
kubectl -n istio-system get cm istio -o jsonpath="{@.data.mesh}" | grep disablePolicyChecks
Response: disablePolicyChecks: false
3. Enable injection
kubectl label namespace default istio-injection=enabled
4. Clone this repo
git clone https://github.com/theganyo/apigee-hybrid-demo.git
cd apigee-hybrid-demo
5. Deploy httpbin and test ok
export GATEWAY_URL=???
kubectl apply -f httpbin.yaml
kubectl apply -f httpbin-gateway.yaml
curl http://${GATEWAY_URL}/headers
6. (Optional) Check that Istio policy is working using simple denier
kubectl apply -f denier.yaml
Let Istio catch up then try again
curl http://${GATEWAY_URL}/headers
Response: PERMISSION_DENIED:denier.default:Not allowed
Delete denier
kubectl delete -f denier.yaml
Verify ok again
curl http://${GATEWAY_URL}/headers
7. Provision hybrid for Istio adapter
export ORG=???
export ENV=???
export EMAIL=???
export TOKEN=$(gcloud auth print-access-token)
echo $TOKEN
apigee-istio-linux provision \
--org $ORG \
--env $ENV \
--hybrid \
--developer-email $EMAIL \
--routerBase $HYBRID_RUNTIME_HOST \
--token $TOKEN > handler.yaml
(use apigee-istio-darwin for mac)
8. Deploy adapter
kubectl apply -f adapter.yaml
Ensure it's running
kubectl -n apigee get po -l app=apigee-adapter
9. Apply Istio definitions, handler, rule, test
kubectl apply -f definitions.yaml
kubectl apply -f handler.yaml
kubectl apply -f rule.yaml
10. Follow standard Apigee adapter directions from this point:
https://github.com/apigee/istio-mixer-adapter#authentication-test
On this page
Contributors
Created March 13, 2020
Updated March 13, 2020