How to deploy Apigee Edge Microgateway

Recently, a project team introduced Apigee Edge Microgateway to one of our clients. This blog post was created with the goal of helping other Apigee Edge developers to quickly implement Apigee Microgateway in their projects.

It is easy and simple to learn, so let’s get started.

What is Apigee Edge Microgateway?

It is a simple, secure message processor for APIs built on nodejs and available on npm. Just like Apigee’s Edge API Management platform, Microgateway also offers API management capabilities such as security, traffic management, analytics etc. It is more useful in applications built with a microservices architecture.

Why Apigee Edge Microgateway?

As many of us are already aware, Apigee Edge comes with two flavors, private cloud and public cloud. Having a private cloud of Apigee for a microservices architecture pattern deployed on other cloud platforms is costly, network intensive and takes a long time to build.

When each API that you create on Apigee Edge is accessed by the microservices deployed on different cloud platforms such as Azure, AWS or an on-premise private cloud, there will be a network call going out to and from Apigee/Google/private cloud network to your back-end application network, therefore risking an increase in the network traffic.  Depending on client requirements, Apigee Microgateway can be a cost effective alternative, easier to deploy and configure versus a full EDGE platform instance.

Typically, Edge Microgateway is installed within a trusted network in close proximity to back-end target services. It provides enterprise-grade security, and some key plugin features such as spike arrest, quota and analytics, but not the full capabilities of Apigee Edge. You can install Edge Microgateway in the same data center or even on the same machine as your back-end services.

Dependency on Apigee Edge

Edge Microgateway depends on and interacts with Apigee Edge. The primary ways that Edge Microgateway interacts with Edge are:

• Upon startup, Edge Microgateway obtains a list of special "Edge Microgateway-aware" proxies and a list of all the API products from your Apigee Edge organization. For each incoming client request, Edge Microgateway determines if the request matches one of these API proxies, then validates the incoming access token or API key based on the keys in the API product associated with that proxy.
• The Apigee Edge Analytics system stores and processes API data sent asynchronously from Edge Microgateway.
• Apigee Edge provides credentials used to sign access tokens or provide API keys that are required by clients making API calls through Edge Microgateway. You can obtain these tokens using a CLI command provided with Edge Microgateway.

Deployment Options

Edge Microgateway can be deployed in the virtual machines as standalone processes or can be integrated with Kubernetes.

Standalone option with load balancer or standard reverse proxy:

Kubernetes option is containerized as a sidecar proxy in Kubernetes. (You can also deploy it as a service instead of sidecar.):

Installation as standalone process        

According Apigee documentation, “you can run Edge Microgateway disconnected completely from any Apigee Edge dependency”. This is called “standalone mode” and is a specific mode that can be configured to let you run and test Edge Microgateway when you’re offline.

• On a virtual machine (VM), Edge Microgateway requires a minimum of 1 core and at least 256 MB of RAM. The Edge Microgateway process itself takes less than 128 MB of RAM.
• It requires node and npm to be installed as prerequisite.
• Install the latest version or required version with npm.

npm install edgemicro -g  // latest version

npm install edgemicro@3.0.2 -g // with version specified

• Check version with edgemicro --version.
• Configure Edge Microgateway.

edgemicro configure -o [org] -e [env] -u [username]

• If it is private cloud, use the below command.

edgemicro private configure -o [org] -e [env] -u [username] -r [runtime_url] -m [mgmt_url] -v [virtual_host]

• Once the configuration command is successful, you will get the key and secret. Safely store these.

key: 3a680d5cac8405e288258b90ba607f626d392321c6c47c74ddedb3fc4291cc9e

secret: 503d36d40751d84deeb47e2ff1800b066fca2c2cba7e1197a6ada424b1e96e1e

• Start Edge Microgateway with command.

edgemicro start -o [org] -e [env] -k [key] -s [secret]

• To stop, use the below.

edgemicro stop

One-time configuration

You must initially configure Edge Microgateway to be able to communicate with your Apigee Edge organization with the commands given in the above steps. On startup, Edge Microgateway initiates a bootstrapping operation with Apigee Edge. Edge Microgateway retrieves from Apigee Edge the information it requires to process API calls on its own, including the list of Edge Microgateway-aware proxies that are deployed on Apigee Edge.

After the successful configuration, the config yaml file for the Edge Microgateway settings will be generated in .edgemicro folder in user home directory - $HOME/.edgemicro/<orgName>-<envName>-config.yaml.

edge_config:

bootstrap:https://apigee.net/edgemicro/bootstrap/organization/o

       rg/environment/env...

       jwt_public_key: http://apigee.net/edgemicro/publicKey...

       managementUri: https://api.enterprise.apigee.com 

       vaultName: microgateway

       authUri: https://%s-%s.apigee.net/edgemicro-auth

baseUri:https://edgemicroservices.apigee.net/edgemicro/%s/organ

       ization/%s/environment/%s

       bootstrapMessage: Please copy the following property to the

       edge micro agent config

       keySecretMessage: The following credentials are required to

        start edge micro

edgemicro:

   port: 8000 // change mg port here

   max_connections: 1000

   config_change_poll_interval: 600

   logging:

       level: error

       dir: /var/tmp

       stats_log_interval: 60

       rotate_interval: 24

       plugins:

              sequence:  // add required plugins here

               - oauth

headers:

    x-forwarded-for: true

    x-forwarded-host: true

    x-request-id: true

    x-response-time: true

    via: true

oauth:

    allowNoAuthorization: false // if true, oauth plugin will be

    disabled

    allowInvalidAuthorization: false

Dockerized Microgateway

• On a container, Microgateway can be used with an image size of less than 100MB.
• You must configure and create Microgateway aware proxies, products and apps before dockerizing Microgateway.
• Pull docker image for Edge Microgateway.

docker pull gcr.io/apigee-microgateway/edgemicro:latest

• Run the following command to base64-encode the Edge Microgateway configuration file located in $HOME/.edgemicro:

export EDGEMICRO_CONFIG=`base64 $HOME/.edgemicro/your_org-your_env-config.yaml`

// Remember to place back-ticks (`) around the command

• Run Edge Microgateway as a container.

docker run -P -p 8000:8000 -d --name edgemicro \

-v /var/tmp:/opt/apigee/logs \

-e EDGEMICRO_PROCESSES=1 \

-e EDGEMICRO_ORG=your_org \

-e EDGEMICRO_ENV=your_env \

-e EDGEMICRO_KEY=your_key \

-e EDGEMICRO_SECRET=your_secret \

-e EDGEMICRO_CONFIG=$EDGEMICRO_CONFIG \

-e SERVICE_NAME=edgemicro \

--security-opt=no-new-privileges \

--cap-drop=ALL \

gcr.io/apigee-microgateway/edgemicro:latest

Create Microgateway Aware Proxies

Apigee Microgateway requires you to create Microgateway proxies. Any proxy that you create for Microgateway should start with edgemicro_. During the startup, Microgateway loads all the proxies that start with edgemicro_ and its associated products, apps and secrets into its cache. In the next article, I will write about limitations of Microgateway compared to Edge Gateway, plugins usage and custom plugins development with nodejs.