How to use Apigee Edge Microgateway

Recently, my team introduced Apigee Edge Microgateway instead of Apigee Edge API Gateway to one of our clients. I’m writing this blog hoping to help other Apigee Edge developers to quickly implement Apigee Microgateway in their projects.

It is easy and simple to learn, so let’s get started.

What is Apigee Edge Microgateway?

It is simple secure message processor for APIs. It is built on nodejs and is available on npm. Just like Apigee Edge Gateway, Microgateway also offers API management capabilities such as security, traffic management, analytics etc. It is more useful in applications built with a microservices architecture.

Why Apigee Edge Microgateway?

As many of us are already aware, Apigee Edge comes with two flavors, private cloud and public cloud. Having a private cloud of Apigee for a microservices architecture pattern deployed on other cloud platforms is costly, network intensive and takes a long time to build.

When each API that you create on Edge Gateway is accessed by the microservices deployed on different cloud platforms such as Azure, AWS or an on-premise private cloud, there will be a network call going out to and from Apigee/Google/private cloud network to your back-end application network. This not only increases the network traffic, but also the cost. Apigee Edge Gateway is costlier than Microgateway.

Typically, Edge Microgateway is installed within a trusted network in close proximity to back-end target services. It provides enterprise-grade security, and some key plugin features such as spike arrest, quota and analytics, but not the full capabilities of Apigee Edge. You can install Edge Microgateway in the same data center or even on the same machine as your back-end services.

Dependency on Apigee Edge

Edge Microgateway depends on and interacts with Apigee Edge. The primary ways that Edge Microgateway interacts with Edge are:

• Upon startup, Edge Microgateway obtains a list of special "Edge Microgateway-aware" proxies and a list of all the API products from your Apigee Edge organization. For each incoming client request, Edge Microgateway determines if the request matches one of these API proxies, then validates the incoming access token or API key based on the keys in the API product associated with that proxy.
• The Apigee Edge Analytics system stores and processes API data sent asynchronously from Edge Microgateway.
• Apigee Edge provides credentials used to sign access tokens or provide API keys that are required by clients making API calls through Edge Microgateway. You can obtain these tokens using a CLI command provided with Edge Microgateway.

Deployment Options

Edge Microgateway can be deployed in the virtual machines as standalone processes or can be integrated with Kubernetes.

The standalone option with load balancer or standard reverse proxy:

The Kubernetes option is containerized as a sidecar proxy in Kubernetes. (You can also deploy it as a service instead of sidecar.):

Installation as standalone process

• On a virtual machine (VM), Edge Microgateway requires a minimum of 1 core and at least 256 MB of RAM. The Edge Microgateway process itself takes less than 128 MB of RAM.
• Requires node and npm to be installed as prerequisite.
• Install latest version or required version with npm.

npm install edgemicro -g  // latest version

npm install edgemicro@3.0.2 -g // with version specified

Check version withedgemicro --version
Configure Edge Microgateway

edgemicro configure -o [org] -e [env] -u [username]
If it is private cloud, use the below command

edgemicro private configure -o [org] -e [env] -u [username] -r [runtime_url] -m [mgmt_url] -v [virtual_host]

Once the configuration command is successful, you will get the key and secret, safely store these.

The following credentials are required to start edge micro

key:
3a680d5cac8405e288258b90ba607f626d392321c6c47c74ddedb3fc4291cc9e
secret:
503d36d40751d84deeb47e2ff1800b066fca2c2cba7e1197a6ada424b1e96e1e

Start Edge Microgateway with command
edgemicro start -o [org] -e [env] -k [key] -s [secret]

To stop, use
edgemicro stop

One-time configuration

You must initially configure Edge Microgateway to be able to communicate with your Apigee Edge organization with the commands given in the above steps. On startup, Edge Microgateway initiates a bootstrapping operation with Apigee Edge. Edge Microgateway retrieves from Apigee Edge the information it requires to process API calls on its own, including the list of Edge Microgateway-aware proxies that are deployed on Apigee Edge.

After the successful configuration, the config yaml file for the Edge Microgateway settings will be generated in .edgemicro folder  in user home directory - $HOME/.edgemicro/<orgName>-<envName>-config.yaml.

edge_config:

bootstrap:https://apigee.net/edgemicro/bootstrap/organization/o  

       rg/environment/env...

       jwt_public_key: http://apigee.net/edgemicro/publicKey...

       managementUri: https://api.enterprise.apigee.com 

       vaultName: microgateway

       authUri: https://%s-%s.apigee.net/edgemicro-auth

baseUri:https://edgemicroservices.apigee.net/edgemicro/%s/organ

       ization/%s/environment/%s

       bootstrapMessage: Please copy the following property to the

       edge micro agent config

       keySecretMessage: The following credentials are required to

        start edge micro

edgemicro:

   port: 8000 // change mg port here

   max_connections: 1000

   config_change_poll_interval: 600

   logging:

       level: error

       dir: /var/tmp

       stats_log_interval: 60

       rotate_interval: 24

       plugins:

              sequence:  // add required plugins here

               - oauth

headers:

    x-forwarded-for: true

    x-forwarded-host: true

    x-request-id: true

    x-response-time: true

    via: true

oauth:

    allowNoAuthorization: false // if true, oauth plugin will be

    disabled

    allowInvalidAuthorization: false

Dockerized Microgateway

On a container, Microgateway can be used with an image size of less than 100MB. You must configure and create Microgateway aware proxies, products and apps before dockerizing Microgateway

Pull docker image for Edge Microgateway

docker pull gcr.io/apigee-microgateway/edgemicro:latest

Run the following command to base64-encode the Edge Microgateway configuration file located in $HOME/.edgemicro:

export EDGEMICRO_CONFIG=`base64 $HOME/.edgemicro/your_org-your_env-config.yaml`

// Remember to place back-ticks (`) around the command

Run Edge Microgateway as a container.

docker run -P -p 8000:8000 -d --name edgemicro

-v /var/tmp:/opt/apigee/logs

-e EDGEMICRO_PROCESSES=1

-e EDGEMICRO_ORG=your_org

-e EDGEMICRO_ENV=your_env

-e EDGEMICRO_KEY=your_key

-e EDGEMICRO_SECRET=your_secret

-e EDGEMICRO_CONFIG=$EDGEMICRO_CONFIG

-e SERVICE_NAME=edgemicro

--security-opt=no-new-privileges

--cap-drop=ALL

gcr.io/apigee-microgateway/edgemicro:latest

Create Microgateway Aware Proxies

Apigee Microgateway requires you to create Microgateway proxies. Any proxy that you create for Microgateway should start with edgemicro_. During the startup, Microgateway loads all the proxies that start with edgemicro_ and its associated products, apps and secrets into its cache. In the next article, I will write about limitations of Microgateway compared to Edge Gateway, plugins usage and custom plugins development with nodejs.