Send Docs Feedback

Note: Most user interface tasks can be performed in Edge Classic or the New Edge experience. For an overview, getting started topics, and release notes specific to the New Edge experience, see the docs.

Proxying a Cloud Foundry app (microgateway-coresident plan)

This topic describes how to push a sample app to Pivotal Cloud Foundry (PCF), create an Apigee Edge service instance using Apigee Edge Microgateway, and bind the application to it. After binding the application to the Apigee Edge service instance, requests to the app will be forwarded to an Apigee Edge API proxy for management.

In the process described here, the PCF app and Microgateway are in the same Cloud Foundry container. For a process that has them in separate containers, see Proxying a Cloud Foundry app (microgateway plan).

Before performing the procedures in this topic, you must install and configure the Apigee Edge Service Broker for PCF tile. For more on that, see Install and configure the Apigee service broker.

Steps in these instructions use CF CLI with an Apigee plugin. To see corresponding CF CLI commands, see Mapping for Apigee and Cloud Foundry integration commands.

Step 1: Create a Service Instance

Perform the following steps to create an instance of the Apigee Edge service:

  1. List the Marketplace services and locate the Apigee Edge service:

    $ cf marketplace
    Getting services from marketplace in org example / space development as user@example.com...
    OK
    
    service          plans                     description
    apigee-edge      org, microgateway, microgateway-coresident         Apigee Edge API Platform
    
  2. Create an instance of the Apigee Edge service. Select the microgateway-coresident service plan to have Apigee Edge Microgateway run in the same container as your Cloud Foundry app.

    $ cf create-service apigee-edge microgateway-coresident YOUR-SERVICE-INSTANCE -c \
    '{"org":"YOUR-ORG", "env":"YOUR-ENV"}'
  3. Use the cf service command to display information about the service instance:

    $ cf service YOUR-SERVICE-INSTANCE
    
    Service instance: YOUR-SERVICE-INSTANCE
    Service: apigee-edge
    Bound apps:
    Tags:
    Plan: org
    Description: Apigee Edge API Platform
    Documentation url: http://apigee.com/docs/
    Dashboard: https://enterprise.apigee.com/platform/#/
    
    Last Operation
    Status: create succeeded
    Message:
    Started: 2016-10-27T20:47:43Z
    Updated:
    

Step 2: Install the Plugin

  1. Install the Apigee Broker Plugin as follows.

    $ cf install-plugin -r CF-Community "apigee-broker-plugin"
    
    Searching CF-Community for plugin apigee-broker-plugin...
    Plugin apigee-broker-plugin 0.1.1 found in: CF-Community
    Attention: Plugins are binaries written by potentially untrusted authors.
    Install and use plugins at your own risk.
    Do you want to install the plugin apigee-broker-plugin? [yN]: y
    Starting download of plugin binary from repository CF-Community...
    7.85 MiB / 7.85 MiB [===========================================================================================================================================================================================================================================] 100.00% 11s
    Installing plugin Apigee-Broker-Plugin...
    OK
    Plugin Apigee-Broker-Plugin 0.1.1 successfully installed.
  2. Make sure the plugin is available by running the following command:

    $ cf -h
    …
    Commands offered by installed plugins:
      apigee-bind-mg,abm      apigee-unbind-mgc,auc    enable-diego
      apigee-bind-mgc,abc     apigee-unbind-org,auo    has-diego-enabled
      apigee-bind-org,abo     dea-apps                 migrate-apps
      apigee-push,ap          diego-apps               dev,pcfdev
      apigee-unbind-mg,aum    disable-diego
    

Step 3: Install Apigee Edge Microgateway and Cloud Foundry App

Here, you install Apigee Edge Microgateway and your Cloud Foundry app to the same Cloud Foundry container.

  1. Install and configure Apigee Edge Microgateway.

  2. Locate and make any desired changes to the configuration YAML file created in your Apigee Edge Microgateway installation, typically in the .edgemicro directory.

  3. Copy the configuration file to the following directory in your Cloud Foundry app: <application-folder>/<config-directory>.

  4. Configure the plugins via the app manifest to include the APIGEE_MICROGATEWAY_CUSTOM environment variable. For example:

    env:
            ...
            APIGEE_MICROGATEWAY_CONFIG_DIR: config
      	APIGEE_MICROGATEWAY_CUST_PLUGINS: plugins
      	APIGEE_MICROGATEWAY_PROCESSES: 2
            APIGEE_MICROGATEWAY_CUSTOM: |
                                          {"policies":
                                          {
                                          "oauth":
                                              {
                                              "allowNoAuthorization": false, 
                                              "allowInvalidAuthorization": false
                                              },
                                          "spikearrest": 
                                              {
                                              "timeUnit": "minute", 
                                              "allow": 10
                                              }
                                          },
                                          "sequence": ["oauth", "spikearrest"]
                                          }

    To support Cloud Foundry application health check, make sure your applications block includes the health-check-type and health-check-http-endpoint properties:

    health-check-type: http
    health-check-http-endpoint: /healthcheck
    

    Also, the sequence property must include a reference to the healthcheck plugin, as shown here.

    "sequence": ["healthcheck", "oauth", "spikearrest"]

    For more on health check, see Using Application Health Checks.

    The following describes the manifest properties:

    Variable Description
    APIGEE_MICROGATEWAY_CONFIG_DIR Location of your Apigee Microgateway configuration directory.
    APIGEE_MICROGATEWAY_CUST_PLUGINS Location of your Apigee Microgateway plugins directory.
    APIGEE_MICROGATEWAY_PROCESSES The number of child processes that Apigee Microgateway should start. If your Microgateway performance is poor, setting this value higher might improve it.
    APIGEE_MICROGATEWAY_CUSTOM “sequence” corresponds to the sequence order in the microgateway yaml file (this will be added on to the end of any current sequence in the microgateway yaml file with duplicates removed).

    “policies” correspond to any specific configuration needed by a plugin; for instance, “oauth” has the ‘"allowNoAuthorization": true configuration. These policies will overwrite any existing policies in the microgateway yaml file and add any that do not yet exist.
  5. Configure the microgateway yaml file from step 2 to include the necessary plugins. For example if we added a “spikearrest” plugin: yaml ... plugins: dir: ../plugins sequence: - oauth - spikearrest spikearrest: timeUnit: minute allow: 10 oauth: allowNoAuthorization: false allowInvalidAuthorization: false

  6. Copy any custom plugins’ root folders (with custom plugin specific package.json and index.js in the respective root folder) into the following directory in your Cloud Foundry app: <application-folder>/<plugin-directory>.

    1. Remove the following or any other buildpack tags from the manifest:
      yaml buildpack: nodejs_buildpack
    2. If you have custom buildpacks, add the following line to the “env” section:

      env:
                ...
                APIGEE_MICROGATEWAY_CUST_PLUGINS: '<plugin-directory>'
      
  7. Ensure that your Cloud Foundry app isn’t running on port 8080, nor on the port specified by the PORT environment variable.

  8. Push the Cloud Foundry app to your Cloud Foundry container.

    cf apigee-push

    You’ll be prompted for the following:

    Argument Description
    Plan type confirmation Specify whether you’re using the microgateway-coresident plan.
    Path to your Java archive If your app is a Java app, specify the path to its .jar file.
    Path to the configuration directory with Microgateway .yaml file Location of your Apigee Microgateway configuration directory.
    Path to the configuration directory with custom plugins Location of your Apigee Microgateway plugins directory.

Step 4: Bind the Cloud Foundry App to the Service Instance

In this step, you bind a Cloud Foundry app to the Apigee service instance you created. The apigee-bind-mgc command creates the proxy for you and binds the app to the service.

Each bind attempt requires authorization with Apigee Edge, with credentials passed as additional parameters to the apigee-bind-mgc command. You can pass these credentials as arguments of the apigee-bind-mgc command or by using a bearer token.

  1. If you’re using a bearer token to authenticate with Apigee Edge, get or update the token using the Apigee SSO CLI script. (If you’re instead using command-line arguments to authenticate with username and password, specify the credentials in the next step.)

    1. Download the Apigee Edge scripts:

      $ curl https://login.apigee.com/resources/scripts/sso-cli/ssocli-bundle.zip -o "ssocli-bundle.zip"
    2. Unzip the ssocli-bundle.zip file. This includes get_token, a script that gets or updates a token that you use to authenticate with your Apigee Edge organization. You need this token to bind the Apigee Edge route service to your app.

      $ tar xvf ssocli-bundle.zip
    3. Create a .sso-cli directory in your user directory:

      $ mkdir ~/.sso-cli
    4. Use the get_token script to create a token. When prompted, enter the Apigee Edge username and password you use to log in to your organization.

      $ ./get\_token

      The get_token script writes the token file into ~/.sso-cli. For more about get_token, see the Apigee documentation.

  2. Bind the app to the Apigee service instance with the apigee-bind-mgc command.

    Use the command without arguments to be prompted for argument values. To use the command with arguments, see the command reference at the end of this topic. For help on the command, type cf apigee-bind-mgc -h.

    $ cf apigee-bind-mgc

    You’ll be prompted for the following:

    Argument Description
    Apigee username Apigee user name. Not used if you pass a bearer token with the –bearer argument.
    Apigee password Apigee password. Not used if you pass a bearer token with the –bearer argument.
    Action to take Required. proxy to generate an API proxy; bind to bind the service with the proxy; proxy bind to generate the proxy and bind with a single command.
    Apigee environment Required. The Apigee environment where your proxy should be deployed.
    Apigee organization Required. The Apigee organization where your proxy should be created.
    Application to bind to Required. Name of the Cloud Foundry application to bind to.
    Microgateway key Required. Your Apigee Edge Microgateway key.
    Microgateway secret Required. Your Apigee Edge Microgateway secret.
    Service instance name to bind to Required. Name of the Apigee service to bind to.
    Target application port Required. Port for your Cloud Foundry app. This may not be 8080 nor the PORT environment variable.
    Target application route Required. The URL for your Cloud Foundry app. This will be the suffix of the proxy created for you through the bind command

    The command creates an API proxy on the specified Apigee org and environment, then binds the Apigee service to the target app. To do its work, this command authenticates with Apigee Edge using the credentials you specified. You’ll be prompted to start the app. If you don’t and want to start it later you can start the Cloud Foundry app and microgateway-decorator along with it.

    $ cf start APP-NAME
  3. Log into Edge and note that the proxy has been created. Then follow the instructions to create a product with your newly created proxy. You can now configure standard Apigee Edge policies on that proxy.

apigee-bind-mgc Reference

Use the apigee-bind-mgc command to generate an API proxy on Apigee Edge and to bind the Cloud Foundry service to the proxy.

The command requires your Apigee Edge credentials in order to create and bind to an API proxy. You can specify credentials either with a bearer token or by giving a username and password at the command line. To use a token, you must provide the --bearer argument.

To be prompted for argument values (and provide a username and password at prompts), use the command without arguments.

$ cf apigee-bind-mgc

To specify arguments on the command line, use the following syntax (be sure to use quotes and command expansion, as shown here):

$ cf apigee-bind-mgc [--app APP_NAME] [--service SERVICE_INSTANCE] \
    [--apigee_org APIGEE_ORGANIZATION] [--apigee_env APIGEE\_ENVIRONMENT] \ 
    [--edgemicro_key EDGEMICRO_KEY] [--edgemicro_secret EDGEMICRO_SECRET] \
    [--target_app_route TARGET_APP_ROUTE] [--target_app_port TARGET_APP_PORT] \ 
    [--action ACTION] [--user APIGEE_USERNAME] [--pass APIGEE_PASSWORD] \
    [--bearer APIGEE_BEARER_TOKEN]

Parameters for the -c argument specify connection details:

Parameter Purpose Allowed Values
action A value specifying whether to create or bind an API proxy proxy to generate an API proxy; bind to bind the service with the proxy; proxy bind to generate the proxy and bind with a single command.
apigee_env Apigee Edge environment to which the API proxy is (or will be) deployed Your environment.
apigee_org Apigee Edge organization hosting the API proxy to be called Your organization (must be reachable via the authentication token specified in the bearer parameter).
app Name of the Cloud Foundry application to bind to. The app name.
bearer Path to a file containing an authentication token valid for your organization An authentication token, such as one generated with Apigee’s get_token command. The broker does not store any data; it requires credentials and other parameters for each individual cf command. Instead of a bearer token, credentials can also be expressed as:
  • basic: standard HTTP Base-64 encoded username and password for Authorization: Basic. Note that this is not encrypted and easily converted to clear text. But a jumble of digits and letters may provide some protection in case of momentary exposure (but no better than if the password is already a jumble of digits, letters, and symbols)
  • username and password in clear text
edgemicro_key The key for your Apigee Edge Microgateway configuration (returned when you configured the Apigee Microgateway). The configuration key.
edgemicro_secret The secret for your Apigee Edge Microgateway configuration (returned when you configured the Apigee Microgateway). The configuration secret.
pass Apigee password. Not used if you pass a bearer token with the –bearer argument. Your password.
service Name of the Apigee service to bind to. The service name.
target_app_port Port for your Cloud Foundry app. This may not be 8080 nor the PORT environment variable. The port number.
target_app_route The URL for your Cloud Foundry app. The app URL.
user Apigee user name. Not used if you pass a bearer token with the –bearer argument. Your user name.

Step 5: Test the Binding

Once you’ve bound your app’s path to the Apigee service (creating an Apigee proxy in the process), you can try it out with the sample app.

  • From a command line run the curl command you ran earlier to make a request to your Cloud Foundry app you pushed, such as:

    $ curl https://sample-api-apigee.cfapps.pivotal.io 
        {“hello”:“hello from cf app”}

    The console outputs the app’s response.

The new proxy is just a pass-through, but it is now ready for you or someone on your team to add policies to define security, traffic management, and more.

Help or comments?