Message Processors

In Apigee hybrid, the Message Processor (MP) is the workhorse that processes incoming API requests, executes policies, and proxies API requests to target services. To do its work, the MP interacts with the local, runtime Cassandra database and it has read-only access to the host file system, where it loads proxies, resources, target servers, and other required Edge entities at startup.

This section describes common configuration processes for Message Processors.

Configure SSL and KMS encryption keys

By default, the MP endpoint uses port 443 with SSL pre-configured using a self-signed certificate. If you want to switch to your own properly CA-signed certificate, configure sslKeyPath and sslCertPath in your overrides.yaml as shown below.

You can also specify the location of encryption keys for the Apigee Edge key management system (KMS) and cache data.

To configure these certs and keys, copy the following path configuration properties into your overrides.yaml file and make the appropriate path substitutions for your MP pods. When you apply the config to your cluster, the certificate and key file contents are stored in a Kubernetes secret.

config:

  base64Credentials: dXNlckBleGFtcGxlLmNvbTphYmMxMjM=

  envs:
    - orgName: MyOrganization
      envName: MyEnvironment
      port: 443
      sslKeyPath: /path/to/example.com.key
      sslCertPath: /path/to/example.com.crt
      kmsEncryptionKeyPath: /path/to/enc_kms.txt
      cacheEncryptionKeyPath: /path/to/enc_cache.txt