This demo demostrate how Apigee works with Istio, how services deployed in Istio framework can make use of Apigee features like API key verification and Analytics.
This is an unsupported project of Google. Feel free to submit issues and pull requests, but do not expect formal support.
You can use Google Container Engine to launch the Kubenertees Cluster - https://cloud.google.com/container-engine/
Find Instructions here - https://kubernetes.io/docs/tasks/tools/install-kubectl/
bin/istioctl to /usr/local/binistioctl --helpContact Apigee Support
Find instructions here - https://istio.io/docs/tasks/installing-istio.html#prerequisites
You you need to provide parameters like like - org_name, env, microgateway_key, microgateway_secret for the mixer adapter to work with your org.
Go ahead and replace the respective values in the following file
config/testdata/configroot/scopes/global/adapters.yml
Create kube secret for this file, which later get mount to istio mixer
kubectl create secret generic apigee-mixer-adapter --from-file=./config/testdata/configroot/scopes/global/adapters.yml
kubectl api-versions | grep rbac
If the command displays an error, or does not display anything, it means the cluster does not support RBAC, and you can skip the next 2 steps
If the command displays ‘beta’ version, or both ‘alpha’ and ‘beta’, please apply istio-rbac-beta.yaml configuration:
kubectl apply -f install/kubernetes/istio-rbac-beta.yaml
kubectl apply -f install/kubernetes/istio-rbac-alpha.yaml
kubectl apply -f setup/istio.yaml
NOTE : In the mixer section of istio.yaml file use can see that we are using custom docker image(mixer:apigeev1) which contains apigee adapter
This command will install Istio-Manager, Mixer with Apigee adapter, Ingress-Controller, Egress-Controller core components.
For this demo we will use the simple httpbin application
Deploy App
Run the following commands to deploy httpbin application
source istio.VERSION kubectl apply -f <(istioctl kube-inject -f demo/apps/httpbin/httpbin.yml)
Get IP of Ingress
kubectl get ingress -o wide
kubectl get svc istio-ingress
export GATEWAY=<IP_of_Ingress>
Make calls before creating mixer rules
curl $GATEWAY/get
you will see response code 200
200
Creating mixer rules
Let's create mixer rules so that apigee adapter is triggerd on your API calls Currently apigee adapter provides APIkey verfification and Analytics features.
Run the following command to enable apigee for httpbin application.
istioctl mixer rule create global httpbin.default.svc.cluster.local -f config/rules.yml
Make calls after creating mixer rules
curl -o /dev/null -s -w "%{http_code}\n" $GATEWAY/get
Now since APIkey verfication fails, you will see reponse code either 403 or 500
403
Try with a wrong API key
curl -o /dev/null -s -w "%{http_code}\n" -H 'apikey: dsjcajcasbch' $GATEWAY/get
403
BTW Analytics is already being recorded for your httpbin service, you should be able to see failure API calls in the Apigee UI(might take 10 minutes to showup).
You need to get the right API key from Apigee UI to be able to make successful calls.
If you are familiar with Apigee following steps will make more sense to you
https://enterprise.apigee.com/platform/{org-name}/products). This is how company expose their API to outside worldhttps://enterprise.apigee.com/platform/{org-name}/developers). Developers can use the exposed APIs by creating Apigee App.https://enterprise.apigee.com/platform/{org-name}/app). This will provission credentials to access the APIs. While creating the make sure you select the above created product and each developer.NOTE : Create 2 developers and 2 apps respectively so that we can see more intresting stuff in analytics.
Now that you have credentails to make API calls, let's make some more calls. This time pass the Consumer Key of the App that yo just created as header parameter.
curl -o /dev/null -s -w "%{http_code}\n" -H 'apikey: <ConsumerKey>' $GATEWAY/get
You should see response code 200
200
Let's dig more on Analytics, for the demo purpose make few more calls with API keys of both apps.
Let's check the API performance of your httpbin API (data might data 10 minutues to show up in UI)
Goto https://enterprise.apigee.com/platform/<org_name>/proxy-performance
You should be able to something like below
The Proxy Performance dashboard helps you see API traffic patterns and processing times. You can easily visualize how much traffic your APIs generate and how long it takes for API calls to be processed, from the time they are received by Apigee Edge until they are returned to the client app.
Let's check developer engagement of your httpbin API (data might data 10 minutues to show up in UI)
Goto https://enterprise.apigee.com/platform/<org_name>/developer-engagement
You should be able to something like below 
The Developer Engagement dashboard tells you which of your registered app developers are generating the most API traffic. For each of your developers, you can find out who is generating the most API traffic and the most errors. For example, if a particular developer's app is generating a lot of errors relative to other developers, you can pro-actively address the problem with that developer.
Read more about developer engagement here -
http://docs.apigee.com/analytics-services/content/partner-engagement-dashboard
Read more about Apigee analytics here -
https://apigee.com/about/products/apigee-edge-and-apis/edge-analytics-services