We’re excited to announce the General Availability (GA) of the Apigee Extension Processor (model 1.0)! This tough new capacity considerably expands the succeed in and versatility of Apigee, making it more uncomplicated than ever to control and protected a much wider vary of backend products and services and trendy software architectures.
For builders embracing trendy deployment fashions, the Extension Processor provides seamless integration with Cloud Run, permitting you to use Apigee insurance policies for your scalable containerized packages.
The Extension Processor additionally unlocks tough new communique patterns. Now you’ll simply set up complicated real-time interactions with gRPC bidirectional streaming, enabling extremely interactive and low-latency packages. Moreover, for event-driven architectures, the Extension Processor supplies a pathway to control and protected Server-Sent Events (SSE), facilitating environment friendly information streaming to purchasers.
However the advantages lengthen past software deployment and communique protocols. The Apigee Extension Processor, coupled with Google Token Injection insurance policies, dramatically simplifies protected get entry to for your Google Cloud infrastructure. You’ll be able to seamlessly attach and keep an eye on get entry to to tough information products and services like Bigtable, and leverage the intelligence of Vertex AI to your system studying workloads, all whilst keeping up Apigee’s constant safety framework.
In the end, through integrating with the clever site visitors control features of Google’s Cloud Load Balancing, the Extension Processor provides exceptional flexibility in routing and managing various site visitors flows. This tough mixture opens up numerous chances for managing even probably the most advanced API landscapes.
This weblog outlines a formidable approach to a key problem in as of late’s panorama of high-performance and real-time packages: managing gRPC streaming inside Apigee. Whilst gRPC is a cornerstone of environment friendly microservices, its streaming nature gifts a problem for organizations leveraging Google Cloud’s Apigee as an inline proxy (conventional mode). We’re going to discover how the Apigee Extension Processor allows Apigee’s information airplane to put into effect insurance policies on gRPC streaming site visitors because it passes in the course of the Application Load Balancer (ALB). That is accomplished by the use of a Service Extension (traffic extension), bearing in mind efficient control and routing with out the gRPC circulation at once traversing the Apigee gateway.
Learn alongside as we delve into the core parts of this answer, highlighting its advantages and offering a high-level evaluate of a real-world use case involving a Cloud Run backend.
Figuring out the Apigee Extension Processor
The Apigee Extension Processor is a formidable traffic extension (one of those carrier extension) that lets you leverage Cloud Load Balancing to ship callouts to Apigee as a part of its API control. This allows Apigee to use API control insurance policies to requests sooner than the ALB forwards them to user-managed backend products and services, successfully extending Apigee’s tough API control features to workloads fronted through Cloud Load Balancing.
Infrastructure and Information Go with the flow
The diagram outlines the desired parts of the Apigee Extension Processor configuration:
The Apigee Extension Processor configuration comes to a number of key parts. Those come with an ALB, an Apigee example with the Extension Processor enabled, a Provider Extension. For an in depth description of those parts, please seek advice from the Apigee Extension Processor overview.
The next numbered steps correspond to the numbered arrows within the glide diagram, illustrating the collection of occasions:
1: The customer sends a request to the ALB
2: The ALB appearing because the Coverage Enforcement Level (PEP), processes the site visitors . As a part of this processing, it calls out to Apigee by the use of the configured Provider Extension (site visitors extension).
3: The Apigee Extension Processor, appearing because the Coverage Determination Level (PDP), receives the callout, applies the related API control insurance policies to the request, and returns the processed request to the ALB (PEP).
4: The ALB completes processing and forwards the request to the backend carrier.
The backend carrier initiates the reaction, which is gained through the ALB. The ALB would possibly name out to Apigee once more by the use of the Provider Extension to put into effect insurance policies at the reaction sooner than forwarding it to the buyer.
Bridging the distance: Enabling gRPC streaming pass-through
Many trendy packages require and use the facility of streaming gRPC, however Apigee – used as an inline proxy – does now not these days strengthen streaming. That is the place the Apigee Extension Processor turns into precious – through permitting the ALB to procedure the streaming gRPC site visitors and act because the PEP (coverage enforcement level) whilst the Apigee runtime acts because the PDP (coverage determination level).
Primary parts had to allow gRPC streaming pass-through with Apigee
To allow gRPC streaming pass-through the usage of the Apigee Extension Processor, the next key parts are required. For detailed configuration directions, please seek advice from Get started with the Apigee Extension Processor.
- gRPC streaming backend carrier: A gRPC carrier imposing the essential streaming features (server, shopper, or bidirectional).
- Application Load Balancer (ALB): The access level for shopper requests, configured to course site visitors and speak to the Apigee Provider Extension.
- Apigee Example with Extension Processor enabled:An Apigee example and atmosphere configured with the Extension Processor function makes use of a targetless API proxy for ext-proc processing of site visitors from the Provider Extension.
- Provider Extension configuration: A site visitors extension (one of those Provider Extension) appearing because the bridge between the ALB and Apigee runtime (preferably the usage of Non-public Provider Attach (PSC)).
- Community connectivity: Right kind community setup permitting communique between all parts (shopper to ALB, ALB to Apigee, ALB to backend).
Use Case: Securing and managing gRPC streaming products and services on Cloud Run with Apigee
Believe a state of affairs the place a buyer develops a high-performance backend carrier with gRPC streaming features, similar to offering real-time software logs. For scalability and simplicity of control, this backend software is deployed on Google Cloud Run inside their number one Google Cloud challenge. Now, the buyer desires to reveal this gRPC streaming carrier to their purchasers via a well-managed and protected API gateway. They make a choice Apigee for this goal, leveraging its tough API control options like authentication, authorization, price restricting and different policies.
The Problem
As discussed previous, Apigee does not natively strengthen gRPC streaming when used within the inline proxy mode. Direct publicity of the Cloud Run gRPC carrier via same old Apigee configurations would now not strengthen any of the streaming use-cases: shopper, server or bi-di streaming.
Resolution
The Apigee Extension Processor supplies the essential bridge to control gRPC streaming site visitors destined for a backend software deployed on Cloud Run inside the similar Google Cloud challenge.
Here is a simplified glide:
1: Consumer initiation
- The customer software initiates a gRPC streaming request.
- This request is directed in opposition to the general public IP cope with or DNS title of the ALB that serves because the access level.
2: Application Load Balancer processing and Provider Extension callout
- The ALB receives the incoming gRPC streaming request.
- The ALB is configured with a backend carrier that makes use of a serverless Community Endpoint Staff (NEG) pointing to the backend on Cloud Run.
- The ALB may be configured with a Provider Extension (Site visitors extension) that has a selected Apigee runtime backend configured.
- The ALB first calls out to this Provider Extension for related site visitors.
3: Apigee proxy processing
- The gRPC request is forwarded to the designated Apigee API proxy by the use of the Provider Extension.
- Inside of this Apigee X proxy, quite a lot of API control insurance policies are finished. This may come with authentication, authorization, and price restricting.
Be aware: The Apigee proxy on this state of affairs is a no-target proxy, this is, it doesn’t have a Goal Endpoint configured.It depends on the ALB for ultimate routing.
4: Go back to ALB
- Because the Apigee proxy has no goal, after coverage processing, keep an eye on returns to the ALB by the use of the Provider Extension reaction.
5: Routing to Backend in Cloud Run through Load Balancer
- The ALB, in line with its backend carrier configuration, forwards the gRPC streaming request to the proper backend carrier which is mapped to the serverless NEG the place Cloud Run carrier is living.
- The ALB handles the underlying routing to the Cloud Run example.
6: Reaction dealing with
Reaction dealing with follows a an identical development to the request glide. The backend initiates the reaction, which is then treated through the ALB. The ALB would possibly name out to Apigee by the use of the Provider Extension (site visitors extension) for coverage enforcement sooner than forwarding the reaction to the buyer.
This simplified use case demonstrates how the Apigee Extension Processor can be utilized to use API control insurance policies to gRPC streaming site visitors destined for an software deployed on Cloud Run inside the similar Google Cloud challenge. The ALB basically handles the routing to the Cloud Run carrier in line with its NEG configuration.
Advantages of Leveraging the Apigee Extension Processor for gRPC Streaming
Using the Apigee Extension Processor to control gRPC streaming products and services on backend provides a number of key benefits, extending Apigee’s core strengths to this new software of the platform:
This way effectively extends Apigee’s tough API control features to gRPC streaming, a streaming communique development now not natively supported through the Apigee platform’s core proxy.
- Leveraging present investments
For organizations already the usage of Apigee for his or her RESTful APIs, this answer allows them to control their gRPC streaming products and services inside Apigee. Whilst requiring the usage of the Extension Processor, it leverages acquainted API control ideas and decreases the desire for separate equipment.
- Centralized coverage control
Apigee supplies a centralized platform for outlining and imposing API control insurance policies. By way of integrating gRPC streaming in the course of the Extension Processor, you’ll care for constant governance and safety throughout your entire API endpoints.
In case you are exposing gRPC streaming products and services as a product, Apigee’s Monetization options will also be leveraged. You’ll be able to generate income each time your gRPC streaming APIs are utilized by including price plans to personalized API merchandise you create inside Apigee.
- Stepped forward observability and traceability
Whilst detailed gRPC protocol-level analytics may well be restricted in a pass-through state of affairs, Apigee nonetheless supplies treasured insights into the site visitors flowing for your streaming products and services, together with connection makes an attempt, error charges, and total utilization patterns. This observability is a very powerful for tracking and troubleshooting.
Apigee’s allotted tracing programs allow you to observe requests in allotted programs that contain your gRPC streaming products and services, offering end-to-end visibility throughout more than one packages, products and services, and databases.
Apigee API Analytics collects the wealth of knowledge flowing via your load balancer, offering information visualization within the UI or the facility to obtain information for offline research. This information will also be precious for working out utilization patterns, figuring out functionality bottlenecks, and making knowledgeable trade selections.
By way of taking into consideration those advantages, it turns into transparent that the Apigee Extension Processor provides a treasured and sensible strategy to carry crucial API control features to gRPC streaming products and services on Google Cloud.
Having a look Forward
The Apigee Extension Processor represents a vital step ahead in extending Apigee’s features. We envision a long run the place any gateway, anyplace can leverage the facility of Apigee’s coverage enforcement capacity. This may occasionally contain harnessing the ext-proc protocol and integrating with quite a lot of Envoy-based load balancers and gateways, enabling them to behave as Coverage Enforcement Issues (PEPs) with the Apigee runtime serving because the Coverage Determination Level (PDP). This evolution will additional empower organizations to constantly set up and protected their virtual property in an increasing number of allotted and heterogeneous environments.
Source link