Edge Microgateway for Pivotal Cloud Foundry: Technical Updates
We recently announced the general availability of Edge Microgateway on Pivotal Cloud Foundry. Here, we’ll offer some more details on the enhancements in the release, and we’ll cover some important updates to the Edge Service Broker for PCF.
New microgateway features
We added some significant Edge Microgateway enhancements, including auto reload and support for Cloud Foundry.
You can now integrate Edge Microgateway with Cloud Foundry, via an add-on. You can then push your Edge Microgateway instance to Cloud Foundry, which will then manage that instance.
As Edge Microgateway is dynamically scaled in Cloud Foundry, configuration for new instances is automatically refreshed. Additionally, Edge Microgateway reloads after there are new or changed proxies.
The Edge Microgateway integration with Cloud Foundry adds an important capability for developers that are building microservices APIs and need to securely manage those APIs. This capability provides end-to-end visibility into your API usage and important metrics, including total traffic, average response time, and average target response time.
Edge Service Broker for PCF
We released a new version (2.0) of the Service Broker, which standardizes the authentication mechanism and removes dependencies on other components.
The service broker now supports authentication with OAuth2 tokens (this is recommended) or basic authentication. As described in our documentation on creating an Edge API proxy, it’s simple to get an OAuth2 token from your Edge instance and pass it with requests to bind a route service to an Edge proxy.
So with this release’s support for OAuth2, you no longer need to submit your Edge user ID and password when creating an instance of the service broker. Instead, you can authenticate with OAuth tokens.
Previously, the Apigee Edge Service Broker used Redis, an in-memory data structure store, to store route and binding configurations. With this release, external storage for route and binding configuration is no longer required. The configuration information is passed with every bind call. We also simplified the unbind process.
“The Microgateway enables SAS to protect our internal APIs against unauthorized access and other types of malicious activity. By wrapping our internal Cloud Foundry-based APIs with the Microgateway, we can easily reuse Apigee-provided plugins, including key verification/generation and denial of service protection. Since the Microgateway works as a Cloud Foundry Route Service, a malicious user cannot bypass those configured security controls.
"We were able to quickly create custom Microgateway plugins to integrate with our identity management solution. Instead of developers implementing security controls within each internal API, we are reusing Microgateway plugins for multiple APIs regardless of the implementation language of the API itself.”
Its very easy to get up and running. These links might help:
- Edge integration with Pivotal Cloud Foundry (overview)
- Creating an Edge API proxy to manage client calls to your Cloud Foundry application (using the service broker with Pivotal Cloud Foundry)
- Apigee Edge Microgateway Add-ons for Cloud Foundry (running Edge Microgateway in Cloud Foundry)
- Cloud Foundry Service Broker for Apigee (installing the service broker from source)
We'd love to hear from you; please reach out to us at the Apigee Community.
-- Ken Chan, Martin Nally, Vinoth Kumar, and Steve Traut contributed to this post.