top of page
Oct 27, 20233 min read

Create an Apigee Proxy using Cloud Run as the backend

Updated: Nov 2, 2023


While digging deeper with Apigee I decided to complete a lab to get a better understanding of how it works and how to integrate with other Google Cloud services.


Why would anyone want to use Apigee with Cloud Run. I mean a Cloud Run service already gives you an endpoint to consume your service right? Well an endpoint is not an API. An API describes how a backend service can be used and accessed. Like a contract.





APIs give developers controlled access to business logic. Apigee is an API management platform that allows you to take your serverless backend and add security (control access), analytics, compliance, monetization and documentation. It allows you to treat your APIs as products. Increased visibility, security/control, high availability and monitoring are just a few of the enterprise benefits that Apigee offers.


Let’s take a look at how to set up a simple APIGEE API proxy from source code using a Cloud Run service as our backend.



Setup


To get started we need an evaluation organization (eval org) that allows external traffic. An eval org is a temporary container that holds all your API proxies and related resources in Apigee similar to a project in Google Cloud. You can use the provisioning wizard to set up your org and load balancer to allow external traffic.


After the prerequisites are done, we can use cloudshell as our development environment. In Cloud Shell, all the tools needed should already be installed (you may have to install jq). Make sure you set your environment variables.


export APIGEE_X_ORG=<my-org>

export APIGEE_X_ENV=<my-env>

export APIGEE_X_HOSTNAME=<my-hostname>

export DELETE_AFTER_TEST=false



Download repo


Download the repo that holds all the code. In the repo you will find:


  1. A docker file - Builds our Docker image

  2. app.js - Reference app called in the Docker file

  3. pipeline.sh - Does “all the things”


Let’s take a closer look at the pipeline.sh. The demo uses the gcloud cli to package our Dockerfile (line 22), push it to the image repo and create a Cloud Run service (line 24) and API proxy (line 51).


It also creates a service account and gives it the Cloud Run invoker role which allows us to invoke the Cloud Run service (line 37).


Next you’ll see the sackmesser command being called. Apigee Sackmesser is a collection of tools that allows you to interact with the Apigee Management APIs (line 51). The sackmesser deploy -d deploys a proxy using local files.




Proxy details


The api proxy folder holds our proxy information. Proxies allow us to expose APIs and control messaging and connection behavior all while decoupling the backend. A proxy sits between a client and the backend service. In our case the back end service is a Cloud Run service.


Under the API proxy folder there are 2 additional folders, target and proxies. These 2 folders represent your proxy configuration. A proxy can have 2 endpoints:


  1. Proxy endpoint - Specifies how your client will consume your API. How will the customer access your API? This is where you can attach policies and also where the base path is defined. A base path identifies the URI path used by Apigee to route incoming messages to the proper API proxy. The base path would come after the domain in an API request. Example: https:example.com/cloud-run/v0 would be the URL to call our backend.



<ProxyEndpoint name="default">

<HTTPProxyConnection>

<BasePath>/cloud-run/v0</BasePath>

</HTTPProxyConnection>

<RouteRule name="default">

<TargetEndpoint>default</TargetEndpoint>

</RouteRule>

</ProxyEndpoint>




2. Target endpoint - Specifies how to reach your backend. This is where the backend is defined.



<TargetEndpoint name="default">

<HTTPTargetConnection>

<Authentication>

<GoogleIDToken>

<Audience>CLOUD_RUN_URL</Audience>

</GoogleIDToken>

</Authentication>

<URL>CLOUD_RUN_URL</URL>

</HTTPTargetConnection>

</TargetEndpoint>



Authentication


You’ll notice from the target endpoint that we are using the Authentication xml element. Because we are using a Google service as our target, this element allows Apigee to perform the token generation and make secure calls to our targeted Cloud Run service as the backend.





Deploy


Now in the cloud shell you set run the pipeline.sh script.



Conclusion


This lab showed us how to set up a basic proxy using Cloud Run as a backend target. You can use popular Google Cloud services to build modern apps with Apigee and deliver a better connected digital experience.







Recent Posts

See All

Making your APIs highly available

Making your APIs highly available Creating great APIs require planning and consideration with the customer in mind. When creating API...

APIs are products too

Often times when we think of software products we think of traditional software applications or digital platforms that a customer will...

Comentarios

bottom of page