Deploying the Apigee Agent in Docker

Deploy the Apigee Agent as a stand-alone application in Docker by downloading the Apigee agent image.

Before you begin

Make sure that you have:
  • Started the Docker client.
  • Created service account for the Google Cloud project to which Apigee API management is associated.
  • Assigned the following roles for the service account,
    • Apigee API Admin
    • Apigee Environment Admin
    • Apigee Organization Admin
  • Downloaded the Service Account Key and have the private_key and client_email readily available for configuration. The agent uses the Service Account Key to generate OAuth 2.0 access tokens for secure communication.
  • Verified that both Apigee and federated API management are up and running before establishing connectivity through the agent.
  • Configured the Apigee environment type as Intermediate or Comprehensive to enable API analytics and metric synchronization. The Base environment type does not support API analytics.

Download and load the Apigee agent Docker image

  1. Click Download resources.
  2. Download docker image corresponding to the Apigee Runtime Connector standalone container (amd64) or Apigee Runtime Connector standalone container (arm64) component based on your system architecture.

    Apigee runtime connector docker image can be downloaded from Federated API Management version 12.1.1 and later. If you are using a version earlier than 12.1.1, contact the IBM Support team to obtain the docker image.

  3. Extract the tar file and open the Apigee-runtime-config.yaml file from api-control plane-runtime-connector/runtime-configurations directory.
  4. Configure the following properties
    • Runtime Configuration
    • Connection Configuration - Apigee OAuth2 JWT Bearer
    • Control Plane Configuration
    in the quick-start section.
    Important: Apigee SaaS can establish connectivity with federated API management by configuring only the properties listed in the quick -start section. The remaining properties in the YAML file have default values and do not need to be modified unless you have specific requirements. In addition to the properties described in the quick -start section, you can modify other configuration properties to customize the deployment. Before modifying any additional properties, ensure that you understand their purpose and impact.

    The following table lets you specify the configurations that are required to connect Apigee SaaS with federated API management,

    Properties Description
    runtime-id Mandatory. A unique runtime ID used to identify the runtime in federated API management.
    runtime-name Mandatory. The runtime name defines how you want to identify the runtime in federated API management. Name must not exceed 50 characters.
    runtime-deployment-type Optional. Defines the type of deployment. Possible values can be PRIVATE_CLOUD or PUBLIC_CLOUD.
    runtime-region Mandatory. The region name where the runtime is hosted. Example: EAST US. Region name must not exceed 50 characters.
    runtime-description Mandatory. The runtime description. The description must not exceed 300 characters.
    apigee-base-url Mandatory. The URL used to access the Apigee admin APIs to retrieve the assets and metrics. Sample URL:https://apigee.googleapis.com/v1/organizations/<Google _Cloud_project_ID> . Where <Google_Cloud_project_ID> refers to the Google Cloud Project ID associated with the Apigee organization. .
    apigee-issuer Mandatory. Specify the client_email value from the downloaded Service Account Key.
    apigee-private-key Mandatory. Specify the private_key value from the downloaded Service Account Key.
    control-plane-url Mandatory. The valid URL used to access federated API management.
    control-plane-username Mandatory. User name that is used to log in to federated API management.
    control-plane-password Mandatory. Password of the corresponding user name, which is used for logging in to the federated API management through basic authentication.
    control-plane-truststore-path Optional. Location of the truststore file. If control-plane-tls-enabled is set to true, you must specify a value for this property.
    control-plane-truststore-password Optional. Password to access the truststore file. If control-plane-tls-enabled is set to true, you must specify a value for this property.
    control-plane-truststore-type Optional. Type of the truststore. If control-plane-tls-enabled is set to true, you must specify a value for this property.
    control-plane-keystore-path Optional. Location of the keystore file. If control-plane-tls-enabled is set to true, you must specify a value for this property.
    control-plane-keystore-password Optional. Password to access the keystore file. If control-plane-tls-enabled is set to true, you must specify a value for this property.
    control-plane-keystore-type Optional. Type of the keystore. If control-plane-tls-enabled is set to true, you must specify a value for this property.
    control-plane-key-alias Optional. Alias of key in the keystore. If control-plane-tls-enabled is set to true, you must specify a value for this property.
    control-plane-key-password Optional. Password of key in the keystore. If control-plane-tls-enabled is set to true, you must specify a value for this property.
    Note: It is recommended to store the following properties as a secret,
    • apigee-private-key
    • control-plane-password
    • control-plane-truststore-password
    • control-plane-keystore-password
    • control-plane-key-password
    Before running the Apigee agent, create a secret file for the properties in the following directory: api-controlplane-runtime-connector/docker/secrets.

    Ensure that:

    • The file name exactly matches the secret property name, for example, apigee-private-key
    • The file does not include a file extension such as .txt
    • The file contains only the secret value without labels, quotes, or extra whitespace.
    For example, echo "your-actual-access-key-id" > apigee-private-key.

    If the secret is configured, you do not need to specify the key in the quick-start section leave it blank. The agent automatically retrieves the key from the secret file.

  5. Load the Docker image from a tar file using the following command:

    docker load -i <filename.tar>

Deploy the Apigee agent Docker image

  1. Run the following commands:.

    cd devops

    cd docker-compose

  2. Run the following command:
    docker-compose up -d

    The Apigee agent application starts.

  3. Verify if Apigee SaaS(runtime) is registered with the federated API management and if the APIs and metrics are published and synchronized with federated API management respectively.
    1. Open the federated API management application.
    2. On the Catalog page, click the Runtimes.
    3. Check if the runtime is registered with federated API management by verifying if the runtime-name (specified in the Apigee-runtime-config.yaml file) is listed. If the runtime is listed, it indicates that the runtime is successfully registered with the federated API management.
    4. Check if the runtime's health status is sent to federated API management by verifying the status of that corresponding runtime in the Status column. The status appears green only if the runtime is up and the heartbeats (status) are received successfully by federated API management.

    5. Check whether the APIs are published from the runtime to federated API management by selecting Details from Action menu of the corresponding runtime for which you want to verify whether its APIs are published to federated API management.
    6. Click Relations tab.

      A list of all the APIs associated with the runtime appears. You can also view the runtimes and its associated APIs in the APIs tab of the Catalog page.

    7. Check whether the API metrics are synchronized from the runtime to federated API management by clicking the monitor icon under the Action column corresponding to the runtime for which, you want to verify whether the metrics are published to federated API management.
    8. Click Insights tab.

      The Runtime-specific monitor page renders the metrics of that runtime pertaining to a specified time interval. It lists the metrics such as Transactions, Error rate, Availability, Response time. For details, see Monitoring performance of runtimes in federated API management.