adding Apigee Istio demo documentation and configs

README.md

@@ -174,6 +174,55 @@ Find **Protocol Buffers Descriptions** at the [`./pb` directory](./pb).
 
        curl -v "http://$INGRESS_HOST"
 
+
+### (Optional) Apigee Istio Demo
+
+> **Note:** Complete the [Optional Istio installation](#optional-deploying-on-a-istio-installed-cluster) above
+
+1. Create an Apigee Edge account [here](https://login.apigee.com/sign__up)
+
+2. Install Apigee Istio Mixer plugin [here](https://github.com/apigee/istio-mixer-adapter/releases)
+
+3. Configure the Apigee Istio Mixer plugin with your Apigee Edge *organization*, *environment*, *username*, and *password*:
+
+        apigee-istio provision -o [organization] -e [environment] -u [username] -p [password] > ./istio-manifests/apigee/handler.yaml
+
+4. Apply the Apigee manifests in [`./istio-manifests/apigee`](./istio-manifests/apigee) directory.
+
+       kubectl apply -f  -f ./istio-manifests/apigee
+
+    This is required only once.
+
+5.  Find the IP address of your application, then visit the application on your
+    browser to confirm installation.
+
+        kubectl get service frontend-external
+
+  _This will partially fail with HTTP 500 and HTTP 403 errors_
+
+![alt text](img/apigee/hipster-shop-landing-unauthorized.png)
+
+6. Create an Apigee Edge Developer and an API Product with the appropriate Hipster Shop service names [example](https://docs.apigee.com/api-platform/istio-adapter/installation#get_an_api_key). You will need to add at least the following to the API Product Istio Services:
+```
+productcatalogservice.default.svc.cluster.local
+recommendationservice.default.svc.cluster.local
+currencyservice.default.svc.cluster.local
+cartservice.default.svc.cluster.local
+shippingservice.default.svc.cluster.local
+```
+
+7. Create an Apigee Edge application with the above API Product either in the Management UI or an Apigee developer portal [example](https://docs.apigee.com/api-platform/istio-adapter/installation#4_create_a_developer_app)
+
+8. Copy the Apigee application Client ID above, add the Client ID to the Hipster Shop configuration, and click the **Save** button. `<Ingress URL>/config#apigee_client_id`
+
+![alt text](img/apigee/hipster-shop-configuration.png)
+
+9. Navigate around the Hipster Shop again in your browser!
+  * _This will succeed without any errors for the services you added to the API Product_
+
+10. Navigate around the Apigee Edge [Analytics](https://docs.apigee.com/api-platform/analytics/analytics-services-overview) to discover metrics about your application and Hipster Shop services!
+
+
 ---
 
 **Note to fellow Googlers:** Please fill out the form at

istio-manifests/apigee/definitions.yaml

@@ -0,0 +1,84 @@
+# Defines the base structures and data map for the Apigee mixer adapter.
+# In general, these are static and should not need to be modified.
+# However, certain specific behaviors such as where to retrieve an API Key
+# could be changed here.
+---
+# declares the Apigee adapter
+kind: CustomResourceDefinition
+apiVersion: apiextensions.k8s.io/v1beta1
+metadata:
+  name: apigees.config.istio.io
+  namespace: istio-system
+  labels:
+    package: apigee
+    istio: mixer-adapter
+spec:
+  group: config.istio.io
+  names:
+    kind: apigee
+    plural: apigees
+    singular: apigee
+  scope: Namespaced
+  version: v1alpha2
+---
+# define template 'analytics'
+kind: CustomResourceDefinition
+apiVersion: apiextensions.k8s.io/v1beta1
+metadata:
+  name: analytics.config.istio.io
+  namespace: istio-system
+  labels:
+    package: analytics
+    istio: mixer-instance
+spec:
+  group: config.istio.io
+  names:
+    kind: analytics
+    plural: analytics
+    singular: analytics
+  scope: Namespaced
+  version: v1alpha2
+---
+# instance configuration for template 'apigee.analytics'
+apiVersion: config.istio.io/v1alpha2
+kind: analytics
+metadata:
+  name: apigee
+  namespace: istio-system
+spec:
+  api_key: request.api_key | request.headers["x-api-key"] | ""
+  api_proxy: api.service | destination.service.host | ""
+  response_status_code: response.code | 0
+  client_ip: source.ip | ip("0.0.0.0")
+  request_verb: request.method | ""
+  request_uri: request.path | ""
+  useragent: request.useragent | ""
+  client_received_start_timestamp: request.time
+  client_received_end_timestamp: request.time
+  target_sent_start_timestamp: request.time
+  target_sent_end_timestamp: request.time
+  target_received_start_timestamp: response.time
+  target_received_end_timestamp: response.time
+  client_sent_start_timestamp: response.time
+  client_sent_end_timestamp: response.time
+  api_claims: # from jwt
+    json_claims: request.auth.raw_claims | ""
+---
+# instance configuration for template 'apigee.authorization'
+apiVersion: config.istio.io/v1alpha2
+kind: authorization
+metadata:
+  name: apigee
+  namespace: istio-system
+spec:
+  subject:
+    user: ""
+    groups: ""
+    properties:
+      api_key: request.api_key | request.headers["x-api-key"] | ""
+      json_claims: request.auth.raw_claims | ""
+  action:
+    namespace: destination.namespace | "default"
+    service: api.service | destination.service.host | ""
+    path: api.operation | request.path | ""
+    method: request.method | ""

istio-manifests/apigee/rule.yaml

@@ -0,0 +1,19 @@
+# Defines rules to apply the Apigee mixer adapter to requests.
+# In the rule below, we apply Apigee authorization and analytics
+# as defined in the apigee-handler (handler.yaml) to all intra-mesh
+# requests.
+---
+apiVersion: config.istio.io/v1alpha2
+kind: rule
+metadata:
+  name: hipster-rule
+  namespace: istio-system
+spec:
+  match: context.reporter.kind == "inbound" && destination.namespace == "default"
+    && destination.service.name != "frontend"
+    && destination.service.name != "frontend-external"
+  actions:
+  - handler: apigee-handler.apigee.istio-system
+    instances:
+    - apigee.analytics
+    - apigee.authorization