As a first wave partner for both Google’s Anthos and Apigee hybrid, SoftServe had the unique opportunity to “connect the dots” and test integration between the two platforms. In this blog you will learn about Apigee Hybrid and Apigee + Anthos benefits, followed by four critical lessons learned from our testing.
Both, Apigee & Anthos, are generally deployed within hybrid environments by customers who depend on legacy platforms for mission-critical business applications. These customers understand the importance of modernizing and moving away from on-prem monoliths—but the journey is complex.
SoftServe was fortunate to collaborate with Xiaowen Xin, Product Manager at Google and Sudheer Gopalam, Head of Customer Success (AMER-West) and Global hybrid GTM lead at Apigee to identify these issues and the findings have been logged and validated by both Anthos and Apigee product teams. Our notes from the field are included below to give the readers a full view of the lessons learned.
APIGEE HYBRID BENEFITS
Apigee hybrid is an API management deployment option for Apigee. With Apigee hybrid, the control plane runs as a service on GCP, and customers have the flexibility to choose where to host the Apigee runtime—in their datacenter, or on any public cloud. Apigee hybrid brings the market-leading capabilities of Apigee to customers along with the flexibility of deploying and managing the runtime. This has several benefits:
ANTHOS + APIGEE BENEFITS
Overall the integration roadmap between Anthos and Apigee is already very solid. It is clear that Google has considered Apigee’s role as a critical component within a full Anthos deployment. Anthos + Apigee just might be the perfect toolset to accelerate application modernization while enabling a future, multi-cloud strategy based on Kubernetes containerization. Apigee hybrid is designed to work with Anthos and GKE / GKE On-prem. The use of Anthos allows for Apigee hybrid to have several benefits:
Having a fully supported stack from the OS up allows us to provide thorough and simple support regardless of where the issue lies. No pointing fingers or hours spent collecting logs. Logs from the system are sent to GCP (Cloud operations). If you need support, you can open a ticket and provide permission for the support team to look at your logs directly. This saves time and effort.
Having developed and released Kubernetes as open source, Google has ample expertise in running Kubernetes seamlessly. GKE is designed to reduce the overhead of managing a Kubernetes platform. But GKE is not the only component of Anthos that Apigee hybrid will use. Apigee hybrid will take advantage of Anthos Service Mesh (ASM) providing robust routing and security mechanisms. All of this happens under the covers of the platform with no need for you to understand ASM while still taking advantage of the features it provides.
A non-trivial part of operating software is the upgrade process. An overarching goal of Anthos and GKE On-prem is to make keeping the platform up-to-date as seamless as possible. Making use of the Anthos stack, Apigee hybrid is thoroughly tested to make upgrades as smooth as possible. We also believe that keeping things up-to-date is important in keeping them secure and running an Anthos helps further these goals.
The decision to support Anthos as the operating platform was not taken lightly. We understand that customers may have their own Kubernetes platform. While we certainly hope you find value in Anthos beyond Apigee, it can be thought of as part of the package that allows you to run Apigee hybrid. With that, let’s review the four critical lessons learned after the first round of testing between Apigee and Anthos:
FOUR CRITICAL APIGEE AND ANTHOS LESSONS LEARNED
There is currently a 63 character limit which causes naming restrictions. When designing your naming convention, you should take into account limitations imposed by Kubernetes & Apigee.
When a service of type NodePort is used for GKE on-prem (Anthos) — within a private network — an existing Istio issue breaks routing external traffic to internal services. To solve this private network issue use the domain name of the server (for virtual hosting) in addition to the IP address and port number to uniquely identify the web domain.
Apigee MART requires exposing a dedicated endpoint to the internet for requests coming from outside of the cluster. For security reasons, some organizations do not have the ability to expose additional endpoints to the internet. In this case, we recommend incorporating a new feature called "Apigee Connect" that replaces the MART integration. This will eliminate one of the ingresses required.
If an AWS ELB does not route traffic for the Apigee hybrid on AWS (Anthos), it's possible that you could work around this by directly configuring the AWS ELB. Try setting the externalTrafficPolicy field to cluster and perform the health check via the correct port.
As a first wave partner for both Google’s Anthos and Apigee hybrid, we hope our initial lessons learned were valuable to you. Stay tuned as we’ll continue to share our learnings as we progress. In the meantime, Let’s talk about your experiences or chat about where you are in your cloud, API, and containerization journey.