-
Notifications
You must be signed in to change notification settings - Fork 11
Running Envoy Adapter in multi tenant mode (1 org, n envs)
In Envoy Adapter 1.5, we're adding the capability to use Envoy and Envoy Adapter for multiple Apigee environments - and it couldn't be much simpler. Here's a quick demo:
-
Provision Envoy Adapter as usual. (Be sure you use --force to upgrade any installed proxy.)
-
Generate your sample file(s).
-
Change your Envoy Adapter config file to set the
tenant.env_nameto"*"like so:
data:
config.yaml: |
tenant:
remote_service_api: https://...
org_name: my-org-name
env_name: "*"
...
This change requires Envoy to send a value called apigee_environment in the ext_authz metadata.
- Change your sample Envoy config to specify the environment in your
virtual_hostorroutesections (note that we specifiedtestfor ourapigee_environmentin both as an example):
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
route_config:
virtual_hosts:
- name: default
domains: "*"
typed_per_filter_config:
envoy.filters.http.ext_authz:
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
check_settings:
context_extensions:
apigee_environment: test
routes:
- match: { prefix: / }
route:
cluster: httpbin
typed_per_filter_config:
envoy.filters.http.ext_authz:
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
check_settings:
context_extensions:
apigee_environment: test
That's it. Give it try.
And see the Envoy docs for more information on per-route-configuration.
Note: Once you've changed your env_name to "*", you'll need to specify --environment if using your config for provisioning (eg. doing proxy upgrades) as the runtime api proxy must still be deployed to a specific Apigee environment.