This page applies to Apigee, but not to Apigee hybrid.
View
Apigee Edge documentation.
This page is a reference for each Kubernetes resource that is supported by the Apigee APIM Operator for Kubernetes (Preview). Unless specifically noted as Optional, all fields are required.
APIProduct
| Field | Description |
|---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1
|
kind
Type: |
APIProduct
|
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata.
|
spec
Type: APIProductSpec |
spec defines the desired state of the APIProductSet.
|
APIProductSpec
| Field | Description |
|---|---|
name
Type: |
The name of the API Product. |
approvalType
Type: |
Flag that specifies how API keys are approved to access the APIs defined by the API product.
If set to manual, the consumer key is generated and returned as pending.
In this case, the API keys won't work until they are explicitly approved.
If set to |
description
Type: |
Description of the API product. |
displayName
Type: |
Name displayed in the UI or developer portal to developers registering for API access. |
analytics
Type: Analytics |
Defines whether analytics should be collected for operations associated with this product. |
enforcementRefs
Type: |
Array of EnforcementRef resources to apply to the API product. |
attributes
Type: |
Array of attributes that may be used to extend the default API product profile with customer-specific metadata. |
EnforcementRef
| Field | Description |
|---|---|
name
Type: |
The name of the target resource. |
kind
Type: |
APIMExtensionPolicy
|
group
Type: |
The APIGroup for Apigee APIM Operator, which is apim.googleapis.com.
|
namespace
Type: |
(Optional) The namespace of the referent. When unspecified, the local namespace is inferred. |
Attribute
| Field | Description |
|---|---|
name
Type: |
The key of the attribute. |
value
Type: |
The value of the attribute. |
APIOperationSet
| Field | Description |
|---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1
|
kind
Type: |
APIOperationSet
|
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata.
|
spec
Type: APIOperationSetSpec |
Defines the desired state of the APIOperationSet. |
APIOperationSetSpec
| Field | Description |
|---|---|
quota
Type: Quota |
Quota definition. |
restOperations
Type: |
Array of RESTOperation definitions. |
apiProductRefs
Type: |
Array of APIProductRef resources, or references to API Products where the RESTOperations should apply. |
Quota
| Field | Description |
|---|---|
limit
Type: |
Number of request messages permitted per app by the API product for the specified interval
and timeUnit.
|
interval
Type: |
Time interval over which the number of request messages is calculated. |
timeUnit
Type: |
Time unit defined for the interval. Valid values include minute, hour,
day, or month.
|
RESTOperation
| Field | Description |
|---|---|
name
Type: |
The name of the of the REST operation. |
path
Type: |
In combination with methods, path is the HTTP path to match for a quota
and/or for an API product.
|
methods
Type: |
In combination with path, methods is the list (as strings) of
applicable http methods to match for a quota
and/or for an API product.
|
APIProductRef
| Field | Description |
|---|---|
name
Type: |
The name of the target resource. |
kind
Type: |
APIProduct
|
group
Type: |
The APIGroup for Apigee APIM Operator, which is apim.googleapis.com.
|
namespace
Type: |
(Optional) The namespace of the referent. When unspecified, the local namespace is inferred. |
APIMExtensionPolicy
| Field | Description |
|---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1
|
kind
Type: |
APIMExtensionPolicy |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata.
|
spec
Type: APIMExtensionPolicySpec |
Defines the desired state of APIMExtensionPolicy. |
APIMExtensionPolicySpec
| Field | Description |
|---|---|
apigeeEnv
|
(Optional) Apigee environment.
If not provided, a new environment is created and attached to all available instances. If provided, this environment must be attached to all available instances while using an external global load balancer. |
failOpen
Type: |
Specifies whether or not to fail open when the Apigee runtime is unreachable.
If set to true, calls to the Apigee runtime will be treated as successful even if the runtime is unreachable.
|
timeout
Type: |
Specifies the timeout period before calls to the Apigee runtime fail, in seconds or milliseconds.
For example, 10s.
|
targetRef
Type: ExtensionServerRef |
Identifies the Google Kubernetes Engine Gateway where the extension should be installed. |
location
Type: |
Identifies the Google Cloud location where APIMExtensionPolicy is enforced. |
ExtensionServerRef
| Field | Description |
|---|---|
name
Type: |
The name of the target resource. |
kind
Type: |
Specifies the kind of the target resource, for example, Gateway or Service.
|
group
Type: |
The APIGroup for Apigee APIM Operator, which is apim.googleapis.com.
|
namespace
Type: |
(Optional) The namespace of the referent. When unspecified, the local namespace is inferred. |
ApigeeGatewayPolicy
| Field | Description |
|---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1 |
kind
Type: |
ApigeeGatewayPolicy |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata.
|
spec
Type: ApigeeGatewayPolicySpec |
Defines the desired state of ApigeeGatewayPolicy. |
ApigeeGatewayPolicySpec
| Field | Description |
|---|---|
refType: ExtensionServerRef |
Refers to the APIM template created to govern the policies applied to the GKE Gateway. |
targetRef
Type: ExtensionServerRef |
Refers to the APIM extension policy that should apply this specific Gateway policy. Indirectly refers to the GKE Gateway. |
serviceAccount
|
(Optional) Specifies the service account used to generate Google auth tokens in an Apigee ProApigee proxy. |
ApimTemplate
| Field | Description |
|---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1 |
kind
Type: |
ApimTemplate |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata.
|
spec
Type: ApimTemplateSpec |
Defines the desired state of ApimTemplate. |
ApimTemplateSpec
| Field | Description |
|---|---|
templates
Type: |
A list of ApimTemplateFlow resources that specify the policies that are to be executed in the request flow. |
apimTemplateRule
Type: ExtensionServerRef |
Specifies the APIM template rule that should be used to validate the applied policies. |
ApimTemplateFlow
| Field | Description |
|---|---|
policies
Type: |
A list of ConditionalParameterReference resources that specify the ordered list of policies to be executed as part of the request flow. |
condition
Type: |
Specifies the conditions for executing this resource. |
ConditionalParameterReference
| Field | Description |
|---|---|
condition
|
Specifies the conditions for executing this resource. |
ApimTemplateRule
| Field | Description |
|---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1 |
kind
Type: |
ApimTemplateRule |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata.
|
spec
Type: ApimTemplateRuleSpec |
Defines the desired state of ApimTemplateRule. |
ApimTemplateRuleSpec
| Field | Description |
|---|---|
requiredList
|
The list of policies (as strings) that must be present in the ApimTemplate.
|
denyList
|
The list of policies (as strings) that should not be present in the ApimTemplate.
|
allowList
|
The list of policies (as strings) that may be present in the ApimTemplate but are not required.
|
override
Type: |
Overrides updates to the APIM template rule in the event that APIM templates using the rule exist.
Valid values are true or false.
|
Javascript
| Field | Description |
|---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1 |
kind
Type: |
JavaScript |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata.
|
spec
Type: JavascriptBean |
Defines the desired state of the JavaScript policy. |
JavascriptBean
| Field | Description |
|---|---|
mode
Type: |
Array of strings that specifies ProxyRequest or ProxyResponse. Determines whether the policy is
attached to the request flow or response flow.
|
source
Type: |
Inline JavaScript code. |
timeLimit
Type: |
Specifies the timeout for JavaScript code execution. |
SpikeArrest
| Field | Description |
|---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1 |
kind
Type: |
SpikeArrest |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata.
|
spec
Type: SpikeArrestBean |
Defines the desired state of the SpikeArrest policy. |
SpikeArrestBean
| Field | Description |
|---|---|
mode
Type: |
Array of strings that specifies ProxyRequest or ProxyResponse. Determines whether the policy is
attached to the request flow or response flow.
|
peakMessageRate
Type: peakMessageRate |
Specifies the message rate for SpikeArrest. |
useEffectiveCount
Type: |
If set to truetrue, SpikeArrest is distributed in a region, with
request counts synchronized across Apigee message processors (MPs) in a region.
If set to |
peakMessageRate
| Field | Description |
|---|---|
ref
Type: |
Variable referencing the rate value.
|
value
Type: |
Actual rate value if a reference is not available.
|
AssignMessage (Google token injection)
| Field | Description |
|---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1 |
kind
Type: |
AssignMessage |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata.
|
spec
Type: AssignMessageBean |
Defines the desired state of the AssignMessage policy. |
AssignMessageBean
| Field | Description |
|---|---|
setActions
Type: |
Array of SetActionsBean objects. Replaces values of existing properties on the request or response,
as specified by the AssignTo element.
If the headers or parameters are already present in the original message, |
AssignTo
Type: AssignToBean |
Specifies which message the AssignMessage policy operates on. Options include the request, the response, or a new custom message. |
SetActionsBean
| Field | Description |
|---|---|
Authentication
Type: AuthenticationBean |
Generates Google OAuth 2.0 or OpenID Connect tokens to make authenticated calls to Google services or custom services running on certain Google Cloud products, such as Cloud Run functions and Cloud Run. |
AuthenticationBean
| Field | Description |
|---|---|
GoogleAccessToken
Type: GoogleAccessTokenBean |
Generates Google OAuth 2.0 tokens to make authenticated calls to Google services. |
GoogleIDToken
Type: GoogleIDTokenBean |
Configuration to generate an OpenID Connect Token to authenticate the target request. |
headerName
Type: |
By default, when an Authentication configuration is present, Apigee generates
a bearer token and injects it into the Authorization header of the message sent to the target system.
The headerName element allows you to specify the name of a different header
to hold the bearer token.
|
GoogleAccessTokenBean
| Field | Description |
|---|---|
scopes
Type: |
Array of strings that specifies a valid Google API scope. For more information, see OAuth 2.0 Scopes for Google APIs.
|
LifetimeInSeconds
Type: |
Specifies the lifetime duration of the access token in seconds. |
GoogleIDTokenBean
| Field | Description |
|---|---|
Audience
Type: AudienceBean |
The audience for the generated authentication token, such as the API or service account granted access by the token. |
IncludeEmail
Type: |
If set to true, the generated authentication token will contain the service account email and email_verified claims.
|
AudienceBean
| Field | Description |
|---|---|
useTargetHost
Type: |
If the value of Audience is empty or the ref variable does not resolve to a valid value, and useTargetUrl is true, then the URL of the target (excluding any query parameters) is used as the audience.
|
useTargetUrl
Type: |
By default, useTargetUrl is false.
|
AssignToBean
| Field | Description |
|---|---|
createNew
Type: |
Determines whether the policy creates a new message when assigning values. If set to true, the policy creates a new message.
|
type
Type: |
Specifies the type of the new message, when CreateNew is set to true true.
Valid values are request or response.
|