Apigee APIM Operator for Kubernetes resource reference

This page applies to Apigee, but not to Apigee hybrid.

View Apigee Edge documentation.

This page is a reference for each Kubernetes resource that is supported by the Apigee APIM Operator for Kubernetes (Preview). Unless specifically noted as Optional, all fields are required.

APIProduct

Field Description
apiVersion

Type: string

apim.googleapis.com/v1alpha1
kind

Type: string

APIProduct
metadata

Type: Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields available in metadata.
spec

Type: APIProductSpec

spec defines the desired state of the APIProductSet.

APIProductSpec

Field Description
name

Type: string

The name of the API Product.
approvalType

Type: string

Flag that specifies how API keys are approved to access the APIs defined by the API product. If set to manual, the consumer key is generated and returned as pending. In this case, the API keys won't work until they are explicitly approved.

If set to auto, the consumer key is generated and returned as approved and can be used immediately.

description

Type: string

Description of the API product.
displayName

Type: string

Name displayed in the UI or developer portal to developers registering for API access.
analytics

Type: Analytics

Defines whether analytics should be collected for operations associated with this product.
enforcementRefs

Type: Array

Array of EnforcementRef resources to apply to the API product.
attributes

Type: Array

Array of attributes that may be used to extend the default API product profile with customer-specific metadata.

EnforcementRef

Field Description
name

Type: string

The name of the target resource.
kind

Type: string

APIMExtensionPolicy
group

Type: string

The APIGroup for Apigee APIM Operator, which is apim.googleapis.com.
namespace

Type: string

(Optional) The namespace of the referent. When unspecified, the local namespace is inferred.

Attribute

Field Description
name

Type: string

The key of the attribute.
value

Type: string

The value of the attribute.

APIOperationSet

Field Description
apiVersion

Type: string

apim.googleapis.com/v1alpha1
kind

Type: string

APIOperationSet
metadata

Type: Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields available in metadata.
spec

Type: APIOperationSetSpec

Defines the desired state of the APIOperationSet.

APIOperationSetSpec

Field Description
quota

Type: Quota

Quota definition.
restOperations

Type: Array

Array of RESTOperation definitions.
apiProductRefs

Type: Array

Array of APIProductRef resources, or references to API Products where the RESTOperations should apply.

Quota

Field Description
limit

Type: integer

Number of request messages permitted per app by the API product for the specified interval and timeUnit.
interval

Type: integer

Time interval over which the number of request messages is calculated.
timeUnit

Type: string

Time unit defined for the interval. Valid values include minute, hour, day, or month.

RESTOperation

Field Description
name

Type: string

The name of the of the REST operation.
path

Type: string

In combination with methods, path is the HTTP path to match for a quota and/or for an API product.
methods

Type: array

In combination with path, methods is the list (as strings) of applicable http methods to match for a quota and/or for an API product.

APIProductRef

Field Description
name

Type: string

The name of the target resource.
kind

Type: string

APIProduct
group

Type: string

The APIGroup for Apigee APIM Operator, which is apim.googleapis.com.
namespace

Type: string

(Optional) The namespace of the referent. When unspecified, the local namespace is inferred.

APIMExtensionPolicy

Field Description
apiVersion

Type: string

apim.googleapis.com/v1alpha1
kind

Type: string

APIMExtensionPolicy
metadata

Type: Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields available in metadata.
spec

Type: APIMExtensionPolicySpec

Defines the desired state of APIMExtensionPolicy.

APIMExtensionPolicySpec

Field Description
apigeeEnv (Optional) Apigee environment.

If not provided, a new environment is created and attached to all available instances.

If provided, this environment must be attached to all available instances while using an external global load balancer.

failOpen

Type: boolean

Specifies whether or not to fail open when the Apigee runtime is unreachable. If set to true, calls to the Apigee runtime will be treated as successful even if the runtime is unreachable.
timeout

Type: string

Specifies the timeout period before calls to the Apigee runtime fail, in seconds or milliseconds. For example, 10s.
targetRef

Type: ExtensionServerRef

Identifies the Google Kubernetes Engine Gateway where the extension should be installed.
location

Type: string

Identifies the Google Cloud location where APIMExtensionPolicy is enforced.

ExtensionServerRef

Field Description
name

Type: string

The name of the target resource.
kind

Type: string

Specifies the kind of the target resource, for example, Gateway or Service.
group

Type: string

The APIGroup for Apigee APIM Operator, which is apim.googleapis.com.
namespace

Type: string

(Optional) The namespace of the referent. When unspecified, the local namespace is inferred.

ApigeeGatewayPolicy

Field Description
apiVersion

Type: string

apim.googleapis.com/v1alpha1
kind

Type: string

ApigeeGatewayPolicy
metadata

Type: Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields available in metadata.
spec

Type: ApigeeGatewayPolicySpec

Defines the desired state of ApigeeGatewayPolicy.

ApigeeGatewayPolicySpec

Field Description
ref

Type: ExtensionServerRef

Refers to the APIM template created to govern the policies applied to the GKE Gateway.
targetRef

Type: ExtensionServerRef

Refers to the APIM extension policy that should apply this specific Gateway policy. Indirectly refers to the GKE Gateway.
serviceAccount (Optional) Specifies the service account used to generate Google auth tokens in an Apigee ProApigee proxy.

ApimTemplate

Field Description
apiVersion

Type: string

apim.googleapis.com/v1alpha1
kind

Type: string

ApimTemplate
metadata

Type: Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields available in metadata.
spec

Type: ApimTemplateSpec

Defines the desired state of ApimTemplate.

ApimTemplateSpec

Field Description
templates

Type: list

A list of ApimTemplateFlow resources that specify the policies that are to be executed in the request flow.
apimTemplateRule

Type: ExtensionServerRef

Specifies the APIM template rule that should be used to validate the applied policies.

ApimTemplateFlow

Field Description
policies

Type: list ConditionalParameterReference

A list of ConditionalParameterReference resources that specify the ordered list of policies to be executed as part of the request flow.
condition

Type: string

Specifies the conditions for executing this resource.

ConditionalParameterReference

Field Description
condition

Type: string

Specifies the conditions for executing this resource.

ApimTemplateRule

Field Description
apiVersion

Type: string

apim.googleapis.com/v1alpha1
kind

Type: string

ApimTemplateRule
metadata

Type: Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields available in metadata.
spec

Type: ApimTemplateRuleSpec

Defines the desired state of ApimTemplateRule.

ApimTemplateRuleSpec

Field Description
requiredList The list of policies (as strings) that must be present in the ApimTemplate.
denyList The list of policies (as strings) that should not be present in the ApimTemplate.
allowList The list of policies (as strings) that may be present in the ApimTemplate but are not required.
override

Type: boolean

Overrides updates to the APIM template rule in the event that APIM templates using the rule exist. Valid values are true or false.

Javascript

Field Description
apiVersion

Type: string

apim.googleapis.com/v1alpha1
kind

Type: string

JavaScript
metadata

Type: Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields available in metadata.
spec

Type: JavascriptBean

Defines the desired state of the JavaScript policy.

JavascriptBean

Field Description
mode

Type: array

Array of strings that specifies ProxyRequest or ProxyResponse. Determines whether the policy is attached to the request flow or response flow.
source

Type: string

Inline JavaScript code.
timeLimit

Type: integer

Specifies the timeout for JavaScript code execution.

SpikeArrest

Field Description
apiVersion

Type: string

apim.googleapis.com/v1alpha1
kind

Type: string

SpikeArrest
metadata

Type: Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields available in metadata.
spec

Type: SpikeArrestBean

Defines the desired state of the SpikeArrest policy.

SpikeArrestBean

Field Description
mode

Type: array

Array of strings that specifies ProxyRequest or ProxyResponse. Determines whether the policy is attached to the request flow or response flow.
peakMessageRate

Type: peakMessageRate

Specifies the message rate for SpikeArrest.
useEffectiveCount

Type: boolean

If set to truetrue, SpikeArrest is distributed in a region, with request counts synchronized across Apigee message processors (MPs) in a region.

If set to false, SpikeArrest uses a token bucket algorithm locally. For more information, see UseEffectiveCount.

peakMessageRate

Field Description
ref

Type: string

Variable referencing the rate value.
value

Type: string

Actual rate value if a reference is not available.

AssignMessage (Google token injection)

Field Description
apiVersion

Type: string

apim.googleapis.com/v1alpha1
kind

Type: string

AssignMessage
metadata

Type: Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields available in metadata.
spec

Type: AssignMessageBean

Defines the desired state of the AssignMessage policy.

AssignMessageBean

Field Description
setActions

Type: array

Array of SetActionsBean objects. Replaces values of existing properties on the request or response, as specified by the AssignTo element.

If the headers or parameters are already present in the original message, setActions overwrites the values. Otherwise, setActions adds new headers or parameters as specified.

AssignTo

Type: AssignToBean

Specifies which message the AssignMessage policy operates on. Options include the request, the response, or a new custom message.

SetActionsBean

Field Description
Authentication

Type: AuthenticationBean

Generates Google OAuth 2.0 or OpenID Connect tokens to make authenticated calls to Google services or custom services running on certain Google Cloud products, such as Cloud Run functions and Cloud Run.

AuthenticationBean

Field Description
GoogleAccessToken

Type: GoogleAccessTokenBean

Generates Google OAuth 2.0 tokens to make authenticated calls to Google services.
GoogleIDToken

Type: GoogleIDTokenBean

Configuration to generate an OpenID Connect Token to authenticate the target request.
headerName

Type: string

By default, when an Authentication configuration is present, Apigee generates a bearer token and injects it into the Authorization header of the message sent to the target system. The headerName element allows you to specify the name of a different header to hold the bearer token.

GoogleAccessTokenBean

Field Description
scopes

Type: array

Array of strings that specifies a valid Google API scope. For more information, see OAuth 2.0 Scopes for Google APIs.
LifetimeInSeconds

Type: integer

Specifies the lifetime duration of the access token in seconds.

GoogleIDTokenBean

Field Description
Audience

Type: AudienceBean

The audience for the generated authentication token, such as the API or service account granted access by the token.
IncludeEmail

Type: boolean

If set to true, the generated authentication token will contain the service account email and email_verified claims.

AudienceBean

Field Description
useTargetHost

Type: string

If the value of Audience is empty or the ref variable does not resolve to a valid value, and useTargetUrl is true, then the URL of the target (excluding any query parameters) is used as the audience.
useTargetUrl

Type: boolean

By default, useTargetUrl is false.

AssignToBean

Field Description
createNew

Type: boolean

Determines whether the policy creates a new message when assigning values. If set to true, the policy creates a new message.
type

Type: string

Specifies the type of the new message, when CreateNew is set to true true. Valid values are request or response.