This page applies to Apigee, but not to Apigee hybrid.
View Apigee Edge documentation.
This page is a reference for each Kubernetes resource that is supported by the Apigee APIM Operator for Kubernetes (Preview). Unless specifically noted as Optional, all fields are required.
APIProduct
Field | Description |
---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1
|
kind
Type: |
APIProduct
|
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata .
|
spec
Type: APIProductSpec |
spec defines the desired state of the APIProductSet.
|
APIProductSpec
Field | Description |
---|---|
name
Type: |
The name of the API Product. |
approvalType
Type: |
Flag that specifies how API keys are approved to access the APIs defined by the API product.
If set to manual , the consumer key is generated and returned as pending .
In this case, the API keys won't work until they are explicitly approved.
If set to |
description
Type: |
Description of the API product. |
displayName
Type: |
Name displayed in the UI or developer portal to developers registering for API access. |
analytics
Type: Analytics |
Defines whether analytics should be collected for operations associated with this product. |
enforcementRefs
Type: |
Array of EnforcementRef resources to apply to the API product. |
attributes
Type: |
Array of attributes that may be used to extend the default API product profile with customer-specific metadata. |
EnforcementRef
Field | Description |
---|---|
name
Type: |
The name of the target resource. |
kind
Type: |
APIMExtensionPolicy
|
group
Type: |
The APIGroup for Apigee APIM Operator, which is apim.googleapis.com .
|
namespace
Type: |
(Optional) The namespace of the referent. When unspecified, the local namespace is inferred. |
Attribute
Field | Description |
---|---|
name
Type: |
The key of the attribute. |
value
Type: |
The value of the attribute. |
APIOperationSet
Field | Description |
---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1
|
kind
Type: |
APIOperationSet
|
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata .
|
spec
Type: APIOperationSetSpec |
Defines the desired state of the APIOperationSet. |
APIOperationSetSpec
Field | Description |
---|---|
quota
Type: Quota |
Quota definition. |
restOperations
Type: |
Array of RESTOperation definitions. |
apiProductRefs
Type: |
Array of APIProductRef resources, or references to API Products where the RESTOperations should apply. |
Quota
Field | Description |
---|---|
limit
Type: |
Number of request messages permitted per app by the API product for the specified interval
and timeUnit .
|
interval
Type: |
Time interval over which the number of request messages is calculated. |
timeUnit
Type: |
Time unit defined for the interval. Valid values include minute , hour ,
day , or month .
|
RESTOperation
Field | Description |
---|---|
name
Type: |
The name of the of the REST operation. |
path
Type: |
In combination with methods , path is the HTTP path to match for a quota
and/or for an API product.
|
methods
Type: |
In combination with path , methods is the list (as strings ) of
applicable http methods to match for a quota
and/or for an API product.
|
APIProductRef
Field | Description |
---|---|
name
Type: |
The name of the target resource. |
kind
Type: |
APIProduct
|
group
Type: |
The APIGroup for Apigee APIM Operator, which is apim.googleapis.com .
|
namespace
Type: |
(Optional) The namespace of the referent. When unspecified, the local namespace is inferred. |
APIMExtensionPolicy
Field | Description |
---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1
|
kind
Type: |
APIMExtensionPolicy |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata .
|
spec
Type: APIMExtensionPolicySpec |
Defines the desired state of APIMExtensionPolicy. |
APIMExtensionPolicySpec
Field | Description |
---|---|
apigeeEnv
|
(Optional) Apigee environment.
If not provided, a new environment is created and attached to all available instances. If provided, this environment must be attached to all available instances while using an external global load balancer. |
failOpen
Type: |
Specifies whether or not to fail open when the Apigee runtime is unreachable.
If set to true , calls to the Apigee runtime will be treated as successful even if the runtime is unreachable.
|
timeout
Type: |
Specifies the timeout period before calls to the Apigee runtime fail, in seconds or milliseconds.
For example, 10s .
|
targetRef
Type: ExtensionServerRef |
Identifies the Google Kubernetes Engine Gateway where the extension should be installed. |
location
Type: |
Identifies the Google Cloud location where APIMExtensionPolicy is enforced. |
ExtensionServerRef
Field | Description |
---|---|
name
Type: |
The name of the target resource. |
kind
Type: |
Specifies the kind of the target resource, for example, Gateway or Service .
|
group
Type: |
The APIGroup for Apigee APIM Operator, which is apim.googleapis.com .
|
namespace
Type: |
(Optional) The namespace of the referent. When unspecified, the local namespace is inferred. |
ApigeeGatewayPolicy
Field | Description |
---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1 |
kind
Type: |
ApigeeGatewayPolicy |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata .
|
spec
Type: ApigeeGatewayPolicySpec |
Defines the desired state of ApigeeGatewayPolicy. |
ApigeeGatewayPolicySpec
Field | Description |
---|---|
ref Type: ExtensionServerRef |
Refers to the APIM template created to govern the policies applied to the GKE Gateway. |
targetRef
Type: ExtensionServerRef |
Refers to the APIM extension policy that should apply this specific Gateway policy. Indirectly refers to the GKE Gateway. |
serviceAccount
|
(Optional) Specifies the service account used to generate Google auth tokens in an Apigee ProApigee proxy. |
ApimTemplate
Field | Description |
---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1 |
kind
Type: |
ApimTemplate |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata .
|
spec
Type: ApimTemplateSpec |
Defines the desired state of ApimTemplate. |
ApimTemplateSpec
Field | Description |
---|---|
templates
Type: |
A list of ApimTemplateFlow resources that specify the policies that are to be executed in the request flow. |
apimTemplateRule
Type: ExtensionServerRef |
Specifies the APIM template rule that should be used to validate the applied policies. |
ApimTemplateFlow
Field | Description |
---|---|
policies
Type: |
A list of ConditionalParameterReference resources that specify the ordered list of policies to be executed as part of the request flow. |
condition
Type: |
Specifies the conditions for executing this resource. |
ConditionalParameterReference
Field | Description |
---|---|
condition
|
Specifies the conditions for executing this resource. |
ApimTemplateRule
Field | Description |
---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1 |
kind
Type: |
ApimTemplateRule |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata .
|
spec
Type: ApimTemplateRuleSpec |
Defines the desired state of ApimTemplateRule. |
ApimTemplateRuleSpec
Field | Description |
---|---|
requiredList
|
The list of policies (as strings ) that must be present in the ApimTemplate.
|
denyList
|
The list of policies (as strings ) that should not be present in the ApimTemplate.
|
allowList
|
The list of policies (as strings ) that may be present in the ApimTemplate but are not required.
|
override
Type: |
Overrides updates to the APIM template rule in the event that APIM templates using the rule exist.
Valid values are true or false .
|
Javascript
Field | Description |
---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1 |
kind
Type: |
JavaScript |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata .
|
spec
Type: JavascriptBean |
Defines the desired state of the JavaScript policy. |
JavascriptBean
Field | Description |
---|---|
mode
Type: |
Array of strings that specifies ProxyRequest or ProxyResponse . Determines whether the policy is
attached to the request flow or response flow.
|
source
Type: |
Inline JavaScript code. |
timeLimit
Type: |
Specifies the timeout for JavaScript code execution. |
SpikeArrest
Field | Description |
---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1 |
kind
Type: |
SpikeArrest |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata .
|
spec
Type: SpikeArrestBean |
Defines the desired state of the SpikeArrest policy. |
SpikeArrestBean
Field | Description |
---|---|
mode
Type: |
Array of strings that specifies ProxyRequest or ProxyResponse . Determines whether the policy is
attached to the request flow or response flow.
|
peakMessageRate
Type: peakMessageRate |
Specifies the message rate for SpikeArrest. |
useEffectiveCount
Type: |
If set to true true, SpikeArrest is distributed in a region, with
request counts synchronized across Apigee message processors (MPs) in a region.
If set to |
peakMessageRate
Field | Description |
---|---|
ref
Type: |
Variable referencing the rate value.
|
value
Type: |
Actual rate value if a reference is not available.
|
AssignMessage (Google token injection)
Field | Description |
---|---|
apiVersion
Type: |
apim.googleapis.com/v1alpha1 |
kind
Type: |
AssignMessage |
metadata
|
Refer to the Kubernetes API documentation for the fields available in metadata .
|
spec
Type: AssignMessageBean |
Defines the desired state of the AssignMessage policy. |
AssignMessageBean
Field | Description |
---|---|
setActions
Type: |
Array of SetActionsBean objects. Replaces values of existing properties on the request or response,
as specified by the AssignTo element.
If the headers or parameters are already present in the original message, |
AssignTo
Type: AssignToBean |
Specifies which message the AssignMessage policy operates on. Options include the request, the response, or a new custom message. |
SetActionsBean
Field | Description |
---|---|
Authentication
Type: AuthenticationBean |
Generates Google OAuth 2.0 or OpenID Connect tokens to make authenticated calls to Google services or custom services running on certain Google Cloud products, such as Cloud Run functions and Cloud Run. |
AuthenticationBean
Field | Description |
---|---|
GoogleAccessToken
Type: GoogleAccessTokenBean |
Generates Google OAuth 2.0 tokens to make authenticated calls to Google services. |
GoogleIDToken
Type: GoogleIDTokenBean |
Configuration to generate an OpenID Connect Token to authenticate the target request. |
headerName
Type: |
By default, when an Authentication configuration is present, Apigee generates
a bearer token and injects it into the Authorization header of the message sent to the target system.
The headerName element allows you to specify the name of a different header
to hold the bearer token.
|
GoogleAccessTokenBean
Field | Description |
---|---|
scopes
Type: |
Array of strings that specifies a valid Google API scope. For more information, see OAuth 2.0 Scopes for Google APIs.
|
LifetimeInSeconds
Type: |
Specifies the lifetime duration of the access token in seconds. |
GoogleIDTokenBean
Field | Description |
---|---|
Audience
Type: AudienceBean |
The audience for the generated authentication token, such as the API or service account granted access by the token. |
IncludeEmail
Type: |
If set to true , the generated authentication token will contain the service account email and email_verified claims.
|
AudienceBean
Field | Description |
---|---|
useTargetHost
Type: |
If the value of Audience is empty or the ref variable does not resolve to a valid value, and useTargetUrl is true , then the URL of the target (excluding any query parameters) is used as the audience.
|
useTargetUrl
Type: |
By default, useTargetUrl is false .
|
AssignToBean
Field | Description |
---|---|
createNew
Type: |
Determines whether the policy creates a new message when assigning values. If set to true , the policy creates a new message.
|
type
Type: |
Specifies the type of the new message, when CreateNew is set to true true.
Valid values are request or response.
|