Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support creation of APIM and also configuration of APIM #2747

Closed
clarenceb opened this issue Feb 23, 2023 · 16 comments
Closed

Support creation of APIM and also configuration of APIM #2747

clarenceb opened this issue Feb 23, 2023 · 16 comments
Labels
microsoft.apimanagement Issues related to APIManagement resources new-feature new-resource Requests for new supported resources

Comments

@clarenceb
Copy link

clarenceb commented Feb 23, 2023
edited

Support creating a new APIM instance and configuring high level aspects like products, subscriptions, workspaces, etc.
Also, support configuring APIs along with their associated policies. Ideally, allow scoping to a workspace so different teams can configure their own APIs. This would be a simpler alternative to the API Management DevOps Toolkit.

New CRDs would be needed to capture things like APIM Policies associated with an API.

I have a customer using Backstage.io to onboard and configure APIs into APIM. They built their own REST API to manage APIM and their own YAML spec for the API definition and linked policies. Having ASOv2 support this would mean they can decommission their own bespoke solution.

Also, with API Management Self-Hosted Gateways in Kubernetes, ASOv2 can simplify the configuration of these gateways and support the "microgateway" pattern. Another benefit would be that GitOps can be used to manage API backend deployments to Kubernetes and also configure the associated APIM gateways for the exposed API - rather than using two separate CI/CD pipelines that are disconnected from each other.

Overall, this allows teams to own their API gateway configuration and Kube deployments - as well as any other Azure PaaS resources needed for the app (databases, storage, monitoring, app insights, etc.) This would simplify their devops processes, give them more ownership with some guardrails - APIM workspace, Kube namespace, Workload Identities, etc.
@matthchr matthchr added this to the v2.1.0 milestone Feb 28, 2023
@matthchr matthchr added the new-resource Requests for new supported resources label Feb 28, 2023
@tomkerkhove
Copy link
Member

Feel free to ping me if you need help from the APIM side @matthchr

@clarenceb
Copy link
Author

I was looking at crossplane and it appears to support APIM instance creation and API configuration: https://marketplace.upbound.io/providers/upbound/provider-azure/v0.30.0/crds?query=api

I'm looking for something similar in ASO.

@theunrepentantgeek theunrepentantgeek modified the milestones: v2.3.0, v2.2.0 May 31, 2023
@matthchr matthchr modified the milestones: v2.2.0, v2.3.0 Jul 6, 2023
@matthchr matthchr modified the milestones: v2.4.0, v2.3.0 Jul 24, 2023
@matthchr matthchr modified the milestones: v2.3.0, v2.4.0 Aug 28, 2023
@matthchr
Copy link
Member

https://github.com/Azure/azure-rest-api-specs/tree/main/specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01

Seems to contain the REST API spec for this RP. There are quite a few resources in there but there may be a subset we could focus on for a v1 release.

@ross-p-smith
Copy link
Contributor

ross-p-smith commented Sep 28, 2023
edited by matthchr

We have a requirement to support the following.

Our intention is to deploy microservice(s) to K8s and as part of the deployment, configure the Api, VersionSet and add a PolicyFragment into a ProductPolicy so that we can route traffic to a Backend. A product will be the same as a k8s namespace until workspaces are released. Some of these backends will also use authorisations. NamedValues will be used for any KeyVault Secrets we may need.

This was referenced Sep 28, 2023
Closed
Merged
Closed
Merged
@ross-p-smith ross-p-smith mentioned this issue Oct 9, 2023
Merged
2 tasks
@tomkerkhove
Copy link
Member

@clarenceb what resources are you specifically interested in? Gateway resource?

@tomkerkhove tomkerkhove mentioned this issue Oct 25, 2023
Closed
@matthchr matthchr added the microsoft.apimanagement Issues related to APIManagement resources label Nov 9, 2023
@JulianSchmidtkeGWS
Copy link

Hi, quick question.
I'm using the new ASO Api Management Resources but i can't get my head around creating Operations.

I have a Service, API, Subscription, Named Value, Policy and backend. But i'm missing the Operation Part to create the Endpoints.
Am I missing something?

@tomkerkhove
Copy link
Member

That is a gap I noticed yesterday as well. @ross-p-smith are you using API import method or how did you creat operations?

@theunrepentantgeek
Copy link
Member

I did some grep'ing through the APIM code in ASO for the term operation and didn't find any hits, so I suspect this may be a current gap.

@tomkerkhove
Copy link
Member

Jup, I've added a note on APIM side to contribute this

@JulianSchmidtkeGWS
Copy link

Has anyone managed to create a backend with a named value as header?

I have a named value "api_key" that i want to reference in the backend

apiVersion: apimanagement.azure.com/v1api20220801
kind: Backend
metadata:
  name: Mybackend
spec:
  description: MyBackend
  protocol: http
  url: MyUrl
  credentials:
    header:
      X-API-KEY: 
        - api_key
  owner:
    name: MyApiManagement

when i do this a header with the value "api_key" is added (manual value)
what i want is a reference to the named value "api_key".

The Docs only describe the authorization like this:
header: map[string][]string | Header: Header Parameter description.

https://azure.github.io/azure-service-operator/reference/apimanagement/v1api20220801/#apimanagement.azure.com/v1api20220801.BackendCredentialsContract

Has anyone managed to reference the named value here?

@matthchr
Copy link
Member

@tomkerkhove do you have an example of usage of this field?
https://learn.microsoft.com/en-us/azure/templates/microsoft.apimanagement/service/backends?pivots=deployment-language-arm-template#backendcredentialscontract-1

For example in an ARM template?

That could inform our samples/examples in ASO as well.

@tomkerkhove
Copy link
Member

Do these help?

@ross-p-smith
Copy link
Contributor

That is a gap I noticed yesterday as well. @ross-p-smith are you using API import method or how did you creat operations?

Yes this is a gap - I have not implemented the Operations yet

@theunrepentantgeek theunrepentantgeek modified the milestones: v2.6.0, v2.7.0 Dec 11, 2023
@ross-p-smith ross-p-smith mentioned this issue Dec 21, 2023
Merged
2 tasks
@tomkerkhove
Copy link
Member

@clarenceb Based on what is available now, are you OK with closing this item or not?

@clarenceb
Copy link
Author

clarenceb commented Feb 20, 2024
edited

@tomkerkhove this is very timely! I didn't see your comment but, by coincidence, happened to stumble upon this feature being progressed since I raised the issue as I have a few customer instances where this could benefit them. I will take a look today and test it out and let you know. At first glance, it does appear to have the main constructs. Thanks for your efforts!

@matthchr matthchr removed this from the v2.7.0 milestone Feb 22, 2024
@matthchr matthchr mentioned this issue Feb 22, 2024
Open
@matthchr
Copy link
Member

Based on the discussion here I am closing this. I think we can track these gaps via the apim issue label, specifically these two issues:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
microsoft.apimanagement Issues related to APIManagement resources new-feature new-resource Requests for new supported resources
Projects
Azure Service Operator Roadmap
Archived in project
Milestone
No milestone
Development

No branches or pull requests
6 participants
@clarenceb @theunrepentantgeek @tomkerkhove @ross-p-smith @matthchr @JulianSchmidtkeGWS