Background

This document covers some of the errors and workarounds, while configuring Apigee Istio Mixer adapter with Edge On-Premise.

Note: The below observations were captured as part of proof of concept using OPDK AIO docker instance

Prerequisites and Instructions

Followed the instructions and prerequisites as described here

Observations

Error: 400 Invalid virtual host reference secure

Description

While deploying edgemicro-internal proxy in OPDK org, the script checks for a Virtual Host named ‘Secure’ which is by default available in cloud orgs but sometimes not available in customer/OPDK orgs or referred with different name

Command:

./apigee-istio -u trial@apigee.com -p xxxxxxx -o trial -e test --managementBase http://localhost:8080 provision > samples/apigee/handler.yaml

error deploying internal proxy: error deploying proxy edgemicro-internal: POST http://localhost:8080/v1/o/trial/apis/edgemicro-internal/revisions/1/deployments?action=deploy&delay=12&env=test&override=true: 400 Invalid virtual host reference secure. Context Revision:1;APIProxy:edgemicro-internal;Organization:trial;Environment:test

Resolution

Create virtual host named ‘secure’ in ‘test’ environment and then re-run the above command

Error: error generating credential

Description

Istio provision command failed when running with OPDK Edge Org/Env because the provisioning script generates the API endpoint based org - name combination, but mostly likely the api endpoint names are different in customer orgs/opdk

Post https://trial-test.apigee.net/edgemicro/credential/organization/trial/environment/test: dial tcp: lookup trial-test.apigee.net: no such host

Resolution

This was because -r option with router (api endpoint) was not provided in the command. Updated Istio provisioning command as below to resolve this

./apigee-istio -u trial@apigee.com -p xxxxxxx -o trial -e test -r http://localhost:9001 -m http://localhost:8080 provision -v

Error: WARNING Apigee may not be provisioned properly

Description

When running the provisioning script with authentication call check with istio-auth proxy has proxy endpoint in service callout policy was hardcoded to https://edgemicroservices.apigee.net

Unable to verify proxy endpoint(s). Errors:

GET http://localhost:9001/istio-auth/products: 401

Resolution

In ‘istio-auth’ proxy, inside service callout policy “Authenticate Call” the target endpoint is hard corded to https://edgemicroservices.apigee.net

This should be updated with the proxy api endpoint which is

:, e.g..http://localhost:9001

Hi @potturiprasanth, this is a good article for people who want to try this in the future.

BTW what is/are the uses/advantages of using Istio-Mixer-Adapter in your project. I know the generic advantage mentioned in the docs. I would like to understand how you guys are using this in your project.

/apigee-istio -u testapigee@example -p xxxxx -o testorg -e sandbox -r http://localhost:9001 -m http://localhost:9000 provision -v

I get this error creating new proxy edgemicro-internal revision: 1… error deploying internal proxy: error importing proxy edgemicro-internal: invalid character ‘<’ looking for beginning of value

Are these related?