History

Luca Prete 7c6726e79b [net-address] enable ipv6 (#1821 ) --------- Co-authored-by: Luca Prete <lucaprete@google.com>		2023-10-28 15:36:30 +02:00
..
ansible	versions.tf maintenance + copyright notice bump (#1782 )	2023-10-20 18:17:47 +02:00
templates	versions.tf maintenance + copyright notice bump (#1782 )	2023-10-20 18:17:47 +02:00
README.md	Make deletion protection consistent across all modules (#1735 )	2023-10-05 17:31:07 +02:00
ansible.tf	Fixed permissions of files created	2023-03-27 14:49:09 +02:00
apigee.tf	Fixed permissions of files created	2023-03-27 14:49:09 +02:00
diagram.png	Improvements in apigee hybrid-gke: now using workload identity and GLB	2023-01-19 22:11:44 +01:00
gke.tf	Make deletion protection consistent across all modules (#1735 )	2023-10-05 17:31:07 +02:00
glb.tf	[net-address] enable ipv6 (#1821 )	2023-10-28 15:36:30 +02:00
main.tf	Improvements in apigee hybrid-gke: now using workload identity and GLB	2023-01-19 22:11:44 +01:00
mgmt.tf	Allow using no service account in compute-vm (#1692 )	2023-09-19 16:56:51 +00:00
outputs.tf	Improvements in apigee hybrid-gke: now using workload identity and GLB	2023-01-19 22:11:44 +01:00
terraform.tfvars.sample	Apigee hybrid on GKE	2023-01-04 10:53:49 +01:00
variables.tf	Make deletion protection consistent across all modules (#1735 )	2023-10-05 17:31:07 +02:00
vpc.tf	Apigee hybrid on GKE	2023-01-04 10:53:49 +01:00

README.md

Apigee Hybrid on GKE

This example installs Apigee hybrid in a non-prod environment on a GKE private cluster using Terraform and Ansible. The Terraform configuration deploys all the required infrastructure including a management VM used to run an ansible playbook to the actual Apigee Hybrid setup.

The diagram below depicts the architecture.

Running the blueprint

Clone this repository or open it in cloud shell, then go through the following steps to create resources:
Copy the file terraform.tfvars.sample to a file called terraform.tfvars and update the values if required.
Initialize the terraform configuration
```
terraform init
```
Apply the terraform configuration
```
terraform apply
```
Create an A record in your DNS registrar to point the environment group hostname to the public IP address returned after the terraform configuration was applied. You might need to wait some time until the certificate is provisioned.
Install Apigee hybrid using de ansible playbook that is in the ansible folder by running this command

ansible-playbook playbook.yaml -vvv

Testing the blueprint

Deploy an api proxy
```
./deploy-apiproxy.sh apis-test
```

Send a request

curl -v https://HOSTNAME/httpbin/headers

Variables

name	description	type	required	default
hostname	Host name.	`string`	✓
project_id	Project ID.	`string`	✓
cluster_machine_type	Cluster nachine type.	`string`		`"e2-standard-4"`
cluster_network_config	Cluster network configuration.	`object({…})`		`{…}`
deletion_protection	Prevent Terraform from destroying data storage resources (storage buckets, GKE clusters, CloudSQL instances) in this blueprint. When this field is set in Terraform state, a terraform destroy or terraform apply that would delete data storage resources will fail.	`bool`		`false`
mgmt_server_config	Mgmt server configuration.	`object({…})`		`{…}`
mgmt_subnet_cidr_block	Management subnet CIDR block.	`string`		`"10.0.2.0/28"`
project_create	Parameters for the creation of the new project.	`object({…})`		`null`
region	Region.	`string`		`"europe-west1"`
zone	Zone.	`string`		`"europe-west1-c"`

Outputs

name	description	sensitive
ip_address	GLB IP address.

Test

module "test" {
  source = "./fabric/blueprints/apigee/hybrid-gke"
  project_create = {
    billing_account_id = "12345-12345-12345"
    parent             = "folders/123456789"
  }
  project_id = "my-project"
  hostname   = "test.myorg.org"
}
# tftest modules=18 resources=61