789328ff5a
* bump provider versions to 5.0.0 * fix cloud run, logging and vpc-sc * Fix secret manager * fix gke nodepool * fix gke multitenant stage and blueprint * Moving alloydb module to experimental. * Add project to bare resources in examples * tfdoc * fix svpc blueprint test * Revert "fix svpc blueprint test" This reverts commit 14f02659098070136e64ead600580dd52c23c339. * Fix GKE peering project * Disable tests in alloydb module * Bring back secret ids in secret manager tests * Remove duplicate key * last push --------- Co-authored-by: Julio Castillo <jccb@google.com> |
||
---|---|---|
.. | ||
bundle/apiproxy | ||
templates | ||
README.md | ||
apigee.tf | ||
apigee_nb.tf | ||
apigee_sb.tf | ||
apiproxy.tf | ||
diagram.png | ||
onprem.tf | ||
outputs.tf | ||
terraform.tfvars.sample | ||
variables.tf | ||
versions.tf | ||
vpn.tf |
README.md
Apigee X - Northbound: External Application LB with PSC Neg, Southbouth: PSC with Internal Application LB and Hybrid NEG
The following blueprint shows how to expose an on-prem target backend to clients in the Internet.
The architecture is the one depicted below.
To emulate an service deployed on-premise, we have used a managed instance group of instances running Nginx exposed via a regional internalload balancer (L7). The service is accessible through VPN.
Running the blueprint
-
Clone this repository or open it in cloud shell, then go through the following steps to create resources:
-
Copy the file terraform.tfvars.sample to a file called
terraform.tfvars
and update the values if required. -
Initialize the terraform configuration
terraform init
-
Apply the terraform configuration
terraform apply
Once the resources have been created, do the following:
Create an A record in your DNS registrar to point the environment group hostname to the public IP address returned after the terraform configuration was applied. You might need to wait some time until the certificate is provisioned.
Testing the blueprint
Do the following to verify that everything works as expected.
-
Deploy the API proxy
./deploy-apiproxy.sh
-
Send a request
curl -v https://HOSTNAME/test/
You should get back an HTTP 200 OK response.
Variables
name | description | type | required | default |
---|---|---|---|---|
apigee_project_id | Project ID. | string |
✓ | |
billing_account_id | Parameters for the creation of the new project. | string |
✓ | |
hostname | Host name. | string |
✓ | |
onprem_project_id | Project ID. | string |
✓ | |
parent | Parent (organizations/organizationID or folders/folderID). | string |
✓ | |
apigee_proxy_only_subnet_ip_cidr_range | Subnet IP CIDR range. | string |
"10.2.1.0/24" |
|
apigee_psc_subnet_ip_cidr_range | Subnet IP CIDR range. | string |
"10.2.2.0/24" |
|
apigee_runtime_ip_cidr_range | Apigee PSA IP CIDR range. | string |
"10.0.4.0/22" |
|
apigee_subnet_ip_cidr_range | Subnet IP CIDR range. | string |
"10.2.0.0/24" |
|
apigee_troubleshooting_ip_cidr_range | Apigee PSA IP CIDR range. | string |
"10.1.0.0/28" |
|
onprem_proxy_only_subnet_ip_cidr_range | Subnet IP CIDR range. | string |
"10.1.1.0/24" |
|
onprem_subnet_ip_cidr_range | Subnet IP CIDR range. | string |
"10.1.0.0/24" |
|
region | Region. | string |
"europe-west1" |
|
zone | Zone. | string |
"europe-west1-c" |
Outputs
name | description | sensitive |
---|---|---|
ip_address | GLB IP address. |
Test
module "test" {
source = "./fabric/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg"
billing_account_id = "12345-12345-12345"
parent = "folders/123456789"
apigee_project_id = "my-apigee-project"
onprem_project_id = "my-onprem-project"
hostname = "test.myorg.org"
}
# tftest modules=14 resources=77