Skip to content

Latest commit

 

History

History
192 lines (144 loc) · 10.2 KB

File metadata and controls

192 lines (144 loc) · 10.2 KB

Apigee X via IaC Automation Pipeline exposed in Multiple GCP Regions with Shared VPC and External HTTPS Load Balancer

Setup Instructions

This sample deploys in a slightly different manner than you might be used to in case you have explored the other samples in this repository.

Deploying this sample happens in two stages.

  1. As a first step the Terraform scripts in this directory will create a Bootstrap GCP Project with all the resources required to deploy Apigee X with an Infrastructure as Code (IaC) Automation Pipeline.
  2. The second step will leverage two Cloud Source Repositories and Cloud Build for deploying Apigee X with the surrounding resources as well as a simple httpbin proxy.
  • infra-repo A repo that contains the Terraform Resources to provision Apigee X and the additional components.
  • app-repo An Apigee example proxy repository.

The below diagram depicts the Bootstrap GCP Project setup.

Sample Bootstrap GCP Project

Please refer to the below diagram for a graphical representation of the architecture for this sample.

Apigee X Shared VPC Multi Region Sample Architecture

Note that the sample uses an EVAL Apigee X Organization and hence a single Apigee X Instance only. In case you have a PROD Apigee X Organization then you will be able to easily extend the sample accordingly.

You can deploy this sample by executing the shell commands listed below.

Set the GCP Project ID for the location of your Bootstrap GCP Project:

PROJECT_ID=my-bootstrap-project-id

Set the GCP Project ID for the location of your APIGEE GCP Project (a Shared VPC Service Project):

APIGEE_PROJECT_ID=my-apigee-project-id

Set the GCP Project ID for the location of your Shared VPC Host GCP Project:

HOST_PROJECT_ID=my-host-project-id

Draw a copy of the x-demo.tfvars to customize your Terraform Input Variables.

cp ./x-demo.tfvars ./my-config.tfvars
cp ./infra/environments/poc/x-demo.tfvars ./infra/environments/poc/my-config.tfvars

In case the three GCP Projects for which you set the Project IDs above do not exist yet and you do want to automate their creation you have to set the following variables in your my-config.tfvars:

  • project_create: Set this to true
  • billing_account: Set this to your billing account identifier
  • project_parent: Set this to either 'organizations/0123456789' or 'folders/0123456789' where '0123456789' is either your GCP Organization identifier or the GCP Folder identifier respectively.

Decide on a backend and create the necessary config. To use a backend on Google Cloud Storage (GCS) use:

gsutil mb "gs://$PROJECT_ID-tf"

cat <<EOF >terraform.tf
terraform {
  backend "gcs" {
    bucket  = "$PROJECT_ID-tf"
    prefix  = "terraform/state"
  }
}
EOF

Validate your config:

terraform init
terraform plan --var-file=./my-config.tfvars -var "project_id=$PROJECT_ID" -var "apigee_project_id=$APIGEE_PROJECT_ID" -var "host_project_id=$HOST_PROJECT_ID"

and provision the Bootstrap GCP Project:

terraform apply --var-file=./my-config.tfvars -var "project_id=$PROJECT_ID" -var "apigee_project_id=$APIGEE_PROJECT_ID" -var "host_project_id=$HOST_PROJECT_ID"

The scripts in the following steps will require that you have your git config initialized. In case you have not done so in your environment already please run the following two commands (using your details).

git config --global user.email "[email protected]"
git config --global user.name "Your Name"

Create the Infrastructure as Code (takes roughly 25min):

cd ./infra/
./setupRepo.sh $PROJECT_ID 

Warning: This step will kick off a Cloud Build in the Boostrap GCP Project.

Provision a simple httpbin Proxy:

cd ../app/
./setupRepo.sh $PROJECT_ID 

Testing the Sample Setup

Prerequisits

Before you can test your sample setup you need to wait until the provisioning of the cloud resources has come to completion.
A good signal for the overall status is to check the status of the managed SSL certificate that the pipeline provisions for you.
Run the following command in your Cloud Shell to confirm that the status reads ACTIVE before you continue.

gcloud compute ssl-certificates list --project ${APIGEE_PROJECT_ID}

This should output something like the following:
NAME: cert-12345687890
TYPE: MANAGED
CREATION_TIMESTAMP: 2022-01-17T08:23:15.213-08:00
EXPIRE_TIME: 2022-04-17T08:58:29.000-07:00
MANAGED_STATUS: ACTIVE

test.123-456-789-012.nip.io: ACTIVE

Once that status reads ACTIVE it might still take a short moment for the certificate to propagate through the platform.
However, shortly after that you should see successful responses for requests sent to the test proxy (see command below).

Testing

Run the following command to execute a simple end-to-end test for your setup.
(Make sure you substitute test.123-456-789-012.nip.io with your values as returned by the command above)

curl https://test.123-456-789-012.nip.io/httpbin/headers

Providers

Name Version
google n/a

Modules

Name Source Version
app-tfstate-bucket github.com/terraform-google-modules/cloud-foundation-fabric//modules/gcs v28.0.0
bootstrap-project github.com/terraform-google-modules/cloud-foundation-fabric//modules/project v28.0.0
infra-tfstate-bucket github.com/terraform-google-modules/cloud-foundation-fabric//modules/gcs v28.0.0

Resources

Name Type
google_billing_account_iam_member.billing_user resource
google_cloudbuild_trigger.app_trigger resource
google_cloudbuild_trigger.infra_trigger resource
google_folder_iam_member.folder_project_creator resource
google_folder_iam_member.folder_xpn_admin resource
google_organization_iam_member.existing_org_xpn_admin resource
google_organization_iam_member.folder_xpn_admin resource
google_organization_iam_member.org_project_creator resource
google_organization_iam_member.org_xpn_admin resource
google_project_iam_member.apigee_project_owner resource
google_project_iam_member.host_project_owner resource
google_sourcerepo_repository.app resource
google_sourcerepo_repository.infra resource
google_folder.bootstrap_folder data source
google_project.host_project data source

Inputs

Name Description Type Default Required
apigee_project_id Shared VPC Service Project Id for Apigee Organization. string n/a yes
billing_account Billing account id. string null no
environment Build environment string "poc" no
host_project_id Shared VPC Host Project Id string n/a yes
project_create Create project. When set to false, uses a data source to reference existing project. bool false no
project_id Bootstrap Project Id (used to bootstrap the remaining resources). string n/a yes
project_parent Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. string null no
region Region for the bootstrap resources. string n/a yes

Outputs

No outputs.