This blueprint creates all the resources necessary to set up Apigee X on Google Cloud.
Apigee can be exposed to clients using Regional Internal Application Load Balancer, Global External Application Load Balancer or both. When using the Regional Internal Application Load Balancer, used self-managed certificates (including self-signed certificates generated in this same module). When using the Global External Application Load Balancer Google-managed certificates or self-managed certificates (including self-signed certificates generated in this same module). When using Cross-region Internal Application Load Balancer a certificate manager needs to be used and it needs to be created in the same project as Apigee.
Find below a few examples of different Apigee architectures that can be created using this module.
- Examples
- Apigee X in service project with shared VPC peered and exposed with Global External Application LB and Regional Internal Application LB
- Apigee X in service project with local VPC peered and exposed using Global LB and Internal Cross-region Application LB
- Apigee X in service project with peering disabled and exposed using Global LB
- Apigee X in standalone project with peering enabled and exposed with Regional Internal LB
- Apigee X in standalone project with peering disabled and exposed using Global External Application LB
- Variables
- Variables
- Outputs
Apigee X in service project with shared VPC peered and exposed with Global External Application LB and Regional Internal Application LB
module "apigee-x-foundations" {
source = "./fabric/blueprints/apigee/apigee-x-foundations"
project_config = {
billing_account_id = var.billing_account_id
parent = var.folder_id
name = var.project_id
iam = {
"roles/apigee.admin" = ["group:[email protected]"]
}
shared_vpc_service_config = {
host_project = "my-host-project"
}
}
apigee_config = {
addons_config = {
api_security = true
}
organization = {
analytics_region = "europe-west1"
api_consumer_data_location = "europe-west1"
api_consumer_data_encryption_key_config = {
auto_create = true
}
database_encryption_key_config = {
auto_create = true
}
billing_type = "PAYG"
}
envgroups = {
apis = [
"apis.external.myorg.com",
"apis.internal.myorg.com"
]
}
environments = {
apis = {
envgroups = ["apis"]
}
}
instances = {
europe-west1 = {
external = true
runtime_ip_cidr_range = "10.0.0.0/22"
troubleshooting_ip_cidr_range = "192.168.0.0/18"
environments = ["apis"]
}
}
endpoint_attachments = {
endpoint-backend-ew1 = {
region = "europe-west1"
service_attachment = "projects/a58971796302e0142p-tp/regions/europe-west4/serviceAttachments/my-service-attachment-ew1"
}
}
}
network_config = {
shared_vpc = {
name = "my-shared-vpc"
subnets = {
europe-west1 = "projects/my-host-project/regions/europe-west4/subnetworks/my-subnet-ew1"
}
subnets_psc = {
europe-west1 = "projects/my-host-project/regions/europe-west4/subnetworks/my-subnet-psc-ew1"
}
}
}
ext_lb_config = {
ssl_certificates = {
create_configs = {
default = {
certificate = "PEM-Encoded certificate string"
private_key = "PEM-Encoded private key string"
}
}
}
}
int_lb_config = {
ssl_certificates = {
create_configs = {
default = {
certificate = "PEM-Encoded certificate string"
private_key = "PEM-Encoded private key string"
}
}
}
}
}
# tftest modules=7 resources=42
Apigee X in service project with local VPC peered and exposed using Global LB and Internal Cross-region Application LB
module "apigee-x-foundations" {
source = "./fabric/blueprints/apigee/apigee-x-foundations"
project_config = {
billing_account_id = "1234-5678-0000"
parent = "folders/123456789"
name = "my-project"
iam = {
"roles/apigee.admin" = ["group:[email protected]"]
}
shared_vpc_service_config = {
host_project = "my-host-project"
}
}
apigee_config = {
addons_config = {
api_security = true
}
organization = {
analytics_region = "europe-west1"
billing_type = "PAYG"
}
envgroups = {
apis = [
"apis.external.myorg.com",
"apis.internal.myorg.com"
]
}
environments = {
apis = {
envgroups = ["apis"]
type = "COMPREHENSIVE"
}
}
instances = {
europe-west1 = {
runtime_ip_cidr_range = "10.0.0.0/22"
troubleshooting_ip_cidr_range = "192.168.0.0/28"
environments = ["apis"]
}
europe-west4 = {
runtime_ip_cidr_range = "10.0.4.0/22"
troubleshooting_ip_cidr_range = "192.168.0.16/28"
environments = ["apis"]
}
}
endpoint_attachments = {
endpoint-backend-ew1 = {
region = "europe-west1"
service_attachment = "projects/a58971796302e0142p-tp/regions/europe-west1/serviceAttachments/my-service-attachment-ew1"
dns_names = [
"backend.myorg.com"
]
}
endpoint-backend-ew4 = {
region = "europe-west1"
service_attachment = "projects/a58971796302e0142p-tp/regions/europe-west4/serviceAttachments/my-service-attachment-ew4"
dns_names = [
"backend.myorg.com"
]
}
}
}
network_config = {
shared_vpc = {
name = "my-shared-vpc"
subnets = {
europe-west1 = "projects/my-host-project/regions/europe-west4/subnetworks/my-subnet-eu1"
europe-west4 = "projects/my-host-project/regions/europe-west4/subnetworks/my-subnet-eu4"
}
subnets_psc = {
europe-west1 = "projects/my-host-project/regions/europe-west4/subnetworks/my-subnet-psc-eu1"
europe-west4 = "projects/my-host-project/regions/europe-west4/subnetworks/my-subnet-psc-eu4"
}
}
apigee_vpc = {
auto_create = true
}
}
ext_lb_config = {
ssl_certificates = {
create_configs = {
default = {
certificate = "PEM-Encoded certificate string"
private_key = "PEM-Encoded private key string"
}
}
}
}
int_cross_region_lb_config = {
certificate_manager_certificates = [
"projects/myprj/locations/global/certificates/certificate"
]
}
}
# tftest modules=7 resources=50
module "apigee-x-foundations" {
source = "./fabric/blueprints/apigee/apigee-x-foundations"
project_config = {
billing_account_id = "1234-5678-0000"
parent = "folders/123456789"
name = "my-project"
iam = {
"roles/apigee.admin" = ["group:[email protected]"]
}
shared_vpc_service_config = {
host_project = "my-host-project"
}
}
apigee_config = {
addons_config = {
api_security = true
}
organization = {
analytics_region = "europe-west1"
disable_vpc_peering = true
}
envgroups = {
apis = [
"apis.external.myorg.com"
]
}
environments = {
apis = {
envgroups = ["apis"]
}
}
instances = {
europe-west1 = {
runtime_ip_cidr_range = "10.0.0.0/22"
troubleshooting_ip_cidr_range = "192.168.0.0/18"
environments = ["apis"]
}
}
endpoint_attachments = {
endpoint-backend-ew1 = {
region = "europe-west1"
service_attachment = "projects/a58971796302e0142p-tp/regions/europe-west4/serviceAttachments/my-service-attachment-ew1"
}
}
disable_vpc_peering = true
}
network_config = {
shared_vpc = {
name = "my-shared-vpc"
subnets = {
europe-west1 = "projects/my-host-project/regions/europe-west4/subnetworks/my-subnet-ew1"
}
subnets_psc = {
europe-west1 = "projects/my-host-project/regions/europe-west4/subnetworks/my-subnet-psc-ew1"
}
}
}
ext_lb_config = {
ssl_certificates = {
create_configs = {
default = {
certificate = "PEM-Encoded certificate string"
private_key = "PEM-Encoded private key string"
}
}
}
}
}
# tftest modules=4 resources=28
module "apigee-x-foundations" {
source = "./fabric/blueprints/apigee/apigee-x-foundations"
project_config = {
billing_account_id = "1234-5678-0000"
parent = "folders/123456789"
name = "my-project"
iam = {
"roles/apigee.admin" = ["group:[email protected]"]
}
}
apigee_config = {
addons_config = {
api_security = true
}
organization = {
analytics_region = "europe-west1"
}
envgroups = {
apis = [
"apis.internal.myorg.com"
]
}
environments = {
apis = {
envgroups = ["apis"]
}
}
instances = {
europe-west1 = {
runtime_ip_cidr_range = "172.16.0.0/22"
troubleshooting_ip_cidr_range = "192.168.0.0/18"
environments = ["apis"]
}
}
endpoint_attachments = {
endpoint-backend-ew1 = {
region = "europe-west1"
service_attachment = "projects/a58971796302e0142p-tp/regions/europe-west4/serviceAttachments/my-service-attachment-ew1"
dns_names = [
"backend.myorg.com"
]
}
}
}
network_config = {
apigee_vpc = {
subnets = {
europe-west1 = {
ip_cidr_range = "10.0.0.0/29"
}
}
subnets_proxy_only = {
europe-west1 = {
ip_cidr_range = "10.1.0.0/26"
}
}
subnets_psc = {
europe-west1 = {
ip_cidr_range = "10.0.1.0/29"
}
}
}
}
int_lb_config = {
ssl_certificates = {
create_configs = {
default = {
certificate = "PEM-Encoded certificate string"
private_key = "PEM-Encoded private key string"
}
}
}
}
}
# tftest modules=6 resources=40
Apigee X in standalone project with peering disabled and exposed using Global External Application LB
module "apigee-x-foundations" {
source = "./fabric/blueprints/apigee/apigee-x-foundations"
project_config = {
billing_account_id = "1234-5678-0000"
parent = "folders/123456789"
name = "my-project"
iam = {
"roles/apigee.admin" = ["group:[email protected]"]
}
}
apigee_config = {
addons_config = {
api_security = true
}
organization = {
analytics_region = "europe-west1"
disable_vpc_peering = true
}
envgroups = {
apis = [
"apis.external.myorg.com",
"apis.internal.myorg.com"
]
}
environments = {
apis = {
envgroups = ["apis"]
}
}
instances = {
europe-west1 = {
environments = ["apis"]
}
}
endpoint_attachments = {
endpoint-backend-ew1 = {
region = "europe-west1"
service_attachment = "projects/a58971796302e0142p-tp/regions/europe-west4/serviceAttachments/my-service-attachment-ew1"
}
}
disable_vpc_peering = true
}
network_config = {
apigee_vpc = {
auto_create = true
subnets = {
europe-west1 = {
ip_cidr_range = "10.0.0.0/29"
}
}
subnets_psc = {
europe-west1 = {
ip_cidr_range = "10.0.1.0/29"
}
}
}
}
ext_lb_config = {
ssl_certificates = {
create_configs = {
default = {
certificate = "PEM-Encoded certificate string"
private_key = "PEM-Encoded private key string"
}
}
}
}
enable_monitoring = true
}
# tftest modules=6 resources=47
name | description | modules | resources |
---|---|---|---|
apigee.tf | None | apigee |
|
dns.tf | None | ||
kms.tf | None | kms |
random_id |
main.tf | Module-level locals and resources. | net-vpc · project |
|
monitoring.tf | None | cloud-function-v2 |
|
northbound.tf | None | net-lb-app-ext · net-lb-app-int · net-lb-app-int-cross-region |
google_compute_region_network_endpoint_group · google_compute_security_policy |
outputs.tf | Module outputs. | ||
variables.tf | Module variables. |
name | description | type | required | default | producer |
---|---|---|---|---|---|
apigee_config | Apigee configuration. | object({…}) |
✓ | ||
project_config | Project configuration. | object({…}) |
✓ | ||
enable_monitoring | Boolean flag indicating whether an custom metric to monitor instances should be created in Cloud monitoring. | bool |
false |
||
ext_lb_config | External application load balancer configuration. | object({…}) |
null |
||
int_cross_region_lb_config | Internal application load balancer configuration. | object({…}) |
null |
||
int_lb_config | Internal application load balancer configuration. | object({…}) |
null |
||
network_config | Network configuration. | object({…}) |
{} |
name | description | sensitive | consumers |
---|---|---|---|
endpoint_attachment_hosts | Endpoint attachment hosts. | ||
ext_lb_ip_address | External IP address. | ||
instance_service_attachments | Instance service attachments. | ||
int_cross_region_lb_ip_addresses | Internal IP addresses. | ||
int_lb_ip_addresses | Internal IP addresses. | ||
project_id | Project. |