Skip to content

Latest commit

 

History

History
 
 

x-sb-psc

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 

Basic Apigee X Setup with internal backend reached through PSC

This module provides a southbound private service connect (PSC) connectivity between an Apigee X runtime and a sample backend that is running on a standalone VPC.

Setup Instructions

Set the project ID where you want your Apigee Organization to be deployed to:

PROJECT_ID=my-project-id
cd samples/... # Sample from above
cp ./x-demo.tfvars ./my-config.tfvars

Decide on a backend and create the necessary config. To use a backend on Google Cloud Storage (GCS) use:

gsutil mb "gs://$PROJECT_ID-tf"

cat <<EOF >terraform.tf
terraform {
  backend "gcs" {
    bucket  = "$PROJECT_ID-tf"
    prefix  = "terraform/state"
  }
}
EOF

Validate your config:

terraform init
terraform plan --var-file=./my-config.tfvars -var "project_id=$PROJECT_ID"

and provision everything (takes roughly 25min):

terraform apply --var-file=./my-config.tfvars -var "project_id=$PROJECT_ID"

Validate the setup

A successful run will print the endpoint attachment's host that you can then use for your target server in Apigee:

Outputs:

psc_endpoint_attachment_host = "7.0.5.2"
psc_endpoint_attachment_connection_state = "ACCEPTED"

Providers

Name Version
google n/a

Modules

Name Source Version
apigee-x-core ../../modules/apigee-x-core n/a
backend-example ../../modules/development-backend n/a
backend-vpc github.com/terraform-google-modules/cloud-foundation-fabric//modules/net-vpc v28.0.0
project github.com/terraform-google-modules/cloud-foundation-fabric//modules/project v28.0.0
southbound-psc ../../modules/sb-psc-attachment n/a
vpc github.com/terraform-google-modules/cloud-foundation-fabric//modules/net-vpc v28.0.0

Resources

Name Type
google_compute_firewall.allow_psc_nat_to_backend resource
google_compute_subnetwork.psc_nat_subnet resource

Inputs

Name Description Type Default Required
apigee_envgroups Apigee Environment Groups.
map(object({
hostnames = list(string)
}))
null no
apigee_environments Apigee Environments.
map(object({
display_name = optional(string)
description = optional(string)
node_config = optional(object({
min_node_count = optional(number)
max_node_count = optional(number)
}))
iam = optional(map(list(string)))
envgroups = list(string)
type = optional(string)
}))
null no
apigee_instances Apigee Instances (only one instance for EVAL orgs).
map(object({
region = string
ip_range = string
environments = list(string)
}))
null no
ax_region GCP region for storing Apigee analytics data (sxee https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli). string n/a yes
backend_name Name for the Demo Backend string "demo-backend" no
backend_network Peered Backend VPC name. string n/a yes
backend_psc_nat_subnet Subnet to host the PSC NAT.
object({
name = string
ip_cidr_range = string
})
n/a yes
backend_region GCP Region Backend (ensure this matches backend_subnet.region). string n/a yes
backend_subnet Subnet to host the backend service.
object({
name = string
ip_cidr_range = string
region = string
secondary_ip_range = map(string)
})
n/a yes
billing_account Billing account id. string null no
network Name of the VPC network to peer with the Apigee tennant project. string n/a yes
peering_range Service Peering CIDR range. string n/a yes
project_create Create project. When set to false, uses a data source to reference existing project. bool false no
project_id Project id (also used for the Apigee Organization). string n/a yes
project_parent Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. string null no
psc_name PSC name. string n/a yes
support_range Support CIDR range of length /28 (required by Apigee for troubleshooting purposes). string n/a yes

Outputs

Name Description
psc_endpoint_attachment_connection_state Underlying connection state of the PSC endpoint attachment.
psc_endpoint_attachment_host Hostname of the PSC endpoint attachment.