Apigee Hybrid Terraform
This repository contains Terraform configurations for deploying and managing Apigee Hybrid. The project supports deployment on multiple Kubernetes platforms including Google Kubernetes Engine (GKE), Azure Kubernetes Service (AKS), Elastic Kubernetes Service (EKS), and other supported Kubernetes platforms. This setup is ideal for creating an evaluation Apigee instance to test features and functionality.
Project Structure
├── apigee-hybrid-core/ # Core Apigee Hybrid infrastructure components
├── apigee-on-aks/ # AKS-specific deployment configurations
├── apigee-on-gke/ # GKE-specific deployment configurations
├── apigee-on-eks/ # EKS-specific deployment configurations
├── apigee-on-others/ # Install Apigee on other Kubernetes Provider/
Prerequisites
Required Tools
- Terraform >= 1.0.0
- Google Cloud SDK (gcloud CLI) >= 400.0.0
- kubectl >= 1.24.0
- Helm >= 3.15.0
GCP Project Setup
- A GCP project with billing enabled
- Appropriate IAM permissions (Owner/Editor role)
- Required APIs enabled (handled automatically by Terraform):
- Compute Engine API
- Container (GKE) API
- Cloud Resource Manager API
- Apigee API
- Apigee Connect API
- Cloud KMS API
- Service Networking API
- Cloud Monitoring API
- Cloud Logging API
- Cloud Storage API
- Cloud SQL Admin API
Organization Policies
The following organization policies should use Google's default settings:
disableServiceAccountKeyCreationrequireOsLoginrequireShieldedVmvmExternalIpAccess
To apply these policies, run:
./apply_org_policies.shQuick Start
-
Clone this repository:
git clone https://github.com/your-username/apigee-hybrid-terraform.git cd apigee-hybrid-terraform -
Choose your deployment target:
- For GKE deployment: Navigate to
apigee-on-gke/ - For AKS deployment: Navigate to
apigee-on-aks/ - For EKS deployment: Navigate to
apigee-on-eks/ - For other Kubernetes Provider deployment: Navigate to
apigee-on-others/
- For GKE deployment: Navigate to
-
Initialize Terraform:
terraform init
-
Configure your variables:
- Edit
terraform.tfvarswith required values. You can referterraform.tfvars.sample - Update the variables with your specific values
- Edit
-
Apply the configuration:
terraform plan terraform apply
-
Verify the deployment:
kubectl get pods -n apigee
Components
Core Infrastructure (apigee-hybrid-core/)
The core module provides the fundamental infrastructure components required for Apigee Hybrid, including:
- IAM configurations
- Service accounts
- Core GCP resources
GKE Deployment (apigee-on-gke/)
Specific configurations for deploying Apigee Hybrid on Google Kubernetes Engine, including:
- GKE cluster configuration
- Apigee runtime components
- Network configurations
- Load balancer setup
AKS Deployment (apigee-on-aks/)
Configurations for deploying Apigee Hybrid on Azure Kubernetes Service, including:
- AKS cluster setup
- Network configurations
- Load balancer setup
- Apigee Runtime Installation
EKS Deployment (apigee-on-eks/)
Configurations for deploying Apigee Hybrid on AWS Kubernetes Service, including:
- EKS cluster setup
- Network configurations
- Load balancer setup
- Apigee Runtime Installation
Other K8s Deployment (apigee-on-others/)
Configurations for deploying Apigee Hybrid on other Kubernetes Service, including:
- Apigee Runtime Installation
Maintenance
Upgrading
- Review the release notes for the target version
- Update the Apigee runtime version in your configuration
- Apply the changes using Terraform:
terraform plan terraform apply
- Verify the upgrade:
kubectl get pods -n apigee
Backup and Recovery
- Regular backups of the Apigee runtime data
- Terraform state backup
- Configuration version control
- Disaster recovery procedures
Health Checks
Regular health checks should be performed:
kubectl get pods -n apigee
kubectl get services -n apigee
kubectl describe pods -n apigeeKnown Issues and Solutions
Terraform Provider Warnings
-
Deprecated
local_fileResourceWarning: Attribute Deprecated Use the `local_sensitive_file` resource instead- Solution: Update the code to use
local_sensitive_fileinstead oflocal_filefor sensitive content - Location:
apigee-hybrid-core/main.tf
- Solution: Update the code to use
-
Deprecated
inline_policyin AWS IAM RoleWarning: Argument is deprecated inline_policy is deprecated. Use the aws_iam_role_policy resource instead- Solution: Replace
inline_policywith separateaws_iam_role_policyresources - Location: EKS module configuration
- Solution: Replace
Provider Inconsistencies
- Google Service Account Inconsistency
Error: Provider produced inconsistent result after apply When applying changes to module.apigee_hybrid.google_service_account.apigee_non_prod_sa- Solution:
- Remove the service account from GCP Project
- Reapply the terraform configuration 'terraform apply'
- Solution:
Common Issues
-
Cluster Creation Fails
- Check IAM permissions
- Verify quota availability
- Review network configurations
- Check resource limits
-
Apigee Runtime Issues
- Check pod status:
kubectl get pods -n apigee - Review logs:
kubectl logs -n apigee - Verify connectivity to Apigee control plane
- Check resource constraints
- Check pod status:
-
Network Connectivity Issues
- Verify VPC configurations
- Check firewall rules
- Validate DNS settings
- Review load balancer configuration
Contributing
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Create a Pull Request
Development Guidelines
- Follow Terraform best practices
- Include documentation for new features
- Add tests for new functionality
- Update version numbers appropriately
License
This project is licensed under the terms of the license included in the repository.
Support
For issues and feature requests, please create an issue in the GitHub repository.
Getting Help
- Check the FAQ
- Review the troubleshooting guide
- Join the community Slack channel
- Contact the maintainers