End-to-end sample terraform code to provision Apigee X exposed by External Load Balancer with PSC and MIG.
If you plan to use LB-->PSC-NEG for Apigee northbound network routing, follow the instructions in this document to configure active health check. At this time, PSC-NEG does not support active health check monitoring as mentioned here. To work around this limitation of PSC, you can modify the Apigee installation configuration to use a managed instance group (MIG), which does provide active health check capability. Refer the solution guide here and the network diagram below :
Set the project ID where you want your Apigee Organization to be deployed to:
PROJECT_ID=my-project-idcd samples/... # Sample from above
cp ./x-demo.tfvars ./my-config.tfvarsDecide on a backend and create the necessary config. To use a backend on Google Cloud Storage (GCS) use:
gsutil mb "gs://$PROJECT_ID-tf"
cat <<EOF >terraform.tf
terraform {
backend "gcs" {
bucket = "$PROJECT_ID-tf"
prefix = "terraform/state"
}
}
EOFValidate your config:
terraform init
terraform plan --var-file=./my-config.tfvars -var "project_id=$PROJECT_ID"and provision everything (takes roughly 25min):
terraform apply --var-file=./my-config.tfvars -var "project_id=$PROJECT_ID"| Name | Version |
|---|---|
| n/a |
| Name | Source | Version |
|---|---|---|
| apigee-x-bridge-mig | ../../modules/apigee-x-bridge-mig | n/a |
| apigee-x-core | ../../modules/apigee-x-core | n/a |
| mig-l7xlb | ../../modules/mig-l7xlb | n/a |
| project | github.com/terraform-google-modules/cloud-foundation-fabric//modules/project | v28.0.0 |
| vpc | github.com/terraform-google-modules/cloud-foundation-fabric//modules/net-vpc | v28.0.0 |
| Name | Type |
|---|---|
| google_compute_address.psc_endpoint_address | resource |
| google_compute_forwarding_rule.psc_ilb_consumer | resource |
| google_compute_global_address.external_address | resource |
| google_compute_managed_ssl_certificate.google_cert | resource |
| google_compute_address.int_psc_ips | data source |
| google_compute_global_address.my_lb_external_address | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| apigee_envgroups | Apigee Environment Groups. | map(object({ |
null |
no |
| apigee_environments | Apigee Environments. | map(object({ |
null |
no |
| apigee_instances | Apigee Instances (only one instance for EVAL orgs). | map(object({ |
null |
no |
| ax_region | GCP region for storing Apigee analytics data. | string |
n/a | yes |
| billing_account | Billing account ID. | string |
n/a | yes |
| billing_type | Billing type of the Apigee organization. | string |
null |
no |
| exposure_subnets | Subnets for exposing Apigee services | list(object({ |
[] |
no |
| lb_name | Name of the load balancer. | string |
n/a | yes |
| peering_range | Peering CIDR range | string |
n/a | yes |
| project_create | Create project. When set to false, uses a data source to reference existing project. | bool |
false |
no |
| project_id | Project ID. | string |
n/a | yes |
| project_parent | Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. | string |
n/a | yes |
| project_services | List of services to enable in the project. | list(string) |
[ |
no |
| psc_subnets | Subnets for psc endpoints | list(object({ |
[] |
no |
| ssl_crt_domains | Domains for the managed SSL certificate. | list(string) |
n/a | yes |
| support_range1 | Support CIDR range of length /28 (required by Apigee for troubleshooting purposes). | string |
n/a | yes |
| vpc_name | Project ID. | string |
n/a | yes |
No outputs.