x-sb-psc

Basic Apigee X Setup with internal backend reached through PSC

This module provides a southbound private service connect (PSC) connectivity between an Apigee X runtime and a sample backend that is running on a standalone VPC.

Setup Instructions

Set the project ID where you want your Apigee Organization to be deployed to:

PROJECT_ID=my-project-id

cd samples/... # Sample from above
cp ./x-demo.tfvars ./my-config.tfvars

Decide on a backend and create the necessary config. To use a backend on Google Cloud Storage (GCS) use:

gsutil mb "gs://$PROJECT_ID-tf"

cat <<EOF >terraform.tf
terraform {
  backend "gcs" {
    bucket  = "$PROJECT_ID-tf"
    prefix  = "terraform/state"
  }
}
EOF

Validate your config:

terraform init
terraform plan --var-file=./my-config.tfvars -var "project_id=$PROJECT_ID"

and provision everything (takes roughly 25min):

terraform apply --var-file=./my-config.tfvars -var "project_id=$PROJECT_ID"

Validate the setup

A successful run will print the endpoint attachment's host that you can then use for your target server in Apigee:

Outputs:

psc_endpoint_attachment_host = "7.0.5.2"
psc_endpoint_attachment_connection_state = "ACCEPTED"

Providers

Name	Version
google	n/a

Modules

Name	Source	Version
apigee-x-core	../../modules/apigee-x-core	n/a
backend-example	../../modules/development-backend	n/a
backend-vpc	github.com/terraform-google-modules/cloud-foundation-fabric//modules/net-vpc	v28.0.0
project	github.com/terraform-google-modules/cloud-foundation-fabric//modules/project	v28.0.0
southbound-psc	../../modules/sb-psc-attachment	n/a
vpc	github.com/terraform-google-modules/cloud-foundation-fabric//modules/net-vpc	v28.0.0

Resources

Name	Type
google_compute_firewall.allow_psc_nat_to_backend	resource
google_compute_subnetwork.psc_nat_subnet	resource

Inputs

Name	Description	Type	Default	Required
apigee_envgroups	Apigee Environment Groups.	map(object({ hostnames = list(string) }))	null	no
apigee_environments	Apigee Environments.	map(object({ display_name = optional(string) description = optional(string) node_config = optional(object({ min_node_count = optional(number) max_node_count = optional(number) })) iam = optional(map(list(string))) envgroups = list(string) type = optional(string) }))	null	no
apigee_instances	Apigee Instances (only one instance for EVAL orgs).	map(object({ region = string ip_range = string environments = list(string) }))	null	no
ax_region	GCP region for storing Apigee analytics data (sxee https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli).	string	n/a	yes
backend_name	Name for the Demo Backend	string	"demo-backend"	no
backend_network	Peered Backend VPC name.	string	n/a	yes
backend_psc_nat_subnet	Subnet to host the PSC NAT.	object({ name = string ip_cidr_range = string })	n/a	yes
backend_region	GCP Region Backend (ensure this matches backend_subnet.region).	string	n/a	yes
backend_subnet	Subnet to host the backend service.	object({ name = string ip_cidr_range = string region = string secondary_ip_range = map(string) })	n/a	yes
billing_account	Billing account id.	string	null	no
network	Name of the VPC network to peer with the Apigee tennant project.	string	n/a	yes
peering_range	Service Peering CIDR range.	string	n/a	yes
project_create	Create project. When set to false, uses a data source to reference existing project.	bool	false	no
project_id	Project id (also used for the Apigee Organization).	string	n/a	yes
project_parent	Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format.	string	null	no
psc_name	PSC name.	string	n/a	yes
support_range	Support CIDR range of length /28 (required by Apigee for troubleshooting purposes).	string	n/a	yes

Outputs

Name	Description
psc_endpoint_attachment_connection_state	Underlying connection state of the PSC endpoint attachment.
psc_endpoint_attachment_host	Hostname of the PSC endpoint attachment.