This topic discusses the virtualhosts configuration property. Virtual hosts allow Apigee hybrid to handle API requests to hostaliases associated with an environment group. For more information, see Routing and base paths in the About environments and environment groups topic.
...
virtualhosts:
- name: my-env-group
sslCertPath: ./certs/fullchain.pem
sslKeyPath: ./certs/privkey.key
...When an API proxy call comes, it is routed to the host alias(es) of the environment group where the API proxy is deployed.
For instructions on how to apply virtualhosts to the cluster, see
Applying virtualhosts changes. For information about configuring
TLS, see Configuring TLS and mTLS on the Istio ingress.
Adding multiple virtual hosts
The virtualhosts[] property is an array, and therefore you can create more than
one.
...
virtualhosts:
- name: my-env-group-1
sslCertPath: ./certs/fullchain1.pem
sslKeyPath: ./certs/privkey1.key
- name: my-env-group-2
sslCertPath: ./certs/fullchain2.pem
sslKeyPath: ./certs/privkey2.key
...For information about configuring TLS, see Configuring TLS and mTLS on the Istio ingress.
Applying virtualhosts changes
If you only add or change the virtualhosts
property, and nothing else, then you can apply those changes with the ‑‑settings flag. This applies only for apigeectl; for Helm, we are applying apigee-virtualhost with the appropriate variable.
Helm
helm upgrade ENV_GROUP_NAME apigee-virtualhost/ \ --namespace apigee \ --atomic \ --set envgroup=ENV_GROUP_NAME \ -f OVERRIDES_FILE.yaml
apigeectl
$APIGEECTL_HOME/apigeectl apply -f OVERRIDES_FILE.yaml ‑‑settings virtualhosts
If you modify the virtualhosts and env settings,
you need to apply the changes without using ENV_GROUP_NAME apigee-virtualhost/ for Helm and
‑‑settings virtualhosts for apigeectl. Here's how to update the cluster:
Helm
Run
helm upgrade ENV_NAME apigee-env/ \
--namespace apigee \
--atomic \
--set env=ENV_NAME \
-f OVERRIDES_FILE.yaml
Then upgrade the apigee-virtualhost chart:
helm upgrade ENV_GROUP_NAME apigee-virtualhost/ \
--namespace apigee \
--atomic \
--set envgroup=ENV_GROUP_NAME \
-f OVERRIDES_FILE.yaml
apigeectl
$APIGEECTL_HOME/apigeectl apply -f OVERRIDES_FILE.yaml --env ENV_NAME
or, to update the component for all environments:
$APIGEECTL_HOME/apigeectl apply -f OVERRIDES_FILE.yaml --all-envs
Then Apply the changes to the virtualhost:
$APIGEECTL_HOME/apigeectl apply -f OVERRIDES_FILE.yaml settings virtualhosts
TLS keys and certificates
The virtualhost property requires a TLS key and certificate.
The key/cert are used to provide secure communication with the ingress gateway and
must be compatible with the host aliases used in the specified environment group.
It is up to you how you generate proper TLS certificate/key pairs for your hybrid configuration. The following topics are provided as samples only, intended primarily for trying out or testing a new hybrid installation if it isn't feasible to obtain TLS credentials in another way:
- See Obtain TLS credentials for a set of sample steps for creating an authorized TLS certificate/key pair.
- You can use a self-signed certificate/key pair(s) for testing purposes only. See Generate self-signed TLS credentials.