This step explains how to set up the Kubernetes service for your Apigee ingress gateway. The Kubernetes services is needed per ingress deployment to obtain an IP address that can be exposed. Client calls to proxies will invoke a hostname that will resolve to this IP address.
Options for Kubernetes services for your Apigee ingress gateway
There are two options for providing a kubernetes service to assign the IP address ...
- Create a custom Kubernetes service for each Apigee ingress gateway (recommended).
- Use the default Kubernetes service.
Create your own Kubernetes service
For production environments, Apigee recommends you create a custom Kubernetes service for each ingress gateway.
- Apigee deletes default service, but does not delete the custom kubernetes service upon clean up. Hence, the IP address won't be released upon reinstallation of Apigee hybrid.
- For platforms not on Google Cloud, like EKS, AKS, and OpenShift, you need to customize the Kubernetes service to work with the cloud provider. Therefore it is better to create a custom Kubernetes service than to use the default service, as Apigee does not support all customizations to the default Kubernetes service.
Use the following steps to set up and route traffic to the new ingress gateway.
- Create a Kubernetes service with the required pod selector labels,
app,ingress_name, andorg. These labels are already present in Apigee ingress gateway pods. Create a service file using the following as an example:apiVersion: v1 kind: Service metadata: name: SERVICE_NAME namespace: apigee spec: ports: - name: status-port port: 15021 protocol: TCP targetPort: 15021 - name: https port: 443 protocol: TCP targetPort: 8443 selector: app: apigee-ingressgateway #required ingress_name: INGRESS_NAME org: ORG_NAME type: LoadBalancer loadBalancerIP: LOAD_BALANCER_IP- SERVICE_NAME is a name used to identify this service. For example,
apigee-prod-1. - INGRESS_NAME is the name of this Apigee ingress gateway gateway. It must match the name
you provided for
ingressGateways.namein youroverrides.yamlfile. for more information seeingressGatewaysin the Configuration properties reference. - ORG_NAME is the name of the Apigee organization. It must match the name
you provided for
orgin youroverrides.yamlfile. for more information seeorgin the Configuration properties reference. - LOAD_BALANCER_IP is the IP adddress for the load balancer.
Apigee ingress gateway exposes the following ports:
Port Description 443 Runtime traffic. 15021 Health check. status-portexposes a/healthz/readyendpoint that can be used with GKE Ingress health checks. - SERVICE_NAME is a name used to identify this service. For example,
- Create the service by applying the
SERVICE_FILENAME.yaml:kubectl apply -f SERVICE_FILENAME.yaml
- Find the external IP of Apigee ingress gateway with the following command:
kubectl get svc -n apigee SERVICE_NAME
Your output should look something like:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE apigee-ingressgateway-prod-hybrid-37a39bd LoadBalancer 192.0.2.123 233.252.0.123 15021:32049/TCP,80:31624/TCP,443:30723/TCP 16h
-
Disable the loadbalancer for the default Apigee ingress gateway service:
- Update the
ingressGateways[].svcTypeproperty toClusterIPin your overrides file:ingressGateways: svcType: ClusterIP
-
Apply the changes with
apigeectl apply --org.${APIGEECTL_HOME}/apigeectl apply -f ${HYBRID_FILES}/overrides/overrides.yaml
See Disable the loadbalancer for the default Apigee ingress gateway service for more information.
- Update the
Test the ingress gateway by making a healthcheck call.
curl -H 'User-Agent: GoogleHC/' https://DOMAIN/healthz/ingress -k \ --resolve "DOMAIN:443:INGRESS_IP_ADDRESS"
Where
- DOMAIN is the domain you provided as the hostname for the environment group you created in Project and org setup - Step 3: Create an environment group.
- INGRESS_IP_ADDRESS is the ingress IP address, for example
233.252.0.123.
On success the command returns:
Apigee Ingress is healthy
- Use this IP address to update your DNS record (usually an
AorCNAMErecord) at your registrar or DNS provider.
Use the default Kubernetes service
For non-production environments or to test initial traffic through the Apigee ingress gateway, Apigee hybrid provides default Kubernetes service for each ingress deployment.
You can make limited configuration changes to the default service in your overrides.yaml
file. For the available configuration options, see Managing
Apigee ingress gateway. For example, you can add annotations.
For production environments, it is recommended you provide a Kubernetes service for ingress. Follow the steps in Create your own Kubernetes service.
- Find the external IP of the default Apigee ingress service with the following command:
kubectl get svc -n apigee -l app=apigee-ingressgateway
Your output should look something like:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE apigee-ingressgateway-prod-hybrid-37a39bd LoadBalancer 192.0.2.123 233.252.0.123 15021:32049/TCP,80:31624/TCP,443:30723/TCP 16h
Test the ingress gateway by making a healthcheck call.
curl -H 'User-Agent: GoogleHC/' https://DOMAIN/healthz/ingress -k \ --resolve "DOMAIN:443:INGRESS_IP_ADDRESS"
Where
- DOMAIN is the domain you provided as the hostname for the environment group you created in Project and org setup - Step 3: Create an environment group.
- INGRESS_IP_ADDRESS is the ingress IP address, for example
233.252.0.123.
On success the command returns:
Apigee Ingress is healthy
- Use this IP address to update your DNS record (usually an
AorCNAMErecord) at your registrar or DNS provider.