viewing Apigee X documentation.
View Apigee Edge documentation.
What you're doing in this step
In this step, you choose whether to expose your new cluster to external requests or to keep it private (and only allow requests from within the firewall).
The manner in which you access the API proxy depends on whether you decide to allow external requests or restricted requests to internal only:
|Access Type||Description of the configuration and deployment process|
Allow external access to your API proxy using the Apigee provisioning wizard.
The wizard deploys a Hello World proxy to your runtime instance for you. You can then send a request to the API proxy from your administration machine or any network-enabled machine, whether it is within or outside the firewall.
Allow only internal access to your API proxy using the Apigee provisioning wizard.
You download the Hello World proxy from GitHub and then deploy it to your runtime instance. You must then create a new VM inside the network and connect to it. From the new VM, you can send a request to the API proxy.
Each of these approaches is presented on a tab in the instructions below.
Perform the step
This section describes how to configure routing when you're using the Apigee provisioning wizard and you want to allow external access to your API proxy.
To configure routing for external access in the Apigee provisioning wizard:
- Open the Apigee provisioning wizard if it is not currently open. The wizard returns to the most recent incomplete task in the list.
ClickEDIT next to Access routing.
The Configure access view displays:
Select Enable internet access.
The wizard displays additional options for configuring the instance:
The options include the instance name for the VM as well as choosing a certificate.
- (Optional) You can change the virtual machine instance name to something more meaningful. As part of the provisioning process, Apigee creates a managed instance group (MIG) containing multiple VMs to proxy traffic between the load balancer and the Apigee runtime. To change the VM instance name, click EDIT and make your changes.
- Select whether to supply a certificate you manage or use a Google-managed certificate.
- Supply a self-managed certificate:
- Generate a certificate/key pair if you don't already have one. For test environments, this can be a self-signed certificate. For a production system you should use a certificate signed by a Certificate Authority.
- In the respective fields, browse your file system and attach the files containing the certificate and private key. Both should be PEM-formatted.
- Use a Google-managed certificate. To use a Google-managed certificate, do
not enter a signed certificate or RSA private key.
The wizard creates a self-managed certificate, which has a restriction on the encryption algorithm and key size that can be used. For more information, see Private key.
- Supply a self-managed certificate:
- Select a subnetwork name from the dropdown menu.
Click SET ACCESS.
Apigee prepares your cluster for external access. This includes setting up the MIG to proxy traffic, creating firewall rules, uploading certificates, and creating a load balancer.
This process can take several minutes to complete.
When Apigee finishes setting up your runtime's access, you'll notice that there is a blue check mark next to all steps in the wizard:
The wizard displays Recommended next steps:
This section describes how to configure routing when you're using the Apigee provisioning wizard and you do not want to allow external access to your API proxy. Instead, you want to limit access to internal requests only that originate from within the VPC.
To configure routing for internal access in the Apigee provisioning wizard:
Select No internet access. The wizard displays the internal link that you can use to access your new cluster:
- Make a note of the IP address displayed in this view. This IP address is the internal access point for all requests. You will send a request to this IP address from a machine that is also inside the VPC.
- Click CONTINUE to complete this step in the wizard.
When Apigee finishes setting up your routing rules, you'll notice that there is a blue check mark next to all steps in the wizard:
The wizard displays the Recommended next steps view for an internally accessible endpoint set up with the wizard:
If you encounter errors during this part of the process, see Troubleshooting.