注意:此产品的某些方面处于 Beta 版阶段。Hybrid 安装选项是 GA。要加入 Beta 版计划,请与您的 Apigee 代表联系。

Step 5: Create an Apigee runtime instance

You've got your project provisioned, created a new organization, and configured the connection between your network and Google's services. It's time to create a runtime instance.

An instance, or runtime is where your project and related services are stored; it provides the user-facing endpoint for your services. Behind the scenes, one or more instances are grouped into a cluster. Clusters are groupings of containerized components running within a Kubernetes mesh. A cluster is sometimes called the instance group.

What you're doing in this step

In this step, you create a new runtime instance, which will be part of a cluster. At the end of this setup process, you will deploy an API proxy to the new instance and then send an HTTP request to it to verify that it works. In addition, you also create a key for encrypting and decrypting data stored on disk in the instance.

Perform the step

To create a new runtime instance in the Apigee provisioning wizard:

  1. Open the Apigee provisioning wizard if it is not currently open. The wizard returns to the most recent incomplete task in the list.
  2. Click the Edit button next to the Runtime option. The Set up runtime view displays:

    Create runtime screen

  3. From the Runtime hosting region drop-down list, select a physical location in which you want your instance hosted. Select the value of the $LOCATION variable that you set up in Step 1: Define environment variables. Valid values are any location allowed by Compute Engine.
  4. Add the disk encryption key:

    1. Create a new key ring using the gcloud command:
      gcloud kms keyrings create disk-key-ring --location $LOCATION --project $PROJECT_ID

      This creates a new key ring named "disk-key-ring". Note that the key ring's location must be set to the same location as the instance.

    2. Create a disk key using the kms keys create command:
      gcloud kms keys create disk-key --keyring disk-key-ring \
        --location us-west1 --purpose "encryption" --project my-cloud-project

      This command creates a new key named "disk-key" and adds it to the key ring.

      The key can be referenced by its key path, which uses the following syntax:

      projects/my-cloud-project/locations/us-west1/keyRings/disk-key-ring/cryptoKeys/disk-key
    3. Grant access for the Apigee Service Agent to use the new key by executing the following command:
      gcloud kms keys add-iam-policy-binding disk-key \
        --location $LOCATION \
        --keyring disk-key-ring \
        --member serviceAccount:service-$PROJECT_NUMBER@gcp-sa-apigee.iam.gserviceaccount.com \
        --role roles/cloudkms.cryptoKeyEncrypterDecrypter \
        --project $PROJECT_ID

      This command binds the key to the Apigee Service Agent.

    4. In the Disk encryption key ID field, enter the key path for the key that you just created.

    For additional details, see About the Apigee encryption keys.

  5. Return to the Apigee provisioning wizard and enter or paste the disk key path into the Disk encryption key ID field.

    The disk encryption key that you created is per instance, so the location should always be the same as the instance.

    For example:

    projects/apigee-docs-demo/locations/us-west1/keyRings/apigee-saas/cryptoKeys/runtime
  6. Click Create Runtime.

    Apigee begins the process of creating a new cluster for you.

    This request can take up to 20 minutes to complete because Apigee creates and launches a new GKE cluster, installs the Apigee resources on that cluster, and sets up load balancing. During this process, Apigee displays a spinner for this step:

    Create runtime screen with a spinner

    When Apigee is done, the wizard displays a checkmark next to the Runtime option. Below that, Apigee displays the IP address:

    Done creating instance screen

If you encounter errors during this part of the process, see Troubleshooting.


1 2 3 4 5 NEXT: Create an environment 7 8