Customize an Apigee Developer Portal Kickstart in Cloud Marketplace

This page applies to Apigee and Apigee hybrid.

View Apigee Edge documentation.

This page describes options for customizing, maintaining, and securing your Apigee Developer Portal Kickstart solution. Once deployed, all Cloud services components utilized by the portal can generally be customized following standard Google Cloud documentation. The sections below provide configuration options and production guidelines specific to the portal solution.

Connect to Apigee or Apigee hybrid

To use the Apigee Developer Portal Kickstart solution with an Apigee or Apigee hybrid organization, the portal must be deployed to the Google Cloud project used during Apigee provisioning. During deployment, service account is created with the Apigee Developer Admin role. This role is required for service account callers to Apigee APIs.

Configure HTTPS for the portal

In the portal deployment launch configuration, you can opt to configure HTTPS for your portal. Checkbox configuration options include:

Unchecked	The deployment script will not automatically enable TLS. TLS can be configured manually after deployment using Cloud Load Balancing. This is the default option.
Checked	The deployment package will enable TLS, provision an IP address, configure a domain name, and request an SSL certificate using nip.io. Use of nip.io is not endorsed by Google, but is offered as a convenience option for testing deployments. Selecting this option indicates acceptance of the terms and conditions for nip.io.

Use Cloud SQL with CMEK

The Cloud SQL instance for the portal is created in the region you choose during launch configuration. By default, Google encrypts data at rest using Google managed encryption keys. To use a customer-managed encryption key (CMEK) to encrypt the data stored in the CloudSQL instance, follow the steps outlined in Using customer-managed encryption keys configure a key.

Manage Cloud SQL

To manage the Cloud SQL instance after deployment:

Go to the Cloud SQL instances page.
Select an instance to edit by clicking the instance name.
Click Edit.
See Editing instances for configuration setting details.

Configure and update managed instance groups

A managed instance group (MIG) is a collection of virtual machine (VM) instances that you can manage as a single entity. You can make your workloads scalable and highly available by taking advantage of automated MIG services including: autoscaling, autohealing, regional (multiple zone) deployment, and automatic updating.

To configure your MIGs after deployment:

Go to the VM instances page.
Select an instance to edit by clicking the instance name.
Click Edit.
See Creating and managing regional MIGs for configuration setting details.

New VM images for the Apigee Developer Portal Kickstart solutions will be released regularly. Customers can use the steps detailed in Updating instances in a MIG to replace or restart instances in a MIG to use the latest image.

Enable private IP with VPC Service Controls

To enable a private IP address for your Cloud SQL instance:

Confirm that private services access is available on your VPC network. See Configuring private services access for a detailed list of required steps.
Cloud Deployment Manager is not supported by VPC Service Controls. To enable Deployment Manager for your portal deployments within VPC Service Controls, add the Cloud Deployment Manager service account to allow calls to APIs protected by VPC Service Controls.

Customize the portal code

If customizations are made to the portal code or startup scripts after deployment, those changes must be exported and backed up in Filestore to prevent their loss during any updates to the Apigee Developer Portal Kickstart base image.

For example, if new Drupal modules are installed on a Compute Engine instance, create a backup using the following steps:

Run the /opt/apigee/scripts/export-code.shto export the changes.
The script copies the exported files to the Filestore instance mounted at /mnt/fileshare/portalname/.
Restart the instances in the managed instance group to trigger pick up of the changes across the group. The startup script automatically detects if a code backup exists, loads the changes, fixes file permissions, and applies the settings.php file.
Update Drupal core and modules using composer update. Apigee updates to the base image only provide OS updates, PHP patches, and NGINX updates. All Drupal core and module updates are managed by the customer and must be applied manually.

To add any customizations to the startup script, create a script at /mnt/fileshare/$PORTAL_NAME/custom-startup-script.sh.

If installing any PHP packages, run the service supervisor restart command to apply the changes.

Create backups

The creation of regular backups is recommended as a best practice for your Apigee Developer Portal Kickstart solution. For detailed steps, see:

Configure a portal for production usage

To configure your portal for production usage, the following steps are recommended:

Cloud SQL Database	Verify or change the machine type of the database Disable the public IP of the database and configure Private IP Enable automated backups of the database Enable high availability for the database
Filestore	Enable backups for Filestore
Cloud Load Balancing	Enable Cloud CDN to cache static content Add a custom SSL certificate if preferred
Managed Instance Groups	Adjust the minimum and maximum number of instances required for production traffic NOTE: Machine types cannot be changed after the initial portal deployment.
Authentication	Remove HTTP Basic Auth access restriction on your site. Run the following commands to make your portal site publicly accessible: gcloud beta runtime-config configs variables set site_basic_auth/enabled 0 \ --is-text --config-name=`PORTAL_NAME` --project=`GCP_PROJECT_NAME` gcloud beta compute instance-groups managed rolling-action \ replace `INSTANCE_GROUP_ID` --region=`GCP_REGION` \ --replacement-method=substitute --project=`GCP_PROJECT_NAME`

What's next

Learn more about Support resources for the Apigee Developer Portal Kickstart solution.