Customize an Apigee Developer Portal Kickstart in Cloud Marketplace

You're viewing Apigee X documentation.
View Apigee Edge documentation.

This page describes options for customizing, maintaining, and securing your Apigee Developer Portal Kickstart solution. Once deployed, all Cloud services components utilized by the portal can generally be customized following standard Google Cloud documentation. The sections below provide configuration options and production guidelines specific to the portal solution.

Connect to Apigee X or Apigee hybrid

To use the Apigee Developer Portal Kickstart solution with an Apigee X or Apigee hybrid organization, the portal must be deployed to the Google Cloud project used during Apigee provisioning. During deployment, service account is created with the Apigee Developer Admin role. This role is required for service account callers to Apigee APIs.

Configure HTTPS for the portal

In the portal deployment launch configuration, you can opt to configure HTTPS for your portal. Checkbox configuration options include:

Unchecked The deployment script will not automatically enable TLS. TLS can be configured manually after deployment using Cloud Load Balancing. This is the default option.
Checked The deployment package will enable TLS, provision an IP address, configure a domain name, and request an SSL certificate using xip.io. Use of xip.io is not endorsed by Google, but is offered as a convenience option for testing deployments. Selecting this option indicates acceptance of the terms and conditions for xip.io.

Use Cloud SQL with CMEK

The Cloud SQL instance for the portal is created in the region you choose during launch configuration. By default, Google encrypts data at rest using Google managed encruption keys. To use a customer-managed encryption key (CMEK) to encrypt the data stored in the CloudSQL instance, follow the steps outlined in Using customer-managed encryption keys configure a key.

Manage Cloud SQL

To manage the Cloud SQL instance after deployment:

Configure and update managed instance groups

A managed instance group (MIG) is a collection of virtual machine (VM) instances that you can manage as a single entity. You can make your workloads scalable and highly available by taking advantage of automated MIG services including: autoscaling, autohealing, regional (multiple zone) deployment, and automatic updating.

To configure your MIGs after deployment:

New VM images for the Apigee Developer Portal Kickstart solutions will be released regularly. Customers can use the steps detailed in Updating instances in a MIG to replace or restart intances in a MIG to use the latest image.

Enable private IP with VPC Service Controls

To enable a private IP address for your Cloud SQL instance:

Customize the portal code

If customizations are made to the portal code or startup scripts after deployment, those changes must be exported and backed up in Filestore to prevent their loss during any updates to the Apigee Developer Portal Kickstart base image.

For example, if new Drupal modules are installed on a Compute Engine instance, create a backup using the following steps:

  1. Run the /opt/apigee/scripts/export-code.shto export the changes.
  2. The script copies the exported files to the Filestore instance mounted at /mnt/fileshare/portalname/.
  3. Restart the instances in the managed instance group to trigger pick up of the changes across the group. The startup script automatically detects if a code backup exists, loads the changes, fixes file permissions, and applies the settings.php file.
  4. Update Drupal core and modules using composer update. Apigee updates to the base image only provide OS updates, PHP patches, and Nginx updates. All Drupal core and module updates are managed by the customer and must be applied manually.

To add any customizations to the startup script, create a script at /mnt/fileshare/$PORTAL_NAME/custom-startup-script.sh.

If installing any PHP packages, run the service supervisor restart command to apply the changes.

Create backups

The creation of regular backups is recommended as a best practice for your Apigee Developer Portal Kickstart solution. For detailed steps, see:

Configure a portal for production usage

To configure your portal for production usage, the following steps are recommended:

Cloud SQL Database
  • Verify or change the machine type of the database
  • Disable the public IP of the database and configure Private IP
  • Enable automated backups of the database
  • Enable high availability for the database
Filestore
  • Enable backups for Filestore
Cloud Load Balancing
  • Enable Cloud CDN to cache static content
  • Add a custom SSL certificate if preferred
Managed Instance Groups
  • Adjust the minimum and maximum number of instances required for production traffic
Authentication
  • Remove HHTP Basic Auth access restriction on your site.

    Run the following commands to make your portal site publicly accessible:

    gcloud beta runtime-config configs variables set site_basic_auth/enabled 0 \
      --is-text --config-name=PORTAL_NAME --project=GCP_PROJECT_NAME
    gcloud beta compute instance-groups managed rolling-action \
      replace INSTANCE_GROUP_ID --region=GCP_REGION \
      --replacement-method=substitute --project=GCP_PROJECT_NAME

What's next

  • Learn more about Support resources for the Apigee Developer Portal Kickstart solution.