This step explains how to create the TLS credentials
that are required for Apigee hybrid to operate.
Create TLS certificates
You are required to provide TLS certificates for the runtime ingress gateway in your
Apigee hybrid configuration. For the purpose of this quickstart (a non-production trial installation),
the runtime gateway can accept self-signed credentials. In the following steps,
openssl is used to generate the self-signed credentials.
In this step, you will create the TLS credential files and add them to
the $HYBRID_FILES/certs directory.
In
Step 6: Configure the cluster, you will add the file paths to the cluster
configuration file.
Execute the following command to create the credential files and store them in your
$HYBRID_FILES/certs directory:
DOMAIN is the domain you provided as the hostname for the environment
group you created in Create an environment group.
ENV_GROUP is the name of the environment group where the domain is specified
as a hostname. It's a good practice to include the environment group name in the key and keystore
name to avoid accidentally reusing the same domain value if you create keys for multiple environment groups.
This command creates a self-signed certificate/key pair that you can use for the quickstart
installation.
If you have additional environment groups with unique domain names, repeat this step
for each environment group. You will reference these groups and certificates in the cluster
configuration step.
Check to make sure the files are in the $HYBRID_FILES/certs directory using the following command:
ls $HYBRID_FILES/certs
keystore_ENV_GROUP.key
keystore_ENV_GROUP.pem
Where keystore_ENV_GROUP.pem is the self-signed TLS certificate file and keystore_ENV_GROUP.key
is the key file.
You now have the credentials needed to manage Apigee hybrid
in your Kubernetes cluster. Next, you will create a file that is used by Kubernetes
to deploy the hybrid runtime components to the cluster.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-10 UTC."],[[["This documentation outlines the process of creating TLS credentials necessary for the Apigee hybrid runtime ingress gateway, emphasizing that self-signed credentials are sufficient for non-production trial installations."],["The `openssl` tool is used to generate the self-signed TLS certificate and key pair, which are stored in the `$HYBRID_FILES/certs` directory."],["The created TLS certificate files are named `keystore_ENV_GROUP.pem` and `keystore_ENV_GROUP.key`, where `ENV_GROUP` represents the environment group, and the `DOMAIN` parameter is the hostname for the environment group."],["For production environments, signed certificates are required, and the documentation references an example using the Lets Encrypt certificate authority."],["If there are multiple environments with different domains, this process needs to be repeated for each environment group."]]],[]]
