Configure virtual hosts

This topic discusses the virtualhosts configuration property. Virtual hosts allow Apigee hybrid to handle API requests to hostaliases associated with an environment group. For more information, see Routing and base paths in the About environments and environment groups topic.

...
virtualhosts:
  - name: my-env-group
    sslCertPath: ./certs/fullchain.pem
    sslKeyPath: ./certs/privkey.key
...

When an API proxy call comes, it is routed to the host alias(es) of the environment group where the API proxy is deployed.

For instructions on how to apply virtualhosts to the cluster, see Applying virtualhosts changes. For information about configuring TLS, see Configuring TLS and mTLS on the Istio ingress.

Adding multiple virtual hosts

The virtualhosts[] property is an array, and therefore you can create more than one.

...
virtualhosts:
  - name: my-env-group-1
    sslCertPath: ./certs/fullchain1.pem
    sslKeyPath: ./certs/privkey1.key

  - name: my-env-group-2
    sslCertPath: ./certs/fullchain2.pem
    sslKeyPath: ./certs/privkey2.key
...

For information about configuring TLS, see Configuring TLS and mTLS on the Istio ingress.

Applying `virtualhosts` changes

If you only add or change the virtualhosts property, apply the changes with the apigee-virtualhost chart and the name of the environment group to which you are applying the changes:

helm upgrade $ENV_GROUP apigee-virtualhost/ \
  --namespace apigee \
  --atomic \
  --set envgroup=$ENV_GROUP \
  -f OVERRIDES_FILE.yaml

Note: If you see an error saying Error: UPGRADE FAILED: "ENV_GROUP" has no deployed releases, replace upgrade with install and try the command again.

If, for example, you change virtualhosts and env, then you must apply the change with helm upgrade without using the ENV_GROUP apigee-virtualhost/flag to update the cluster. For example:

Run helm upgrade for each environment you want to update.

helm upgrade $ENV_NAME apigee-env/ \
  --namespace apigee \
  --atomic \
  --set env=$ENV_NAME \
  -f OVERRIDES_FILE.yaml

Note: If you see an error saying Error: UPGRADE FAILED: "ENV_NAME" has no deployed releases, replace upgrade with install and try the command again.

TLS keys and certificates

The virtualhost property requires a TLS key and certificate. The key/cert are used to provide secure communication with the ingress gateway and must be compatible with the host aliases used in the specified environment group.

It is up to you how you generate proper TLS certificate/key pairs for your hybrid configuration. The following topics are provided as samples only, intended primarily for trying out or testing a new hybrid installation if it isn't feasible to obtain TLS credentials in another way:

See Obtain TLS credentials for a set of sample steps for creating an authorized TLS certificate/key pair.
You can use a self-signed certificate/key pair(s) for testing purposes only. See Generate self-signed TLS credentials.