Install the Apigee hybrid runtime components
In this step, you will use Helm to install the following Apigee hybrid components:
- Apigee operator
- Apigee datastore
- Apigee telemetry
- Apigee Redis
- Apigee ingress manager
- Apigee organization
- Your Apigee environment(s)
You will install the charts for each environment one at a time. The sequence in which you install the components matters.
Pre-installation Notes
- If you have not already installed Helm v3.14.2+, follow the instructions in Installing Helm.
-
Apigee hybrid uses Helm guardrails to verify the configuration before installing or upgrading a chart. You may see guardrail-specific information in the output of each of the commands in this section, for example:
# Source: apigee-operator/templates/apigee-operators-guardrails.yaml apiVersion: v1 kind: Pod metadata: name: apigee-hybrid-helm-guardrail-operator namespace:
APIGEE_NAMESPACE annotations: helm.sh/hook: pre-install,pre-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app: apigee-hybrid-helm-guardrailIf any of the
helm upgrade
commands fail, you can use the guardrails output to help diagnose the cause. See Diagnosing issues with guardrails. - Before executing any of the Helm upgrade/install commands,
use the Helm dry-run feature by adding
--dry-run=server
at the end of the command. Seehelm install --h
to list supported commands, options, and usage.
Installation steps
- If you have not, navigate into your
APIGEE_HELM_CHARTS_HOME
directory. Run the following commands from that directory. - Install Apigee Operator/Controller:
Dry run:
helm upgrade operator apigee-operator/ \ --install \ --namespace
APIGEE_NAMESPACE \ --atomic \ -foverrides .yaml \ --dry-run=serverInstall the chart:
helm upgrade operator apigee-operator/ \ --install \ --namespace
APIGEE_NAMESPACE \ --atomic \ -foverrides .yamlVerify Apigee Operator installation:
helm ls -n
APIGEE_NAMESPACE NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION operator apigee 3 2023-06-26 00:42:44.492009 -0800 PST deployed apigee-operator-1.14.0 1.14.0
Verify it is up and running by checking its availability:
kubectl -n
APIGEE_NAMESPACE get deploy apigee-controller-managerNAME READY UP-TO-DATE AVAILABLE AGE
apigee-controller-manager 1/1 1 1 7d20h -
Install Apigee datastore:
Dry run:
helm upgrade datastore apigee-datastore/ \ --install \ --namespace
APIGEE_NAMESPACE \ --atomic \ -foverrides .yaml \ --dry-run=serverInstall the chart:
helm upgrade datastore apigee-datastore/ \ --install \ --namespace
APIGEE_NAMESPACE \ --atomic \ -foverrides .yamlVerify
apigeedatastore
is up and running by checking its state before proceeding to the next step:kubectl -n
APIGEE_NAMESPACE get apigeedatastore defaultNAME STATE AGE
default running 2d -
Install Apigee telemetry:
Dry run:
helm upgrade telemetry apigee-telemetry/ \ --install \ --namespace
APIGEE_NAMESPACE \ --atomic \ -foverrides .yaml \ --dry-run=serverInstall the chart:
helm upgrade telemetry apigee-telemetry/ \ --install \ --namespace
APIGEE_NAMESPACE \ --atomic \ -foverrides .yamlVerify it is up and running by checking its state:
kubectl -n
APIGEE_NAMESPACE get apigeetelemetry apigee-telemetryNAME STATE AGE
apigee-telemetry running 2d -
Install Apigee Redis:
Dry run:
helm upgrade redis apigee-redis/ \ --install \ --namespace
APIGEE_NAMESPACE \ --atomic \ -foverrides .yaml \ --dry-run=serverInstall the chart:
helm upgrade redis apigee-redis/ \ --install \ --namespace
APIGEE_NAMESPACE \ --atomic \ -foverrides .yamlVerify it is up and running by checking its state:
kubectl -n
APIGEE_NAMESPACE get apigeeredis defaultNAME STATE AGE
default running 2d -
Install Apigee ingress manager:
Dry run:
helm upgrade ingress-manager apigee-ingress-manager/ \ --install \ --namespace
APIGEE_NAMESPACE \ --atomic \ -foverrides .yaml \ --dry-run=serverInstall the chart:
helm upgrade ingress-manager apigee-ingress-manager/ \ --install \ --namespace
APIGEE_NAMESPACE \ --atomic \ -foverrides .yamlVerify it is up and running by checking its availability:
kubectl -n
APIGEE_NAMESPACE get deployment apigee-ingressgateway-managerNAME READY UP-TO-DATE AVAILABLE AGE
apigee-ingressgateway-manager 2/2 2 2 2d -
Install Apigee organization. If you have set the $ORG_NAME environment variable in your shell, you can use that in the following commands:
Dry run:
helm upgrade
$ORG_NAME apigee-org/ \ --install \ --namespaceAPIGEE_NAMESPACE \ --atomic \ -foverrides .yaml \ --dry-run=serverInstall the chart:
helm upgrade
$ORG_NAME apigee-org/ \ --install \ --namespaceAPIGEE_NAMESPACE \ --atomic \ -foverrides .yamlVerify it is up and running by checking the state of the respective org:
kubectl -n
APIGEE_NAMESPACE get apigeeorgNAME STATE AGE
apigee-org1-xxxxx running 2d -
Install the environment.
You must install one environment at a time. Specify the environment with
--set env=
ENV_NAME. If you have set the $ENV_NAME environment variable in your shell, you can use that in the following commands:Dry run:
helm upgrade
ENV_RELEASE_NAME apigee-env/ \ --install \ --namespaceAPIGEE_NAMESPACE \ --atomic \ --set env=$ENV_NAME \ -foverrides .yaml \ --dry-run=serverENV_RELEASE_NAME is a name used to keep track of installation and upgrades of the
apigee-env
chart. This name must be unique from the other Helm release names in your installation. Usually this is the same asENV_NAME
. However, if your environment has the same name as your environment group, you must use different release names for the environment and environment group, for exampledev-env-release
anddev-envgroup-release
. For more information on releases in Helm, see Three big concepts class="external" in the Helm documentation.Install the chart:
helm upgrade
ENV_RELEASE_NAME apigee-env/ \ --install \ --namespaceAPIGEE_NAMESPACE \ --atomic \ --set env=$ENV_NAME \ -foverrides .yamlVerify it is up and running by checking the state of the respective env:
kubectl -n
APIGEE_NAMESPACE get apigeeenvNAME STATE AGE GATEWAYTYPE
apigee-org1-dev-xxx running 2d -
Install the environment groups (
virtualhosts
).- You must install one environment group (virtualhost) at a time. Specify the environment
group with
--set envgroup=
ENV_GROUP. If you have set the $ENV_GROUP environment variable in your shell, you can use that in the following commands. Repeat the following commands for each env group mentioned in youroverrides.yaml
file:Dry run:
helm upgrade
ENV_GROUP_RELEASE_NAME apigee-virtualhost/ \ --install \ --namespaceAPIGEE_NAMESPACE \ --atomic \ --set envgroup=$ENV_GROUP \ -foverrides .yaml \ --dry-run=serverENV_GROUP_RELEASE_NAME is a name used to keep track of installation and upgrades of the
apigee-virtualhosts
chart. This name must be unique from the other Helm release names in your installation. Usually this is the same asENV_GROUP
. However, if your environment group has the same name as an environment in your installation, you must use different release names for the environment group and environment, for exampledev-envgroup-release
anddev-env-release
. For more information on releases in Helm, see Three big concepts in the Helm documentation.Install the chart:
helm upgrade
$ENV_GROUP_RELEASE_NAME apigee-virtualhost/ \ --install \ --namespaceAPIGEE_NAMESPACE \ --atomic \ --set envgroup=$ENV_GROUP \ -foverrides .yaml - Check the state of the ApigeeRoute (AR).
Installing the
virtualhosts
creates ApigeeRouteConfig (ARC) which internally creates ApigeeRoute (AR) once the Apigee watcher pulls env group related details from the control plane. Therefore, check that the corresponding AR's state is running:kubectl -n
APIGEE_NAMESPACE get arcNAME STATE AGE
apigee-org1-dev-egroup 2dkubectl -n
APIGEE_NAMESPACE get arNAME STATE AGE
apigee-org1-dev-egroup-xxxxxx running 2d
- You must install one environment group (virtualhost) at a time. Specify the environment
group with
Next step
Installations using Workload Identity
If you are installing Apigee hybrid on GKE and you are configuring Workload Identity to authenticate service accounts, in the next step, you will configure the associations between the Kubernetes service accounts and the Google service accounts for your cluster.
1 2 3 4 5 6 7 8 9 10 (NEXT) Step 11: Set up Workload IdentityAll other installations
In the next step, you will configure the Apigee ingress gateway and deploy a proxy to test your installation.
(NEXT) Step 1: Expose Apigee ingress 2