This step explains how to create the TLS credentials that are required for Apigee hybrid to operate.
Create TLS certificates
You are required to provide TLS certificates for the runtime ingress gateway in your Apigee hybrid configuration. For the purpose of this quickstart (a non-production trial installation), the runtime gateway can accept self-signed credentials. In the following steps, openssl is used to generate the self-signed credentials.
In this step, you will create the TLS credential files and add them to
In Step 7: Configure the
hybrid runtime, you will add the file paths to the cluster configuration file.
- Be sure that you are in the
base_directory/hybrid-filesdirectory you configured in Set up the project directory structure.
- Make sure to save a domain name to the
DOMAINenvironment variable using the following command:
Execute the following command from inside the
openssl req -nodes -new -x509 -keyout ./certs/keystore.key -out \ ./certs/keystore.pem -subj '/CN='$DOMAIN'' -days 3650
DOMAINis the same one you used for your environment in Part 1, Step 5: Create an environment group.
This command creates a self-signed certificate/key pair that you can use for the quickstart installation.
Check to make sure the files are in the
./certsdirectory using the following command:
ls ./certskeystore.pem keystore.key
keystore.pemis the self-signed TLS certificate file and
keystore.keyis the key file.
You now have the credentials needed to manage Apigee hybrid in your Kubernetes cluster. Next, you will create a file that is used by Kubernetes to deploy the hybrid runtime components to the cluster.