Step 9: Expose Apigee ingress gateway

This step explains how to set up the Kubernetes service for your Apigee ingress gateway. The Kubernetes services is needed per ingress deployment to obtain an IP address that can be exposed. Client calls to proxies will invoke a hostname that will resolve to this IP address.

Options for Kubernetes services for your Apigee ingress gateway

There are two options for providing a kubernetes service to assign the IP address ...

Create your own Kubernetes service

For production environments, Apigee recommends you create a custom Kubernetes service for each ingress gateway.

  • Apigee deletes default service, but does not delete the custom kubernetes service upon clean up. Hence, the IP address won't be released upon reinstallation of Apigee hybrid.
  • For platforms not on Google Cloud, like EKS, AKS, and OpenShift, you need to customize the Kubernetes service to work with the cloud provider. Therefore it is better to create a custom Kubernetes service than to use the default service, as Apigee does not support all customizations to the default Kubernetes service.

Use the following steps to set up and route traffic to the new ingress gateway.

  1. Create a Kubernetes service with the required pod selector labels, app, ingress_name, and org. These labels are already present in Apigee ingress gateway pods. Create a service file using the following as an example:
    apiVersion: v1
    kind: Service
    metadata:
      name: SERVICE_NAME
      namespace: apigee
    spec:
      ports:
      - name: status-port
        port: 15021
        protocol: TCP
        targetPort: 15021
      - name: https
        port: 443
        protocol: TCP
        targetPort: 8443
      selector:
        app: apigee-ingressgateway #required
        ingress_name: INGRESS_NAME
        org: ORG_NAME
      type: LoadBalancer
      loadBalancerIP: LOAD_BALANCER_IP
    • SERVICE_NAME is a name used to identify this service. For example, apigee-prod-1.
    • INGRESS_NAME is the name of this Apigee ingress gateway gateway. It must match the name you provided for ingressGateways.name in your overrides.yaml file. for more information see ingressGateways in the Configuration properties reference.
    • ORG_NAME is the name of the Apigee organization. It must match the name you provided for org in your overrides.yaml file. for more information see org in the Configuration properties reference.
    • LOAD_BALANCER_IP is the IP adddress for the load balancer.

    Apigee ingress gateway exposes the following ports:

    Port Description
    443 Runtime traffic.
    15021 Health check. status-port exposes a /healthz/ready endpoint that can be used with GKE Ingress health checks.
  2. Create the service by applying the SERVICE_FILENAME.yaml:
    kubectl apply -f SERVICE_FILENAME.yaml
  3. Find the external IP of Apigee ingress gateway with the following command:
    kubectl get svc -n apigee SERVICE_NAME

    Your output should look something like:

    NAME                                        TYPE           CLUSTER-IP    EXTERNAL-IP     PORT(S)                                      AGE
    apigee-ingressgateway-prod-hybrid-37a39bd   LoadBalancer   192.0.2.123   233.252.0.123   15021:32049/TCP,80:31624/TCP,443:30723/TCP   16h
  4. Disable the loadbalancer for the default Apigee ingress gateway service:
    1. Update the ingressGateways[].svcType property to ClusterIP in your overrides file:
      ingressGateways:
        svcType: ClusterIP
    2. Apply the changes with apigeectl apply --org.
      ${APIGEECTL_HOME}/apigeectl apply -f ${HYBRID_FILES}/overrides/overrides.yaml

    See Disable the loadbalancer for the default Apigee ingress gateway service for more information.

  5. Test the ingress gateway by making a healthcheck call.

    curl -H 'User-Agent: GoogleHC/' https://DOMAIN/healthz/ingress -k \
      --resolve "DOMAIN:443:INGRESS_IP_ADDRESS"

    Where

    On success the command returns:

    Apigee Ingress is healthy
  6. Use this IP address to update your DNS record (usually an A or CNAME record) at your registrar or DNS provider.

Use the default Kubernetes service

For non-production environments or to test initial traffic through the Apigee ingress gateway, Apigee hybrid provides default Kubernetes service for each ingress deployment.

You can make limited configuration changes to the default service in your overrides.yaml file. For the available configuration options, see Managing Apigee ingress gateway. For example, you can add annotations.

For production environments, it is recommended you provide a Kubernetes service for ingress. Follow the steps in Create your own Kubernetes service.

  1. Find the external IP of the default Apigee ingress service with the following command:
    kubectl get svc -n apigee -l app=apigee-ingressgateway

    Your output should look something like:

    NAME                                        TYPE           CLUSTER-IP    EXTERNAL-IP     PORT(S)                                      AGE
    apigee-ingressgateway-prod-hybrid-37a39bd   LoadBalancer   192.0.2.123   233.252.0.123   15021:32049/TCP,80:31624/TCP,443:30723/TCP   16h
  2. Test the ingress gateway by making a healthcheck call.

    curl -H 'User-Agent: GoogleHC/' https://DOMAIN/healthz/ingress -k \
      --resolve "DOMAIN:443:INGRESS_IP_ADDRESS"

    Where

    On success the command returns:

    Apigee Ingress is healthy
  3. Use this IP address to update your DNS record (usually an A or CNAME record) at your registrar or DNS provider.

Next step

1 2 3 4 5 6 7 8 9 (NEXT) Step 10: Deploy a proxy