About environments

An environment provides an isolated context or "sandbox" for running API proxies. In a single organization, you can create multiple environments.

The following code shows an example override configuration where multiple environments are defined.

namespace: my-namespace
org: my-organization
...
envs:
  - name: test
    serviceAccountPaths:
      synchronizer: "your_keypath/synchronizer-manager-service-account.json
      udca: "your_keypath/analytic-agent-service-account.json

  - name: prod
    serviceAccountPaths:
      synchronizer: "your_keypath/synchronizer-manager-service-account.json
      udca: "your_keypath/analytic-agent-service-account.json
...

Suppose a proxy with the base path /foo1 is deployed to environment test. You could call the proxy like this:

curl -k https://api.example.com/foo1

When this call hits the ingress, the ingress knows to send it to the message processor associated with the test environment, which handles the request.

Similarly, if foo1 is also deployed to the prod environment, you could make a proxy request like this, to the host alias apiprod.mydomain.net:

curl -k https://apiprod.example.com/foo1

And the call is routed by the ingress to the MP associated with that host.

Antipattern: Deploy all of your proxies to one hybrid environment.

Best practice: Create multiple environments and deploy a limited number of proxies to each one.

Limit the number of proxy deployments

For hybrid, the fact that many environments can share the same virtual hosts as defined in environment groups means that you must think carefully about how you manage your proxy deployments to any given environment. In hybrid, the best practice is to create multiple environments and deploy a limited number of proxies to each one.

How many proxies should you deploy to an environment? There is not a set answer to this question; however, the following table provides general guidance on why it's a good idea to limit the number of proxies deployed to each environment and what you need to think about when managing proxy deployments:

Issue to consider Description
Message processor boot-up time There is a direct correlation between the amount of time a message processor (MP) takes to boot up and the number of proxies deployed to that MP. In an auto-scaling Kubernetes environment, an increase in boot time might be a problem. The more proxies that are deployed to the MP, the longer it will take for that MP to come up if it needs to be scaled or recreated.
Scaling performance If you have several proxies deployed to an environment, and one of the proxies gets a lot of traffic so that it frequently auto-scales, all of the proxies in that environment will scale with it. The performance effect of scaling multiple proxies with a single high-traffic proxy might be a problem.
Noisy neighbor If you have several proxies deployed to the same environment, and one proxy crashes, then all of the proxies in the environment will be taken down while the MPs restart. By limiting the number of proxies deployed to an environment, you minimize the impact of a single proxy crashing.

Environment groups and virtualhosts

Environment groups allow you to group environments together. Environments within each group share the same hostnames. You can group environments by function, by hostname address, by region if you are implementing a multi-region hybrid installation, or by any other metric you choose.

Because routing is managed by the combination of environment group hostnames, API proxy base paths, and environments, each virtual host only needs to list the name of the environment group and any appropriate certs.

The following code shows an example override configuration where multiple virtualhosts are defined. Note that name of the virtualhosts must be the names of the environment groups.

gcp:
  region: us-central1
  projectID: hybrid-example

k8sCluster:
  name: apigee-hybrid
  region: us-central1

org: hybrid-example

instanceID: "my_hybrid_example"

virtualhosts:
  - name: group-1  # the name of an environment group
    sslCertPath: ./certs/keystore.pem
    sslKeyPath: ./certs/keystore.key

virtualhosts:
  - name: group-2
    sslCertPath: ./certs/keystore.pem
    sslKeyPath: ./certs/keystore.key
...

Additional resources