APIs (Application Programming Interfaces) are the backbone of modern software development, enabling the seamless exchange of data between different applications. Managing APIs effectively is crucial for any organization, and Google Cloud's Apigee is a leading platform for API management. If you're using Apigee Hybrid, you can supercharge your deployment and management with the Apigee Hybrid Accelerator Ansible playbook. In this blog post, we'll explore how to use this playbook to streamline your Apigee Hybrid setup and management.
The Ansible Apigee Hybrid Accelerator is an open-source solution which contains a set of ansible roles and playbooks to simplify and automate the installation and configuration of Apigee Hybrid clusters. Apigee Hybrid combines the benefits of Apigee's cloud-native API management with an on-premises runtime environment, offering flexibility, security, and control over your APIs.
Using the Accelerator, you can quickly set up your Apigee Hybrid instance, saving time and reducing the risk of manual configuration errors. Whether you're new to Apigee or a seasoned user, this playbook can help you get your API management system up and running efficiently.
Ansible is a powerful automation tool that streamlines complex tasks by defining them as code. This allows for consistent, repeatable, and scalable deployments. When it comes to managing an Apigee Hybrid installation, Ansible simplifies the process by automating tasks like:
To use the Apigee Hybrid Accelerator Ansible playbook, follow these steps:
Before you begin, make sure you have the following prerequisites in place:
Based on the prerequisites specified above , you will have a set up similar to this.
You can use the Apigee terraform module to setup the Apigee Hybrid control plane
Sample usage of the terraform module
module "apigee" {
source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/apigee"
project_id = "my-project"
organization = {
display_name = "My Organization"
description = "My Organization"
runtime_type = "HYBRID"
analytics_region = "europe-west1"
}
envgroups = {
test = ["test.example.com"]
prod = ["prod.example.com"]
}
environments = {
apis-test = {
display_name = "APIs test"
description = "APIs Test"
envgroups = ["test"]
}
apis-prod = {
display_name = "APIs prod"
description = "APIs prod"
envgroups = ["prod"]
iam = {
"roles/viewer" = ["group:devops@myorg.com"]
}
}
}
}
Clone the Ansible Apigee Hybrid Accelerator repository to your Ansible control machine. You can do this using the following command:
git clone https://github.com/apigee/ansible-apigee-hybrid-accelerator
cd ansible-apigee-hybrid-accelerator
Edit the vars.yaml file to include your Apigee Hybrid environment details, such as organization name, environment name and apigee hybrid component configuration credentials.
Set cert manager version in vars.yaml using cert_manager_version
refer: https://cloud.google.com/apigee/docs/hybrid/v1.10/install-cert-manager for more details
cert_manager_version: v1.7.2
To configure certificates for Apigee Hybrid use below params in vars.yaml
generate_certificates: false
cert_cn: apigee.com
To configure your own certificates to Apigee Hybrid follow the steps mentioned in link to create secrets and reference them in the overrides.virtualhosts section of vars.yaml
To configure service accounts for Apigee Hybrid use below params in vars.yaml
create_service_account: false
deployment_environment: prod
synchronizer_prod_svc_account: apigee-hybrid-user
To configure your own GCP service accounts to Apigee Hybrid , download the service account key JSON and create a generic secret using the below command .
kubectl create secret generic SECRET_NAME \
--from-file="client_secret.json=CLOUD_IAM_FILE_NAME.json" \
-n apigee
Once the secret is created, reference them in the overrides section of vars.yaml for relevant components.
To configure Helm chart details for Apigee Hybrid use below params in vars.yaml
helm_chart_repo: oci://us-docker.pkg.dev/apigee-release/apigee-hybrid-helm-charts
helm_chart_version: 1.10.3
helm_charts:
- apigee-operator
- apigee-datastore
- apigee-env
- apigee-ingress-manager
- apigee-org
- apigee-redis
- apigee-telemetry
- apigee-virtualhost
You can use your own private helm_chart_repo and reference in the vars.yaml , but this requires you to authenticate the helm cli prior to running the playbook.
To configure Kubernetes kube-config for Apigee Hybrid use below params in vars.yaml
kubeconfigs:
primary: <path to primary kubeconfig>
secondary: <path to secondary kubeconfig>
To configure details for post setup API validation use below params in vars.yaml
internet_access: true
validate_api_redeploy: false
To fill the overrides section refer the Configuration property reference | Apigee | Google Cloud
Refer the example in vars.yaml
The playbook exposes tags to selectively run tasks depending on the need.
Below are the tags that are exposed in the playbook
Ansible Tag |
Functionality |
dc1 |
Deploy Apigee Hybrid on Primary kube-config |
dc2 |
Deploy Apigee Hybrid on Secondary kube-config |
ao |
Deploy apigee-operator Helm Chart |
apigee-virtualhost |
Deploy apigee-virtualhost Helm Chart |
apigeeds |
Deploy apigee-datastore Helm Chart |
apigeeenv |
Deploy apigee-env Helm Chart |
apigeeingress |
Deploy apigee-ingress-manager Helm Chart |
apigeeorg |
Deploy apigee-org Helm Chart |
apigeeorgs |
Deploy apigee-org Helm Chart |
apigeeredis |
Deploy apigee-redis Helm Chart |
apigeetelem |
Deploy apigee-telemetry Helm Chart |
at |
Deploy apigee-telemetry Helm Chart |
bootstrap-apigee-crds |
Deploy Apigee CRDS |
cert-manager |
Deploy Cert Manager |
certs |
Create Certificates for VirtualHost |
ds |
Deploy apigee-datastore Helm Chart |
enable-synchronizer |
Enable Apigee synchronizer |
generate-overrides |
Generate Apigee Overrides |
prepare-helm |
Download Apigee Hybrid Helm charts |
prepare-service-accounts |
Create Service Keys & K8s Secrets |
validate-input |
Validates the inputs given to the playbook |
validate |
Validate Apigee Hybrid By deploying & invoking mock API |
wait_ao |
Wait for apigee-operator to be up |
wait_apigeeenv |
Wait for apigee enviornment custom resource to be running |
wait_apigeeingress |
Wait for apigee ingress to be up |
wait_apigeeorg |
Wait for apigee-org custom resource to be running |
wait_apigeeredis |
Wait for apigee-redis to be up |
wait_at |
Wait for apigee-telemetry to be up |
wait_ds |
Wait for apigee-datastore (cassadra) to be up |
wait_virtualhost |
Wait for apigee-route-config custom resource to be running |
To run the playbook use the ansible-playbook command and specify the playbook.The playbook will execute the necessary tasks to set up and configure your Apigee Hybrid environment based on the parameters you've provided.
Below are some of the usage patterns.
To deploy Apigee Hybrid in 1 Region only run the ansible playbook as shown below
ansible-playbook playbook.yaml -e @vars/vars.yaml --tags "dc1"
To deploy Apigee Hybrid in 2 Regions run the ansible playbook as shown below
ansible-playbook playbook.yaml -e @vars/vars.yaml
To decommission Apigee Hybrid in the first region run the ansible playbook as shown below
ansible-playbook decommission.yaml -e @vars/vars.yaml --tags dc1
To decommission Apigee Hybrid from both Regions run the ansible playbook as shown below
ansible-playbook decommission.yaml -e @vars/vars.yaml
To manage components via playbook you need to run playbook while passing the selective ansible tag.Some scenarios are listed below
To validate the inputs given to ansible
ansible-playbook playbook.yaml -e @vars/vars.yaml --tags "validate-input"
To validate a running setup by executing mock APIs.
ansible-playbook playbook.yaml -e @vars/vars.yaml --tags "validate"
To update the Apigee Virtual Hosts.
ansible-playbook playbook.yaml -e @vars/vars.yaml --tags "validate-input,generte-overrides,apigee-virtualhost,wait_virtualhost,validate"
Here are some tips to make your experience with the Apigee Hybrid Accelerator Ansible playbook more successful:
The Apigee Hybrid Accelerator Ansible playbook is a valuable tool for organizations looking to streamline the setup and management of their Apigee Hybrid API management platform. By automating many of the complex and error-prone tasks, this playbook can help you save time and ensure your API management system is configured correctly and securely.
If you're using Apigee Hybrid, consider giving the Apigee Hybrid Accelerator Ansible playbook a try. It's a step towards achieving a more efficient, consistent, and scalable API management environment.
For more details and updates, visit the GitHub repository and explore the documentation. Happy API management!
In this blog post, we discussed the usage of the Apigee Hybrid Accelerator Ansible playbook to simplify and automate the deployment and management of Apigee Hybrid. Ansible, coupled with the helm, offers a powerful solution for organizations looking to optimize their API management setup.
Wow this is great. Was planning on writing my own ansible playbook for this but will be checking this out. Haven't dug into this yet but could this be used to upgrade from a 1.9.x installation of Hybrid?
@grsiepka : You should be able to do a blue green upgrade from 1.9.x to 1.10.3+
For this you should be have the kubeconfigs variable with below config
kubeconfigs:
primary: /app/old_dc1.config # Set this to kubeconfig of old 1.9 cluster
secondary: /app/new_dc2.config # Set this to kubeconfig of new K8s cluster to deploy 1.10
Ensure the you send the right DC value for cassandra_dc , Below is an example of doing the upgrade.
ansible-playbook playbook.yaml -e @vars/vars.yaml -e "apigee_source_dc=<old_dc_value>" -e "cassandra_dc=<new_dc_value>" --tags "dc2"
Example:
ansible-playbook playbook.yaml -e @vars/vars.yaml -e "apigee_source_dc=dc-1" -e "cassandra_dc=dc-2" --tags "dc2"
NOTE: This has not been tested , please try in your lower environment first.
Awesome, Thank you Ashwin for putting this together, will be trying this out soon