26dbaa2d6e
* Draft terraform_naming_convention * Two fast/stages fixes for terraform_naming_convention * Disable terraform_naming_convention for resources for now * module fixes for terraform_naming_convention * tfdoc * Remove "moved" from recipe and needs-fixing * Fix moved for spoke_ra * fix tests * Use default (snake_case) for resources * factory.terraform_data.project-preconditions * First-pass migration of resources + tests * Fix tests/modules/organization * Require snake_case for variables; Add annotations for _testing * permit _fast_debug variable * Fix net_vpc_factory and net_vpc_firewall tests * tfdoc addons and recipe * Fix more tests * Fix some net-global -> net_global tests --------- Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
58 lines
2.5 KiB
Markdown
58 lines
2.5 KiB
Markdown
# Apigee X with Secure Web Proxy
|
|
|
|
This recipe demonstrates how to configure Apigee X with Secure Web Proxy (SWP). This is a common solution when you need your Apigee X runtime to connect to numerous on-premises backends, but prefer to avoid establishing VPC peering between the Apigee X Google-managed VPC and the VPC where hybrid connectivity and advertising Apigee X runtime IP ranges to the on-premises network.
|
|
|
|
The diagram below depicts the architecture deployed:
|
|
|
|
|
|
|
|
In this recipe the SWP gateway has been co-located with Apigee X in the same project for ease of deployment. It's important to note that the SWP gateway's deployment is flexible and can be independently placed in a different project. Our current setup uses a privately accessible VM as the backend target for SWP. In a real-world scenario, with hybrid connectivity configured in the SWP gateway's VPC, the backend could alternatively be an on-premises host.
|
|
|
|
Once the terraform configuration is applied you can verify that all is working by running the following:
|
|
|
|
* Deploy a sample proxy to Apigee X
|
|
|
|
./deploy-apiproxy.sh
|
|
|
|
* Make a request to the proxy
|
|
|
|
curl -v <API_URL>/test
|
|
|
|
Note: The API_URL is returned as a terraform output
|
|
<!-- BEGIN TFDOC -->
|
|
## Variables
|
|
|
|
| name | description | type | required | default |
|
|
|---|---|:---:|:---:|:---:|
|
|
| [analytics_region](variables.tf#L28) | Region. | <code>string</code> | ✓ | |
|
|
| [instance_region](variables.tf#L33) | Region. | <code>string</code> | ✓ | |
|
|
| [network_config](variables.tf#L38) | Network configuration. | <code>object({…})</code> | ✓ | |
|
|
| [project_id](variables.tf#L47) | Project ID. | <code>string</code> | ✓ | |
|
|
| [_testing](variables.tf#L18) | Populate this variable to avoid triggering the data source. | <code>object({…})</code> | | <code>null</code> |
|
|
|
|
## Outputs
|
|
|
|
| name | description | sensitive |
|
|
|---|---|:---:|
|
|
| [api_url](outputs.tf#L17) | API url. | |
|
|
<!-- END TFDOC -->
|
|
## Test
|
|
|
|
```hcl
|
|
module "recipe_apigee_swp" {
|
|
source = "./fabric/modules/apigee/recipe-apigee-swp"
|
|
project_id = "project-1"
|
|
_testing = {
|
|
name = "project-1"
|
|
number = 1234567890
|
|
}
|
|
instance_region = "europe-west1"
|
|
analytics_region = "europe-west1"
|
|
network_config = {
|
|
subnet_ip_cidr_range = "10.16.0.0/24"
|
|
subnet_psc_ip_cidr_range = "10.16.1.0/24"
|
|
subnet_proxy_only_ip_cidr_range = "10.16.2.0/24"
|
|
}
|
|
}
|
|
# tftest modules=10 resources=43
|