Configure an environment

In this step you will configure an environment. An environment provides an isolated context or "sandbox" for running API proxies. In a single organization, you can have multiple environments; however, for this introductory tutorial, you only need to create one.

To read more, see Configure environments.

  1. If you haven't done so already, add an environment in the Hybrid UI as explained in Step 8: Add a new environment in the Hybrid UI of Configure GCP.

    To obtain instructions and access to the UI, you must be a registered Apigee Hybrid Alpha customer. Contact your Apigee Sales representative for more information.

  2. Open the overrides.yaml file for edit if it is not already open.
  3. Add an environment name under the envs property:

    For example:

    namespace: my-namespace
    org: my-organization
    ...
    envs:
      - name: my-environment
        sslCertPath: "path to a file"
        sslKeyPath: "path to a file"
        hostAlias: "domain name"
    ...
  4. Next, add values for the sslCertPath, sslKeyPath, and hostAlias properties. The following table describes these properties:
    Property Value
    envs.sslCertPath (Required)

    The path on your system to a TLS certificate file.

    For testing purposes only, you can use a self-signed certificate, as described in Create a self-signed certificate/key pair later in this section.

    envs.sslKeyPath (Required)

    The path on your system to a TLS key file.

    For testing purposes only, you can use a self-signed certificate, as described in Create a self-signed certificate/key pair later in this section.

    envs.hostAlias.

    (Required) A DNS name. Similar to a virtual host in Apigee Edge, clients will use the host alias to call API proxies deployed to this environment. For example, foo-test.mydomain.com/hello, where foo-test.mydomain.com is the host alias. If you don't have a DNS name, you can use a wildcard ('*') instead. If you use a wildcard, then you'll need to use the external IP of the ingress gateway service when calling API proxies. Calling API proxies is covered later in the installation steps.

    If you have multiple environments, you must use a unique host alias name for each one. For example, foo-test.mydomain.com and foo-prod.mydomain.com.

    For example, where the host alias is a qualified domain name:

    namespace: my-namespace
    org: my-organization
    ...
    envs:
      - name: my-environment
        sslCertPath: "path-to-file/ingress-cert.crt"
        sslKeyPath: "path-to-file/ingress-key.key"
        hostAlias: "foo-test.mydomain.com"
    ...

    For example, where the host alias is the wildcard:

    namespace: my-namespace
    org: my-organization
    ...
    envs:
      - name: my-environment
        sslCertPath: "path-to-file/ingress-cert.crt"
        sslKeyPath: "path-to-file/ingress-key.key"
        hostAlias: "*"
    ...
  5. (Optional) Enable key encryption of Cache, KVM, and KMS data stored in the runtime database. This step is optional, but strongly recommended for a production environment. Cache, KVM, and KMS data are not encrypted by default. You can enable encryption at any time; however, only new entities added after enablement will be encrypted. For details on configuring key encryption, see Key encryption.
  6. Save your changes.
  7. Go to the next step, Configure Cassandra.

Create a self-signed certificate/key pair

For testing purposes, you can use a self-signed certificate/key pair(s).

To generate a self-signed pair:

  1. Create a directory to contain the key and certificate for the environment's ingress gateway service.
  2. Generate the key and certificate by executing the following commands:
    openssl genrsa -des3 -out path-to-file/server.pass.key 2048
    openssl rsa -in path-to-file/server.pass.key -out path-to-file/ingress-server.key
    openssl req -nodes -new -key path-to-file/ingress-server.key -out path-to-file/ingress-server.csr
    openssl x509 -req -sha256 -days 365 -in path-to-file/ingress-server.csr -signkey path-to-file/ingress-server.key -out path-to-file/ingress-server.crt

Next Step

1 2 NEXT: 3: CASSANDRA 4 5 6 7 8 9 10 11