feature: add new sample for running APIGee on ABM (#419)

* feature: add apigee installation * feature: update the abm on gce script * cleanup: fix tfvars error * cleanup: fix output vats * cleanup: fix shellcheck * cleanup: addlicense and fix gitignore * fix: terraform format * chore: fix the script after testing * chore: update README and validate apigee sample (#438) * Apigee Hybrid Changes * Readme * Update README.md * doc changes * Update README.md * Update README.md * quickstart * Update README.md * Update README.md * Add files via upload * Update README.md * Update quickstart.md * Add files via upload * Update README.md * Update quickstart.md * pre requisite * quickstart * pre requisite quickstart * Apigee Hybrid Changes Readme Update README.md doc changes Update README.md Update README.md quickstart Update README.md Update README.md Add files via upload Update README.md Update quickstart.md Add files via upload Update README.md Update quickstart.md pre requisite quickstart pre requisite quickstart * Fixing pull request feedback * Pull Request Feedback * Pull Request Feedback * Update README.md * Update README.md Fixes as per the PR Comments * Update README.md Whitespaces. * Update quickstart.md Changes related to PR comments * Pull Request Comments * Update README.md PR 438 Changes. * Update quickstart.md Fixes to PR 438 Comments * Update README.md Fixes in PR Request * Add files via upload Changed the diagram to show apigee piece * Delete abm_gcp_infra.svg * Add files via upload Apigee Infra * Delete abm_gcp_apigee_infra.png Duplicates. Removing it * Update quickstart.md Made some changes to quickstart with Apigee References * Update quickstart.md Whitespaces. * fix: readme and quickstart * fix: table in readme * fix: readme * fix: readme * fix: the pre-req script * fix: tfvars file * fix: output.tf and readme * lint: fix quoting error * docs: add link to image * codeowner: add new team ownership for sample * fix: lint errors * doc: add note on errors printed * doc: remove incorrect output * doc: update external ip info * doc: add image for apigee * doc: update image border Co-authored-by: Rajesh Mishra <[email protected]>
GoogleCloudPlatform · Oct 14, 2022 · a658745 · a658745
1 parent 6b34fbb
commit a658745
Show file tree

Hide file tree

Showing 18 changed files with 1,202 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -44,6 +44,11 @@ admin-openrc.sh
 __pycache__
 *.data
 
+# APIGee samples specific ignores
+new_policy.yaml
+
+# Service Account Key files
+anthos-bm-owner.json
 abm-sa-temp.json
 bm-gcr.json
 ssh-metadata
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -11,3 +11,4 @@
 /attached-logging-monitoring/     @GoogleCloudPlatform/onyx-gke-observability
 /anthos-multi-cloud/		  @GoogleCloudPlatform/anthos-multicloud
 /anthos-bm-utils/		  @GoogleCloudPlatform/anthos-baremetal-eng
+/anthos-bm-apigee/		  @GoogleCloudPlatform/app-mod-customer-engineers
diff --git a/anthos-bm-apigee/README.md b/anthos-bm-apigee/README.md
@@ -0,0 +1,86 @@
+
+## Apigee Hybrid on Anthos Baremetal on Google Compute Engine VMs with Terraform
+
+This is a sample Apigee Hybrid installation on Anthos Cluster on bare metal
+running on GCE Virtual Machines.
+[Apigee hybrid](https://cloud.google.com/apigee/docs/hybrid/v1.7/what-is-hybrid)
+is a platform for developing and managing API proxies that features a hybrid
+deployment model. The hybrid model includes a management plane hosted by Apigee
+in the Cloud and a runtime plane that you install and manage on one of the
+[supported Kubernetes platforms](https://cloud.google.com/apigee/docs/hybrid/supported-platforms).
+An [Apigee organization](https://cloud.google.com/apigee/docs/api-platform/fundamentals/organization-structure)
+is the top-level container in Apigee. It contains all your API proxies and
+related resources. This installation will create an evaluation Apigee
+Organization with the same name as the ID of the Google Cloud Project you use.
+
+### Pre-requisites
+
+> **NOTE:** We have provided a [utility script](./resources/run_prerequisite.sh)
+  that checks and configures some of the following project/organization level
+  prerequisites. You may use it to validate some of the requirements that follow.
+  Please ensure you have authenticated the `gcloud` CLI to use the GCP project
+  you intend to use before running this script.
+
+- A workstation with access to internet _(i.e. Google Cloud APIs)_ with the following installed
+  - [Git](https://www.atlassian.com/git/tutorials/install-git)
+  - [Google Cloud SDK](https://cloud.google.com/sdk/docs/install)
+  - [Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli) (>= v0.15.5, < v1.2)
+
+- A [Google Cloud Project](https://console.cloud.google.com/cloud-resource-manager?_ga=2.187862184.1029435410.1614837439-1338907320.1614299892)
+  _(in which the resources for the setup will be provisioned)_
+  - **Network:** The project must have a network called `default` with all the
+    default firewall policies configured on it. If, default network creation is
+    enabled for the organization, the project will already have it. In case the
+    *`Skip default network creation`* policy is enforced, you can create a new
+    VPC `network` called default in **auto mode**.
+    _[See image for example.](./docs/images/default_network.png)_
+
+  - **Quota:** The project must have the required quota. his sample requires 4
+    VMs of `n1-standard-8` machine type. Ensure that there is enough quota for
+    CPU, Memory and IP Addresses for the GCP Region you intend to use.
+
+
+- A [Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts)
+  in the project that satisfies **one** of the following requirements and its
+  **[key file downloaded](/anthos-bm-gcp-terraform/docs/create_sa_key.md)** to the workstation:
+    - The Service Account has `Owner` and `Apigee Organization Administrator` permissions
+    - The Service Account has both `Editor`, `Project IAM Admin` and `Apigee Organization Administrator` permissions
+
+- The following list of **Organizational Policy Constraints** enabled on the Google Cloud Organization your GCP Project is in:
+
+    |  Policy Name                                 | Constraint Name                                   | Effective Polciy |
+    |  ------------------------------------------- | ------------------------------------------------- | ---------------- |
+    | Disable service account creation             | constraints/iam.disableServiceAccountCreation	   | Not Enforced     |
+    | Disable service account key creation         | constraints/iam.disableServiceAccountKeyCreation  | Not enforced     |
+    | Restrict VM IP Forwarding                    | constraints/compute.vmCanIpForward.               | Allowed All      |
+    | Define allowed external IPs for VM instances | constraints/compute.vmExternalIpAccess	           | Allowed All      |
+    | Shielded VMs                                 | constraints/compute.requireShieldedVm	           | Not Enforced     |
+    | Require OS Login                             | constraints/compute.requireOsLogin.               | Not Enforced     |
+    | Skip default network creation                | constraints/compute.skipDefaultNetworkCreation	   | Not Enforced     |
+---
+
+### Anthos on bare metal with Apigee on GCE VMs
+
+The infrastructure for the Anthos on bare metal cluster is created using the
+[anthos-bm-gcp-terraform](/anthos-bm-gcp-terraform) sample. The sample here
+refers to the [anthos-bm-gcp-terraform](/anthos-bm-gcp-terraform) script as a
+terraform module and provisions the GCE based infrastructure first. Then, it
+executes additional steps that are specific to the Apigee installtion.
+
+Once you complete this [quickstart guide](docs/quickstart.md) you will have the
+following infrastructure setup in Google Cloud using Compute Engine VMs with
+Anthos on bare metal running and Apigee installed. The diagram assumes that
+none of the default values for the [variables](variables.tf) were changed other
+than the ones mentioned in this guide.
+
+![Bare metal infrastructure on Google Cloud using Compute Engine VMs](docs/images/abm_gcp_infra.png)
+
+---
+## Getting started
+
+- [Terraform Module Information _(includes variables definitions)_](docs/variables.md)
+- [Quickstart guide](docs/quickstart.md):
+  - The terraform script sets up the GCE VM environment. The output of the
+    script prints out the commands to follow to install Anthos on bare metal
+    in the provisioned GCE VM and to **configure Apigee** in the new Anthos on
+    bare metal cluster.
diff --git a/anthos-bm-apigee/docs/images/abm_gcp_infra.png b/anthos-bm-apigee/docs/images/abm_gcp_infra.png
diff --git a/anthos-bm-apigee/docs/images/apigee-ui.png b/anthos-bm-apigee/docs/images/apigee-ui.png
diff --git a/anthos-bm-apigee/docs/images/default_network.png b/anthos-bm-apigee/docs/images/default_network.png