Apigee Edge Private Cloud AIO Docker Image

Google Cloud Apigee Knowledge Hub
1

This is no longer Supported.

Refer https://github.com/rajeshm7910/apigee-aio-docker for building your own apigee aio docker container.

Purpose and Intent

Apigee does not officially support running Apigee Edge in docker containers for on-premises customers. However, a self-contained docker image is being provided for evaluation purposes primarily targeted to prospective customers who intend to use the software on-premises

Quick Start

This docker image contains latest Apigee Edge all-in-one. The components - API Services (runtime) & Analytics, developer portal and operation monitoring dashboard are all on the same image.

Pre-requisites

  • Docker : Download & install the Docker from here: https://docs.docker.com/engine/installation/
  • License Key : The docker image does not contain a license key. Contact your Apigee account representative for a license key. If you don’t know who your sales representative is, please send an email to edgesalesteam@google.com
  • Docker Settings : Ensure your docker preferences have at least CPUs: 2 and Memory: 6 GB

Running Docker Container

Step 0: Login to docker registery

Login with software.apigee.com (NOT docker!) credentials.

docker login docker.apigee.net

Step 1: Pull the image. Specify version if you want to pull a specific version.

docker pull docker.apigee.net/apigee-edge-aio
docker pull docker.apigee.net/apigee-edge-aio:4.19.01
To pull older version of  edge 
docker pull docker.apigee.net/apigee-edge-aio:4.18.01
docker pull docker.apigee.net/apigee-edge-aio:4.17.09

Step 2: Create container

docker container create --name apigee-edge-aio -p 3001:3001 -p 9090:9090 -p 9099:9099 -p 9000:9000 -p 8080:8080 -p 9001:9001 -p 3000:3000 -p 8079:8079 -it docker.apigee.net/apigee-edge-aio
To create container from previous versoon of edge
docker create --name apigee-edge-aio -p 9000:9000 -p 8080:8080 -p 9001:9001 -p 3000:3000 -p 8079:8079 -P -it docker.apigee.net/apigee-edge-aio:4.17.09

Step 3: Copy the license file to the image

docker cp license.txt apigee-edge-aio:/opt/apigee/customer/conf/

Step 4: Start the container

docker container start apigee-edge-aio

Start apigee container with docker run

Here is a second option to start the docker container.
Get the license text without any line breaks. You can use following command to get the license text.

echo $(cat license.txt | tr -d '\n')

Start the docker container by pasting the license text at the end. It accepts the license text as parameter.

docker run --name apigee-edge-aio -d -p 3001:3001 -p 9090:9090 -p 9099:9099 -p 9000:9000 -p 8080:8080 -p 9001:9001 -p 3000:3000 -p 8079:8079 -P -it docker.apigee.net/apigee-edge-aio "PASTE YOUR LICENSE AS STRING WIHOUT ANY RETURNS CARRIAGE"

How to access the product?

**Note : it takes the UI a few mins (up to 5 mins) to load after docker start
The port and access details are as below:
Component Port
ClassicUI 9000
New Edge Experience 3001
Runtime API 9001
Managenet Server 8080
Developer Portal 8079
Apigee SSO 9099
Local SAML IDP 9090
Monitoring Dashboard (Only 4.18.01) 3000

NOTE: Only the virtual host localhost has been mapped. 127.0.0.1 will not work.

Custom Virtual Hosts

If you are running docker on a different host(like Cloud), you may not be able to use “localhost” to access the Apigee Components. In that case, you can setup a custom virtual host like this:

curl -X POST -H 'Content-Type: application/json' -u trial@apigee.com:Secret123 [http://localhost:8080/v1/organizations/trial/environments/test/virtualhosts/default](http://localhost:8080/v1/organizations/trial/environments/test/virtualhosts/default) -d '{\"name\": \"default\" , \"hostAliases\": [\"custom.host.com\"], \"port\": \"9001\",\"interfaces\" : []}'

NOTE: You’ve now updated virtual host. Deploy proxies on that VH.

Volumes

The steps mentioned above allows you to start docker container easily but what happens whhen you start/ stop destroy container. The docker image comes with following volume mounting :

Volumes Mount point in image Purpose
data /opt/apigee/data Runtime configuration and data
customer /opt/apigee/customer All customer configuration.
license /opt/apigee/license Place your license file here
log /opt/apigee/var/log Log files are volume mounted here

When the container starts for the first time, the mounted data and customer directory is intialized from the image. On subsequent boot, it will boot from the volume.

How do you start Apigee edge with volume mounting :
In your Workspace directory create 3 local directories.

mkdir -p data
mkdir -p customer
mkdir -p license
mkdir -p log

Put your license file inside license directoy you created above:

docker run --name apigee-edge-aio -d -p 9443:443 -p 9000:9000 -p 8080:8080 -p 9001:9001 -p 3000:3000 -p 8079:8079 -P -v $PWD/data:/opt/apigee/data -v $PWD/customer:/opt/apigee/customer -v $PWD/license:/opt/apigee/license -it apigee-edge-aio
  • You will see data and customer directries poulated with all initial data.
  • Create few api proxies in apigee edge.
  • Stop and deestroy container.
  • Start the container as stated above. You can see all your api proxies intact.
  • Delete the contents of your data and customer directory and restart container. This should boot you apigee with initial configurations.

Setup SMTP

SMTP is not set during initial setup. This can be done by making change in the config file and rerunning ui setup

docker exec -it $(docker ps -aqf name=apigee-edge-aio) /bin/bash

Edit /tmp/config and change SMTP settings.

SKIP_SMTP=n
#Change this to n to set smtp
SMTPHOST=smtp.example.com
#Put your hosts
SMTPUSER=smtp@example.com
#Comment out this field if no user auth required to access smtp
SMTPPASSWORD=smtppwd
#Comment out this field if no password set to access smtp
SMTPMAILFROM=apiadmin@apigee.com
SMTPSSL=n
SMTPPORT=25
/opt/apigee/apigee-setup/bin/setup.sh -p ui -f /tmp/config

Reset UE IP Address

In case you are running docker container on other server, you may need to access services on some other IP address and not on localhost. UE, IDP and SAML SSO components are configured by default on localhost. It can be changed to other IP address by running following command:

docker exec -it $(docker ps -aqf name=apigee-edge-aio) sh -c "/tmp/reset-sso-idp-ue-ip.sh <IP address>"

For ex

docker exec -it $(docker ps -aqf name=apigee-edge-aio) sh -c "/tmp/reset-sso-idp-ue-ip.sh 127.0.0.1"

Troubleshooting

Step1 Check CPU and RAM Settings

Check the prerequisite section and allocate sufficient RAM and CPU to container. If sufficient resources are not provided, all apigee services won’t start.

Step2 Check all Apigee Service is running

docker exec -it $(docker ps -aqf name=apigee-edge-aio) /bin/bash
opt/apigee/apigee-service/bin/apigee-all status

Step 3: Check License

docker exec -it $(docker ps -aqf name=apigee-edge-aio) /bin/bash
/opt/apigee/apigee-service/bin/apigee-service edge-management-server status
cat /opt/apigee/customer/conf/license.txt 
(replace it if not valid)
/opt/apigee/apigee-service/bin/apigee-service edge-management-server restart

Step 4: Check Log Files

docker exec -it $(docker ps -aqf name=apigee-edge-aio) /bin/bash
cd /opt/apigee/var/logs

Important Docker command

  • Stop the docker image
docker stop <container id>
  • Remove the docker image
docker rmi -f docker.apigee.net/apigee-edge-aio
  • Start image (this will cause docker to fetch the latest image)
docker start docker.apigee.net/apigee-edge-aio
  • Commit Changes

If you have not volume mounted, please use docker commit to save your changes of docker image. However volume mounting is most preffered way.

docker commit

Deploy With Docker-Compose

Please save the contents in docker-compose.yml file

version: "3"
services:
  edge-aio:
    # specify an image version or 'latest'
    image: docker.apigee.net/apigee-edge-aio:latest
    ports:
      - "9000:9000"
      - "9001:9001"
      - "8080:8080"
      - "8079:8079"
      - "3000:3000"
      - "3001:3001"
      - "9099:9099"
      - "9090:9090"
    volumes:
      - ./license:/opt/apigee/license
      # uncomment if you need persistent data
      - ./customer:/opt/apigee/customer
      - ./data:/opt/apigee/data
      - ./log:/opt/apigee/var/log
    networks:
      - edge
networks:
  edge:

Start your docker container as follows

<code>docker-compose up

Deploy on a Kubernetes Cluster

In this example we will use GKE with GCE Persistent Voume

  • Create Kubernetes cluster with worker node size of 6 GB or more
  • Create a docker registry secret
kubectl create secret docker-registry apigeesecret  --docker-server=docker.apigee.net --docker-username=uName --docker-password=pWord --docker-email=email
  • Copy the contents to a file - kube-generic.yaml
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: apigee-license
data:
  apigee-license.txt: 
---
kind: Service
apiVersion: v1
metadata:
  name: apigee
  labels:
    app: apigee
spec:
  ports:
  - name: admin-http
    protocol: TCP
    port: 9000
    targetPort: 9000
  - name: api-http
    protocol: TCP
    port: 9001
    targetPort: 9001
  - name: management-http
    protocol: TCP
    port: 8080
    targetPort: 8080
  - name: ue-port
    protocol: TCP
    port: 3001
    targetPort: 3001
  - name: saml-sso-port
    protocol: TCP
    port: 9099
    targetPort: 9099
  - name: idp-port
    protocol: TCP
    port: 9090
    targetPort: 9090
  - name: developer-http
    protocol: TCP
    port: 8079
    targetPort: 8079
  - name: monitoring-http
    protocol: TCP
    port: 3000
    targetPort: 3000
  selector:
    app: apigee
  type: LoadBalancer
  sessionAffinity: None
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: apigee
  labels:
    app: apigee
  annotations:
    deployment.kubernetes.io/revision: 1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: apigee
  template:
    metadata:
      creationTimestamp: 
      labels:
        app: apigee
    spec:
      volumes:
      - name: empty-dir
        emptyDir: {}
      - name: apigee-data
        emptyDir: {}
      - name: apigee-customer
        emptyDir: {}
      - name: apigee-log
        emptyDir: {}
      - name: apigee-license
        configMap:
          name: apigee-license
          items:
          - key: apigee-license.txt
            path: license.txt
          defaultMode: 420
      containers:
      - name: apigee
        image: docker.apigee.net/apigee-edge-aio:latest
        ports:
        - containerPort: 9000
          name: admin-http
        - containerPort: 8080
          name: management-http
        - containerPort: 9001
          name: api-http
        - containerPort: 3000
          name: monitoring-http
        - containerPort: 8079
          name: developer-http
        - containerPort: 3001
          name: ue-port
        - containerPort: 9099
          name:  saml-sso-port
        - containerPort: 9090
          name:  idp-port
        resources: 
          limits:
            memory: "6144Mi"
            cpu: "2"
          requests:
            memory: "6144Mi"
            cpu: "1"
        volumeMounts:
        - name: apigee-data
          mountPath: "/opt/apigee/data"
        - name: apigee-customer
          mountPath: "/opt/apigee/customer"
        - name: apigee-log
          mountPath: "/opt/apigee/var/log"
        - name: apigee-license
          mountPath: "/opt/apigee/license"
        terminationMessagePath: "/dev/termination-log"
        terminationMessagePolicy: File
        imagePullPolicy: Always
        securityContext:
          privileged: true
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      dnsPolicy: ClusterFirst
      securityContext:
        fsGroup: 998
      schedulerName: default-scheduler
      imagePullSecrets:
      - name: apigeesecret
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 25%
      maxSurge: 25%
  revisionHistoryLimit: 10
  progressDeadlineSeconds: 600
---
<br />
  • If you want the data to be persisted, use persistent volume. If you want the data to be persisted, use persistent volume. In case of GKE, copy and paste the contents below to a file - gke-deployment.yaml
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: apigee-license
data:
  apigee-license.txt: My license text without any line breaks
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: apigee-customer
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi
  storageClassName: standard
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: apigee-data
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi
  storageClassName: standard
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: apigee-log
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi
  storageClassName: standard
---
kind: Service
apiVersion: v1
metadata:
  name: apigee
  labels:
    app: apigee
spec:
  ports:
  - name: admin-http
    protocol: TCP
    port: 9000
    targetPort: 9000
  - name: api-http
    protocol: TCP
    port: 9001
    targetPort: 9001
  - name: management-http
    protocol: TCP
    port: 8080
    targetPort: 8080
  - name: developer-http
    protocol: TCP
    port: 8079
    targetPort: 8079
  - name: monitoring-http
    protocol: TCP
    port: 3000
    targetPort: 3000
  - name: ue-port
    protocol: TCP
    port: 3001
    targetPort: 3001
  - name: saml-sso-port
    protocol: TCP
    port: 9099
    targetPort: 9099
  - name: idp-port
    protocol: TCP
    port: 9090
    targetPort: 9090
  selector:
    app: apigee
  type: LoadBalancer
  sessionAffinity: None
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: apigee
  labels:
    app: apigee
  annotations:
    deployment.kubernetes.io/revision: 1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: apigee
  template:
    metadata:
      creationTimestamp: 
      labels:
        app: apigee
    spec:
      volumes:
      - name: empty-dir
        emptyDir: {}
      - name: apigee-data
        persistentVolumeClaim:
          claimName: apigee-data
      - name: apigee-customer
        persistentVolumeClaim:
          claimName: apigee-customer
     - name: apigee-log
        persistentVolumeClaim:
          claimName: apigee-log
      - name: apigee-license
        configMap:
          name: apigee-license
          items:
          - key: apigee-license.txt
            path: license.txt
          defaultMode: 420
      containers:
      - name: apigee
        image: docker.apigee.net/apigee-edge-aio:latest
        ports:
        - containerPort: 9000
          name: admin-http
        - containerPort: 8080
          name: management-http
        - containerPort: 9001
          name: api-http
        - containerPort: 3000
          name: monitoring-http
        - containerPort: 8079
          name: developer-http
        - containerPort: 3001
          name: ue-port
        - containerPort: 9099
          name:  saml-sso-port
        - containerPort: 9090
          name:  idp-port
        resources: 
          limits:
            memory: "6144Mi"
            cpu: "2"
          requests:
            memory: "6144Mi"
            cpu: "1"
        volumeMounts:
        - name: apigee-data
          mountPath: "/opt/apigee/data"
        - name: apigee-customer
          mountPath: "/opt/apigee/customer"
        - name: apigee-license
          mountPath: "/opt/apigee/license"
        - name: apigee-log
          mountPath: "/opt/apigee/var/log"
        terminationMessagePath: "/dev/termination-log"
        terminationMessagePolicy: File
        imagePullPolicy: Always
        securityContext:
          privileged: true
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      dnsPolicy: ClusterFirst
      securityContext:
        fsGroup: 998
      schedulerName: default-scheduler
      imagePullSecrets:
      - name: apigeesecret
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 25%
      maxSurge: 25%
  revisionHistoryLimit: 10
  progressDeadlineSeconds: 600
---
  • Paste license text in apigee-license.txt in the file. You can get the license without any breaks as follows :
cat license.txt | td -d '\n'
  • Create apigee edge service and deployment in Kubernetes cluster. If you are using GKE, use the gke-deployment.yaml otherwise use kube-generic.yaml.
kubectl apply -f gke-deployment.yaml
kubectl get services
apigee       LoadBalancer   10.3.243.156   35.193.6.6    9000:32274/TCP,9001:30488/TCP,8080:31148/TCP,8079:32055/TCP,3000:30482/TCP   2m
5 Likes
2

Fantastic work @rajeshmishra!

3

So useful! Someone was just asking for this today.

4

Good work @rajeshmishra. I was able to install Apigee AIO using the Docker Image. However Edge UI is failing to send emails. How can we specify the SMTP information?

5

@Umesh Pai

I have edited instructions above to update smtp settings after configuration.

6

@rajeshmishra Would it be easier to allow us to mount configuration files via volumes? That would allow us to reuse most of the existing documentation

7

@rmishra : Can you put some more details here. You can mount your Docker containers volumes.

8

So, i can’t reply to @rajeshmishra, reached comment depth i think.

Anyway, sorry for being cryptic but that is what i meant, i can mount volumes but it would be helpful to know the available volumes and the files expected in those volumes. This would allow us to mount config files for various components at one/more volumes

I may be wrong because i haven’t had the time to play with the image or read the Dockerfile just yet. But a container based Apigee installation is something to look forward to .

Great Work

9

Great stuff @rajeshmishra.

FYI, if you want to expose 9443 ports for SSL Virtual Hosts, add -p 9443:9443 to the docker create command.

10

Hi there,

how can I request/get credentials to log in software.apigee.com ?

I got a apigee account to test it in cloud but from docker repository I’m getting authentication error.

Thanks,

Jorge

11

Contact apigee sales at edgesalesteam@google.com

12

Hi, the email is not valid.

I get the following response:

We're writing to let you know that the group you tried to contact (edgesalesteam) may not exist, or you may not have permission to post messages to the group. A few more details on why you weren't able to post:

 * You might have spelled or formatted the group name incorrectly.
 * The owner of the group may have removed this group.
 * You may need to join the group before receiving permission to post.
 * This group may not be open to posting.
...

Is there another way to get an account for docker.apigee.net?

Regards,
Andy
13

Please contact sales here :

https://pages.apigee.com/contact-us-register.html

14

Awesome way of having Apigee anywhere. Great work!

15

@RajeshMishra@Google: will you please provide your google email to talk one-to-one on this. I am currently architecting to use 13 node docker /kubernetes way to install APIGEE EDGE private cloud on-prem and have some questions towards.

16

My email should be in my profile. Please shoot out any email if you have.