Can not deploy API proxy with APIGEE Hybrid

Google Cloud Apigee
1

I am try to Deploy an API proxy follow the link: Step 2: Deploy an API proxy | Apigee | Google Cloud but not complete

Describe as:

  • Can not deployment:

hungdv007_0-1738599032665.png
hungdv007_0-1738599032665.png940×449 58.8 KB

  • Get log error on Logexplorer

“logger”: “PUBSUB.SERVICE”,
“formattedDate”: “2025-02-03T15:58:30.011Z”,
“time”: “2025-02-03T22:58:30.012292867+07:00”,
“_p”: “F”,
“exceptionStackTrace”: "com.google.api.gax.rpc.PermissionDeniedException: com.google.api.gax.rpc.PermissionDeniedException: io.grpc.StatusRuntimeException: PERMISSION_DENIED: User not authorized to perform this action.\n\tat com.google.api.gax.rpc.ApiExceptionFactory.createException(ApiExceptionFactory.java:98)\n\tat com.google.api.gax.rpc.ApiExceptionFactory.createException(ApiExceptionFactory.java:41)\n\tat com.google.cloud.pubsub.v1.StreamingSubscriberConnection

User not authorized to perform this action.\n\tat io.grpc.Status.asRuntimeException(Status.java:533)\n\t… 20 more",
“message”: “Subscriber for subscription : apigee-36bef9a9-0e1f-4e0e-ba18-0389d19ab4cc-4931eb19e56d6ded in project : vacae0fed59d4c6d8p-tp encountered a fatal error and is shutting down”,
“method”: “failed”,
“className”: “com.apigee.pubsub.service.cloudpubsub.CloudPubSubSubscriber$1”
},
“resource”: {
“type”: “k8s_container”,
“labels”: {
“cluster_name”: “labapigee2024”,
“location”: “asia-southeast1”,
“pod_name”: “apigee-synchronizer-labapigee-44531-labapigee2024-0bc54eb-7s65v”,
“namespace_name”: “apigee”,
“project_id”: “labapigee-445318”,
“container_name”: “apigee-synchronizer”
}

  • My service accounts used:

hungdv007_0-1738599408976.png
hungdv007_0-1738599408976.png939×527 81 KB

hungdv007_1-1738599413502.png
hungdv007_1-1738599413502.png940×253 71.3 KB

What is wrong when I install apigee hybrid?

2

Hi There,

Can you confirm if you performed step 7 - Enable synchroniser access here?

The error you showed typically occurs when synchroniser access may not be setup properly.

Id suggest selecting the right version of Apigee hybrid at the top of the page i shared ( 1.14 is the latest) and confirm it aligns with hybrid version you have installed.

Hope this helps!

2 Likes
3

Thank for your help! I have deployed it after performed step 7. But i have new problem with Step 2: Deploy an API proxy | Apigee | Google Cloud

root@dev-k8smaster1:/home/msp# curl -H Host:lab-apigee.msp247.vn --resolve lab-apigee.msp247.vn:443:10.30.1.145 https://lab-apigee.msp247.vn:443/myproxy -k -v

  • Added lab-apigee.msp247.vn:443:10.30.1.145 to DNS cache
  • Hostname lab-apigee.msp247.vn was found in DNS cache
  • Trying 10.30.1.145:443…
  • Connected to lab-apigee.msp247.vn (10.30.1.145) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • TLSv1.0 (OUT), TLS header, Certificate Status (22):
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS header, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (OUT), TLS header, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS header, Finished (20):
  • TLSv1.2 (IN), TLS header, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=lab-apigee.msp247.vn
  • start date: Dec 20 20:05:27 2024 GMT
  • expire date: Dec 18 20:05:27 2034 GMT
  • issuer: CN=lab-apigee.msp247.vn
  • SSL certificate verify result: self-signed certificate (18), continuing anyway.
  • Using HTTP2, server supports multiplexing
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • Using Stream ID: 1 (easy handle 0x55c7f9bf3eb0)
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):

GET /myproxy HTTP/2
Host:lab-apigee.msp247.vn
user-agent: curl/7.81.0
accept: /

  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • old SSL session ID is stale, removing
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • Connection state changed (MAX_CONCURRENT_STREAMS == 2147483647)!
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
    < HTTP/2 404
    < x-powered-by: Apigee
    < access-control-allow-origin: *
    < x-frame-options: ALLOW-FROM RESOURCE-URL
    < x-xss-protection: 1
    < x-content-type-options: nosniff
    < content-security-policy: default-src ‘none’
    < content-type: text/html; charset=utf-8
    < content-length: 146
    < date: Thu, 06 Feb 2025 14:41:42 GMT
    < via: 1.1 google
    < alt-svc: h3=“:443”; ma=2592000,h3-29=“:443”; ma=2592000
    < x-request-id: 04ab6011-8e6d-4208-9652-ac70588e1c84
    <
Error 
Cannot GET /myproxy
* Connection #0 to host lab-apigee.msp247.vn left intact I can't complete when test result. May you help me to resolve this?
4

Thank for your help! I have deployed it after performed step 7. But i have new problem with Step 2: Deploy an API proxy | Apigee | Google Cloud

root@dev-k8smaster1:/home/msp# curl -H Host:lab-apigee.msp247.vn --resolve lab-apigee.msp247.vn:443:10.30.1.145 https://lab-apigee.msp247.vn:443/myproxy -k -v

  • Added lab-apigee.msp247.vn:443:10.30.1.145 to DNS cache
  • Hostname lab-apigee.msp247.vn was found in DNS cache
  • Trying 10.30.1.145:443…
  • Connected to lab-apigee.msp247.vn (10.30.1.145) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • TLSv1.0 (OUT), TLS header, Certificate Status (22):
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS header, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (OUT), TLS header, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS header, Finished (20):
  • TLSv1.2 (IN), TLS header, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=lab-apigee.msp247.vn
  • start date: Dec 20 20:05:27 2024 GMT
  • expire date: Dec 18 20:05:27 2034 GMT
  • issuer: CN=lab-apigee.msp247.vn
  • SSL certificate verify result: self-signed certificate (18), continuing anyway.
  • Using HTTP2, server supports multiplexing
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • Using Stream ID: 1 (easy handle 0x55c7f9bf3eb0)
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):

GET /myproxy HTTP/2
Host:lab-apigee.msp247.vn
user-agent: curl/7.81.0
accept: /

  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • old SSL session ID is stale, removing
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • Connection state changed (MAX_CONCURRENT_STREAMS == 2147483647)!
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
    < HTTP/2 404
    < x-powered-by: Apigee
    < access-control-allow-origin: *
    < x-frame-options: ALLOW-FROM RESOURCE-URL
    < x-xss-protection: 1
    < x-content-type-options: nosniff
    < content-security-policy: default-src ‘none’
    < content-type: text/html; charset=utf-8
    < content-length: 146
    < date: Thu, 06 Feb 2025 14:41:42 GMT
    < via: 1.1 google
    < alt-svc: h3=“:443”; ma=2592000,h3-29=“:443”; ma=2592000
    < x-request-id: 04ab6011-8e6d-4208-9652-ac70588e1c84
    <
Error 
Cannot GET /myproxy
* Connection #0 to host lab-apigee.msp247.vn left intact I can't complete when test result. May you help me to resolve this?
5

Hello,

Did you create the kubernetes service to expose apigee externally or you are trying the internal tests?

The error suggests a 404 which could mean apigee is unable to find the proxy at the basepath - /myproxy or Apigee is unable to route the request to the proxy or its backend from the ingress.

We have some playbooks documented here

Either way, this suggests Apigee is unable to load the backend or target endpoint you intend to expose with Apigee.

I suggest try making a new proxy with a simple target such as https://mocktarget.apigee.net for a start. If your setup is right you should get a “Hello, Guest!” response.

Hope this helps.

1 Like