Integrate apigee api gateway with private gke cluster

Google Cloud Apigee
1

An overview of the architecture

External Users → GCP External Load Balancer (SSL termination) → Apigee (API Gateway, Rate Limiting, Routing)→ Private Service Connect → GKE Internal Ingress

I am attempting to integrate Apigee with GKE internal ingress; I am seeking for the flow shown above, but I have not received any relevant docs. I would very appreciate it if someone in this community could assist me with this by giving docs.

Hello @JacobHume I came across your post on the problem I’m trying to find. Could you please assist me with this.

2

Hello @Harisabareesh ,

We saw your question and wanted to let you know we’re keeping it on our radar. We’ll also invite others in the community to pitch in and share their thoughts.

1 Like
3

Hi @Harisabareesh ,

Sharing some links to our documentation for your setup below. They are broken down into 2 steps - Northbound and Southbound.

Northbound: External Users → GCP External Load Balancer (SSL termination) → Apigee Configure active health check for regional failover with PSC

Southbound: Apigee → Private Service Connect → GKE Internal Ingress Southbound networking patterns

You might also find this blog post useful: Modernize Apigee-GKE Connectivity with Private Service Connect and GKE Gateway

1 Like
4

Hi @Harisabareesh , we hope @markjkelly 's response was helpful!

If so, please consider marking it as the accepted solution. Thanks to Mark for the answer :blush:

For more insights, check out our latest articles here and join our weekly office hours, Thursdays at 4:00 PM CET, register here :right_arrow: https://rsvp.withgoogle.com/events/apigee-emea-office-hours-2024/home. We cover in-depth topics on Apigee and Google Cloud Application Integration.

5

Hi there, I am trying to implement such solution proposed in the article Modernize Apigee-GKE Connectivity with Private Service Connect and GKE Gateway , and realized that the doc ( Southbound networking patterns  |  Apigee  |  Google Cloud ) is proposing to use a deprecated item : producerForwardingRule.( REST Resource: serviceAttachments  |  Compute Engine Documentation  |  Google Cloud )
Would you be able to help me find a new alternative?
My proposal will be to use serviceAttachment backendservice , then creating a service without app-selector and manually creating an EndpointSlice to target my Gateway ILB.
This works but I am not convinced I am creating the best architecture in term of network and resiliency.
Thanks for your support.

6

Hi @Fab_T,

Since this thread is already marked with a solution, please create a new post for your new question. This will give your question better visibility and make it easier for others to contribute. You can also reference this same post if you want.

Thanks,

7

Thanks @AlexET , just opened new Topic.
Should I delete my text in this topic to avoid confusion ?

1 Like