This section lists all of the configuration properties that you can use to customize the runtime plane of your Apigee hybrid deployment.
Top-level properties
The following table describes the top-level properties in the overrides.yaml
file. These are properties
that do not belong to another object, and apply at the org or environment level:
Default value:https://apigee.googleapis.com
Defines the API path for all APIs in your installation.
Default value:none
Required
ID of your Google Cloud
project. Works with k8sClusterName
and gcpRegion
to identify the project and determine where the apigee-logger
and the apigee-metrics
push
their data.
Default value: us-central1
Required
The closet GCP region or zone of your Kubernetes cluster. Works with gcpProjectID
and k8sClusterName
to identify the project and determine where the apigee-logger
and the apigee-metrics
push their data.
Default value:none
Kubernetes secret name configured as docker-registry type; used to pull images from private repo.
Type:
Version:1.0.0
Default value:none
Name of the Kubernetes (K8S) procluster where your hybrid project is running. Works with gcpProjectID
and gcpRegion
to identify the project and determine
where the apigee-logger
and the apigee-metrics
push their data.
Default value: apigee
The namespace of your Kubernetes cluster where the Apigee components will be installed.
Version:1.0.0
Default value:none
Required
The hybrid-enabled organization that was provisioned for you by Apigee during the hybrid installation. An organization is the top-level container in Apigee. It contains all your API proxies and related resources. If the value is empty, you must update it wiht your org name once you have created it.
Default value: 1.0.0
Apigee hybrid supports rolling Kubernetes updates, which allow deployment updates to take place with zero downtime by incrementally updating Pod instances with new ones.
When updating certain YAML overrides that result in underlying Kubernetes PodTemplateSpec
change, the revision
override property must also be changed in the customer's override.yaml.
This is required for the underlying Kubernetes ApigeeDeployment
(AD) controller to conduct a safe
rolling update of from the previous version to the new version. You can use any text value,
eg: "blue", "a", "1.0.0"
When the revision
property is changed and applied, a rolling update will occur for all components
Changes to properties of the following objects require an update to revision
:
For more information, see Rolling updates .
Default value:true
Enables strict validation of service account permissions. This uses Cloud Resource Manager API method "testIamPermissions" to verify that the provided service account has the required permissions. In the case of service accounts for an Apigee Org, the project ID check is the one mapped to the Organization. For Metrics and Logger, the project checked is based on the "gcpProjectID" overrides.yaml configuration.
See also gcpProjectID
adah
The Apigee Deployment Admissionhook (ADAH) is responsible for validating the configuration which the user provides for the apigee-deployment-controller. It runs in a Kubernetes cluster, and is responsible for validating the incoming create/update/delete requests from the Apigee-deployment Controller. See also:
The following table describes the properties of the Apigee Deployment Controller adah
object:
adah.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
adah.image.tag
Default value: 1.0.0
The location of the Docker image for this service.
adah.image.url
Default value: "us.gcr.io/google.com/edge-ci/release/eda/apigee-deployment-admissionhook/master/admissionhook"
The location of the Docker image for this service.
adc
The Apigee Deployment Controller (ADC) is a process that manages deployment of Apigee in Kubernetes clusters. It is a Kubernetes custom controller that creates and updates low level Kubernetes and Istio resources that are required to deploy and maintain the ApigeeDeployment (AD) .
See also adah (Apigee Deployment Admissionhook)
.The following table describes the properties of the apigee-deployment-controller adc
object:
adc.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
adc.image.tag
Default value: 1.0.0
The location of the Docker image for this service.
adc.image.url
Default value: "us.gcr.io/google.com/edge-ci/release/eda/apigee-deployment-controller/master/controller"
The location of the Docker image for this service.
adc.resources.limits.cpu
Default value: 250m
The CPU limit for the resource in a Kubernetes container, in millicores.
adc.resources.limits.memory
Default value: 256Mi
The memory limit for the resource in a Kubernetes container, in mebibytes.
adc.resources.requests.cpu
Default value: 250m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
adc.resources.requests.memory
Default value: 256Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
authz
The following table describes the properties of the authz
object:
authz.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
authz.image.tag
Default value: 1.0.0
The version label for this service's Docker image.
authz.image.url
Default value: "us.gcr.io/google.com/edge-ci/integration/featureplatform/apigee-authn-authz/master"
The location of the Docker image for this service.
authz.livenessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
authz.livenessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a liveness probe is initiated.
authz.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
authz.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
authz.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
authz.readinessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a readiness probe is initiated.
authz.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
authz.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
authz.readinessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
authz.resources.requests.cpu
Default value: 50m
The ammount of CPU resources to allocate for authentication requests.
authz.resources.requests.memory
Default value: 128Mi
The ammount of memory resources to allocate for authentication requests.
authz.serviceAccountPath
Default value:none
Required
Path to Google Service Account key file with "Apigee Read Only Admin" role.
busyBoxInit
The following table describes the properties of the busyBoxInit
object:
busyBoxInit.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
busyBoxInit.image.tag
Default value: "1.0.0"
The version label for this service's Docker image.
busyBoxInit.image.url
Default value: "busybox"
The location of the Docker image for this service.
cassandra
Defines the hybrid service that manages the runtime data repository. This repository stores application configurations, distributed quota counters, API keys, and OAuth tokens for applications running on the gateway.
For more information, see Configure Cassandra .
The following table describes the properties of the cassandra
object:
cassandra.auth.admin.password
Default value:"iloveapis123"
Required
Password for the Cassandra administrator. The admin user is used for any administrative activities performed on the Cassandra cluster.
cassandra.auth.ddl.password
Default value:"iloveapis123"
Required
Password for the Cassandra Data Definition Language (DDL) user. Used by MART for any of the data definition tasks like keyspace creation, update, and deletion.
cassandra.auth.default.password
Default value: "iloveapis123"
Required
The password for the default Cassandra user created when Authentication is enabled. This password must be reset when configuring Cassandra authentication. See Configuring TLS for Cassandra .
cassandra.auth.dml.password
Default value:"iloveapis123"
Required
Password for the Cassandra Data Manipulation Language (DML) user. The DML user is used by the client communication to read and write data to Cassandra.
cassandra.auth.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
cassandra.auth.image.tag
Default value: 1.0.0
The version label for this service's Docker image.
cassandra.auth.image.url
Default value: "google/apigee-cassandra-client"
The location of the Docker image for this service.
cassandra.backup.cloudProvider
Default value: "GCP"
Required if backup is enabled.
Cloud provider for backup storage.
cassandra.backup.dbStorageBucket
Default value:none
Required if backup is enabled.
Cloud storage bucket for the backup data.
cassandra.backup.enabled
Default value: false
Data backup is not enabled by default. To enable, set to true
.
cassandra.backup.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
cassandra.backup.image.tag
Default value: 1.0.0
The version label for this service's Docker image.
cassandra.backup.image.url
Default value: "google/apigee-cassandra-backup-utility"
The location of the Docker image for this service.
cassandra.backup.schedule
Default value: "0 2 * * *"
The schedule for the chron job.
cassandra.backup.serviceAccountPath
Default value:none
Required if backup is enabled.
Path to Google Service Account key file with "Apigee Read Only Admin" role.
cassandra.clusterName
Default value: "apigeecluster"
Specifies the name of the Cassandra cluster.
cassandra.datacenter
Default value: "dc-1"
Specifies the datacenter of the Cassandra node.
cassandra.dnsPolicy
Default value: ClusterFirstWithHostNet
When cassandra.hostNetwork is set to true
, this determines which DNS policy
Cassandra uses. For Anthos based deployments it should be set to ClusterFirstWithHostNet
.
cassandra.externalSeedHost
Default value:none
Hostname or IP of a Cassandra cluster node. If not set, the Kubernetes local service is used.
cassandra.heapNewSize
Default value: 100M
The amount of JVM system memory allocated to newer objects, in megabytes.
cassandra.hostNetwork
Default value: true
Set to true for Anthos based deployments.
cassandra.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
cassandra.image.tag
Default value: 1.0.0
The version label for this service's Docker image.
cassandra.image.url
Default value: "google/apigee-cassandra"
The location of the Docker image for this service.
cassandra.maxHeapSize
Default value: 512M
The upper limit of JVM system memory available fo Cassandra operations, in megabytes.
cassandra.multiRegionSeedHost
Default value:none
IP address of an existing Cassandra cluster used to expand the existing cluster to a new region. See Configure the multi-region seed host .
cassandra.nodeSelector.key
Default value:none
Required
Node selector label key used to target dedicated Kubernetes nodes for cassandra
data services.
See Add node selectors .
cassandra.nodeSelector.value
Default value:none
Optional ode selector label value used to target dedicated Kubernetes nodes for cassandra
data services and override the nodeSelector.apigeeData settings.
See nodeSelector .
cassandra.port
Default value: 9042
Port number used to connect to cassandra.
cassandra.rack
Default value: "ra-1"
Specifies the rack of the Cassandra node.
cassandra.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
cassandra.readinessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a readiness probe is initiated.
cassandra.readinessProbe.periodSeconds
Default value: 10
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
cassandra.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
cassandra.readinessProbe.timeoutSeconds
Default value: 5
The number of seconds after which a liveness probe times out. The minimum value is 1.
cassandra.replicaCount
Default value: 3
Cassandra is a replicated database. It is configured to have at least 3 copies of the data in each region or data center. This property specifies the number of Cassandra nodes employed as a StatefulSet .
cassandra.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
cassandra.resources.requests.memory
Default value: 1Gi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
cassandra.restore.cloudProvider
Default value: "GCP"
Required if restore is enabled.
Cloud provider for backup storage.
cassandra.restore.dbStorageBucket
Default value:none
Required if restore is enabled.
Cloud storage bucket for the backup data to restore.
cassandra.restore.enabled
Default value: false
cassandra.restore.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
cassandra.restore.image.tag
Default value: 1.0.0
The version label for this service's Docker image.
cassandra.restore.image.url
Default value: "google/apigee-cassandra-backup-utility"
The location of the Docker image for this service.
cassandra.restore.serviceAccountPath
Default value:none
Required if restore is enabled.
Path to Google Service Account key file with "Apigee Read Only Admin" role.
cassandra.restore.snapshotTimestamp
Default value:none
Required if restore is enabled.
Timestamp of the backup that should be restored.
cassandra.storage.capacity
Default value: 50Gi
Required if storage.storageClass is specified
Specifies the disk size required, in mebibytes.
cassandra.storage.storageClass
Default value:none
Specifies the class of on-prem storage being used.
cassandra.terminationGracePeriodSeconds
Default value: 300
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
defaults
The Default encryption keys for the Apigee hybrid installation.
The following table describes the properties of the defaults
object:
| Property | Description |
|---|---|
defaults.org.kmsEncryptionKey
|
Version:1.0.0 Default value: Default encryption key for the org in KMS. |
defaults.org.kvmEncryptionKey
|
Version:1.0.0 Default value: Default encryption key for the org in KVM. |
defaults.env.kmsEncryptionKey
|
Version:1.0.0 Default value: Default encryption key for the environment (env) in KMS. |
defaults.env.kvmEncryptionKey
|
Version:1.0.0 Default value: Default encryption key for the environment (env) in KVM. |
defaults.env.cacheEncryptionKey
|
Version:1.0.0 Default value: Default cache encryption key for the environment (env). |
envs
Defines an array of environments to which you can deploy your API proxies. Each environment provides an isolated context or "sandbox" for running API proxies.
Your hybrid-enabled organization must have at least one environment.
Use envs[]
to configure base path routing, which allows you to configure and manage
how Apigee hybrid routes API proxy calls to the correct environment.
For more information, see:
The following table describes the properties of the envs
object:
| Property | Description |
|---|---|
envs[].cacheEncryptionKey
|
Version:1.0.0 Default value:none Required Local file system path for the Apigee cache data's encryption key. |
envs[].hostAlias
|
Version:1.0.0 Default value:none Required The DNS name for your server. For example, If you have multiple environments, you must use a unique host alias name for each
one. For example, |
envs[].kmsEncryptionKey
|
Version:1.0.0 Default value:none Required Local file system path for the Apigee KMS data's encryption key. |
envs[].name
|
Version:1.0.0 Default value:none Required Apigee environment name to be synchronized. |
envs[].pollInterval
|
Version:1.0.0 Default value:none Interval used for polling organization and environment synchronization changes, in seconds. |
envs[].paths.uri.prefixes
|
Version:1.0.0 Default value:none A property to support prefix base path routing. Provide those paths as in the pattern: org: hybrid
envs:
- name: test
paths:
uri:
prefixes:
- /foo
- /bar
|
envs[].port
|
Version:1.0.0 Default value:none TCP port number for HTTPS traffic. |
envs[].serviceAccountPaths.synchronizer
|
Version:GA Default value:none Path to file on local system to a Google Service Account key with the Apigee Synchronizer Managerrole. |
envs[].serviceAccountPaths.udca
|
Version:GA Default value:none Path to file on local system to a Google Service Account key with the Apigee Analytic Agentrole. |
envs[].sslCertPath
|
Version:1.0.0 Default value:none Required The path on your system to a TLS certificate file. |
envs[].sslKeyPath
|
Version:1.0.0 Default value:none Required The path on your system to the TLS private key file. |
httpProxy
httpProxy
provides configuration parameters for an HTTP forward proxy server. When
configured in overrides.yaml, all internet communication for the MART, Synchronizer, and UDCA
components pass through the proxy server.
See also: MART , Synchronizer , and UDCA .
The following table describes the properties of the httpProxy
object:
| Property | Description |
|---|---|
httpProxy.host
|
Version:1.1.1 Default value:none The hostname of the HTTP Proxy. |
httpProxy.port
|
Version:1.1.1 Default value:none The port of the HTTP Proxy. |
httpProxy.scheme
|
Version:1.1.1 Default value: The scheme used by the proxy. Values can be |
ingress
ingress
is the instantiation of the Istio Ingress Gateway, the Kubernetes Ingress
Resource is used to specify services that should be exposed outside the cluster. It defines a
containerized app that routes traffic from outside the runtime plane to services within the
runtime plane. Apigee installation creates two Istio Ingress objects for:
- Runtime
- MART
See also:
- Ingress Gateways in the istio documentation.
- Adding gateways about adding Istio ingress gatewawys in the GCP documentation.
- istio object in Apigee
- MART object
- Runtime object
The following table describes the properties of the ingress
object:
ingress.enableAccesslog
Default value: false
Enable or disable the Ingress access log. By default, it is disabled.
ingress.envoyHeaders.headers
Default value:none
A list of Envoy headers.
ingress.envoyHeaders.preserved
Default value: false
Determines whether to preserve or not to preserve Envoy's headers. By default, they are not.
ingress.httpsRedirect
Default value: true
Enable or disable the automatic HTTPS redirection for all incoming traffic.
ingress.mart.loadBalancerIP
Default value: 10.0.10.252
IP address of the MART load balancer.
ingress.runtime.loadBalancerIP
Default value: 10.0.10.251
IP address of the load balancer for the Apigee-runtime object.
ingress.serviceType
Default value: LoadBalancer
The type of service used for routing external traffic to internal services.
Possible values include:
-
ClusterIP(not supported) -
LoadBalancer -
NodePort
istio
Google Cloud Platform's (GCP's) implemention of Istio is a service mesh that layers onto existing your Apigee instance helping it integrate with the logging platform, telemetry and policy system.
See also: GCP's Istio documentation and What is Istio .
The following table describes the properties of the istio
object:
istio.ingressgateway.replicaCountMax
Default value:5
Required
Maximum number of Istio ingress gateway replicas allowed.
See:
- ingress object
- Ingress Gateways in the Istio documentation
- Adding gateways about adding Istio ingress gatewawys in the GCP documentation.
istio.ingressgateway.replicaCountMin
Default value:1
Required
Minimum number of Istio ingress gateway replicas required.
See:
- ingress object
- Ingress Gateways in the Istio documentation
- Adding gateways about adding Istio ingress gatewawys in the GCP documentation.
istio.ingressgateway.resources.requests.cpu
Default value:100m
Required
CPU resources allocated to the ingress controller, needed for the gateway to operate optimally.
See:
- ingress object
- Ingress Gateways in the Istio documentation
- Ingress Controllers in the Kubernetes documentation.
istio.ingressgateway.resources.requests.memory
Default value:128Mi
Memory resources allocated to the ingress controller, needed for the gateway to operate optimally.
istio.nodeSelector.key
Default value:none
Optional node selector label key for targeting Kubernetes nodes for istio
services. If you do not specify a key for mart.nodeselector, the istio
services
use the node specified in the nodeSelector
object.
istio.nodeSelector.value
Default value:none
Optional node selector label value for targeting Kubernetes nodes for istio
services. See also the nodeSelector
object.
istio.pilot.replicaCountMax
Default value:5
Required
The pilot
core traffic management within the cluster, communicating with the envoy
sidecar proxy. replicaCountMax
is the maximium number of
Istio pilot replicas allowed.
See Pilot: Core traffic management in the Istio documentation
istio.pilot.replicaCountMin
Default value:1
Required
The pilot
core traffic management within the cluster, communicating with the envoy
sidecar proxy. replicaCountMax
is the maximium number of
Istio pilot replicas required.
See Pilot: Core traffic management in the Istio documentation
istio.pilot.resources.requests.cpu
Default value:500m
Required
CPU resources allocated to the pilot process, needed for the gateway to operate optimally.
See:
- Pilot: Core traffic management in the Istio documentation
- pilot-agent in the Istio documentation.
istio.pilot.resources.requests.memory
Default value:2048Mi
Memory resources allocated to the pilot process, needed for the gateway to operate optimally.
See:
- Pilot: Core traffic management in the Istio documentation
- pilot-agent in the Istio documentation.
logger
Defines the service that manages operational logs. All of the Apigee hybrid services that run in your Kubernetes cluster output this information.
For more information, see Logging .
The following table describes the properties of the logger
object:
logger.enabled
Default value: true
Enables or disables logging on the cluster. For non- GKE
set to true
, for
Anthos or GKE set to false
.
logger.fluentd.buffer_chunk_limit
Default value: 512k
The maximum size of a buffer chunk allowed, in kilobytes. Chunks exceeding the limit will be flushed to the output queue automatically.
logger.fluentd.buffer_queue_limit
Default value: 6
The maximum length of the output queue. The default limit is 256 chunks.
logger.fluentd.flush_interval
Default value: 5s
The interval to wait before invoking the next buffer flush, in seconds.
logger.fluentd.max_retry_wait
Default value: 30
The maximum interval between write retries, in seconds.
logger.fluentd.num_threads
Default value: 2
The number of threads used to flush the buffer. The default is 1.
logger.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
logger.image.tag
Default value: "1.6.8"
The version label for this service's Docker image.
logger.image.url
Default value: "google/apigee-stackdriver-logging-agent"
The location of the Docker image for this service.
logger.livenessProbe.failureThreshold
Default value: 3
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
logger.livenessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a liveness probe is initiated.
logger.livenessProbe.periodSeconds
Default value: 60
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
logger.livenessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a liveness probe to be considered successful after a failure. The minimum value is 1.
logger.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
logger.nodeSelector.key
Default value: "apigee.com/apigee-logger-enabled"
Required
Node selector label key used to target dedicated Kubernetes nodes for logger
runtime services.
See Add node selectors .
logger.nodeSelector.value
Default value: "true"
Required
Node selector label value used to target dedicated Kubernetes nodes for logger
runtime services.
See Add node selectors .
logger.proxyURL
Default value:none
URL of the customer's proxy server.
logger.resource.limits.memory
Default value: 500Mi
The memory limit for the resource in a Kubernetes container, in mebibytes.
logger.resource.limits.cpu
Default value: 200m
The CPU limit for the resource in a Kubernetes container, in millicores.
logger.resource.requests.cpu
Default value: 100m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
logger.resource.requests.memory
Default value: 250Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
logger.serviceAccountPath
Default value:none
Required
Path to Google Service Account key file with "Apigee Read Only Admin" role.
logger.terminationGracePeriodSeconds
Default value: 30
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
mart
Defines the MART (Management API for RunTime data) service, which acts as an API provider for public Apigee APIs so that you can access and manage runtime data entities such as KMS (API Keys and OAuth tokens), KVM, Quota, and API products.
The following table describes the properties of the mart
object:
mart.hostAlias
Default value:none
The host alias pointing to the MART
object. You can set this property to *
or
a fully-qualified domain name.
mart.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
mart.image.tag
Default value: 1.0.0
The version label for this service's Docker image.
mart.image.url
Default value: "google/apigee-mart-server"
The location of the Docker image for this service. Check the values.yaml file for the specific URL.You can override this.
mart.initCheckCF.resources.requests.cpu
Default value: 10m
The amount of CPU resourced allocated to the initialization check of the Cloud Foundry process.
mart.livenessProbe.failureThreshold
Default value: 12
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
mart.livenessProbe.initialDelaySeconds
Default value: 15
The number of seconds after a container is started before a liveness probe is initiated.
mart.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
mart.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
mart.metricsURL
Default value: "/v1/server/metrics"
mart.nodeSelector.key
Default value:none
Optional node selector label key for targeting Kubernetes nodes for mart
runtime services. If you do not specify a key for mart.nodeselector, then your runtime uses
the node specified in the nodeSelector
object.
See Add node selectors .
mart.nodeSelector.value
Default value:none
Optional node selector label value for targeting Kubernetes nodes for mart
runtime services. See also the nodeSelector
object.
See Add node selectors .
mart.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
mart.readinessProbe.initialDelaySeconds
Default value: 15
The number of seconds after a container is started before a readiness probe is initiated.
mart.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
mart.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
mart.readinessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
mart.replicaCountMax
Default value: 5
Maximum number of replicas available for autoscaling.
mart.replicaCountMin
Default value: 1
Minimum number of replicas available for autoscaling.
mart.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
mart.resources.requests.memory
Default value: 512Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
mart.serviceAccountPath
Default value:none
Required
Path to Google Service Account key file with "Apigee Read Only Admin" role.
mart.sslCertPath
Default value:none
Local file system path for loading and encoding the SSL cert to a Secret.
mart.sslKeyPath
Default value:none
Local file system path for loading and encoding the SSL key to a Secret.
mart.targetCPUUtilizationPercentage
Default value: 75
Target CPU utilization for the MART process on the pod. The
value of this field enables MART to auto-scale when CPU utilization
reaches this value, up to replicaCountMax
.
mart.terminationGracePeriodSeconds
Default value: 30
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
metrics
Defines the service that collects operations metrics. You can use metrics data to monitor the health of Hybrid services, to set up alerts, and so on.
For more information, see Metrics collection overview .
The following table describes the properties of the metrics
object:
metrics.enabled
Default value: false
Enables Apigee metrics. Set to true
to enable metrics. Set to false
to disable metrics.
metrics.nodeSelector.key
Default value:none
Required
Node selector label key used to target dedicated Kubernetes nodes for metrics
runtime services.
See Add node selectors .
metrics.nodeSelector.value
Default value:none
Required
Node selector label value used to target dedicated Kubernetes nodes for metrics
runtime services.
See Add node selectors .
metrics.prometheus.args.storage_tsdb_retention
Default value: 48h
The amount of time Prometheus waits before removing old data from local storage, in hours.
metrics.prometheus.containerPort
Default value: 9090
The port to connect to the Prometheus metrics service.
metrics.prometheus.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
metrics.prometheus.image.tag
Default value: "v2.9.2"
The version label for this service's Docker image.
metrics.prometheus.image.url
Default value: "google/apigee-prom-prometheus"
The location of the Docker image for this service.
metrics.prometheus.livenessProbe.failureThreshold
Default value: 6
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
metrics.prometheus.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
metrics.prometheus.livenessProbe.timeoutSeconds
Default value: 3
The number of seconds after which a liveness probe times out. The minimum value is 1.
metrics.prometheus.readinessProbe.failureThreshold
Default value: 120
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
metrics.prometheus.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
metrics.prometheus.readinessProbe.timeoutSeconds
Default value: 3
The number of seconds after which a liveness probe times out. The minimum value is 1.
metrics.proxyURL
Default value:none
URL for the metrics process sidecar proxy in the Kubernetes cluster.
metrics.resources.limits.cpu
Default value: 250m
The CPU limit for the resource in a Kubernetes container, in millicores.
metrics.resources.limits.memory
Default value: 256Mi
The memory limit for the resource in a Kubernetes container, in mebibytes.
metrics.resources.requests.cpu
Default value: 250m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
metrics.resources.requests.memory
Default value: 256Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
metrics.sdSidecar.containerPort
Default value: 9091
The port for connecting to the StackDriver metrics service.
metrics.sdSidecar.image.pullPolicy
Default value: IfNotPresent
Determines when Kubelet pulls this service's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists -
Always: Always pull the policy, even if it already existsFor more information, see Updating images .
metrics.sdSidecar.image.tag
Default value: "release-0.4.0"
The version label for this service's Docker image.
metrics.sdSidecar.image.url
Default value: "google/apigee-stackdriver-prometheus-sidecar"
The location of the Docker image for this service.
metrics.serviceAccountPath
Default value:none
Required
Path to Google Service Account key file with "Apigee Read Only Admin" role.
metrics.terminationGracePeriodSeconds
Default value: 300
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
nodeSelector
The nodeSelector object defines the node for your Apigee instance. Behind the scenes when apigeectl runs, it is taking care to map the label key/value for apigeeRuntime and apigeeData to the individual Istio and MART components. You can override this for individual objects in the istio:nodeSelector and mart:nodeSelector properties.
The following table describes the properties of the nodeSelector
object:
| Property | Description |
|---|---|
nodeSelector.apigeeData.key
|
Version:1.0.0 Default value:"cloud.google.com/gke-nodepool" ApigeeData is the node for the Cassandra database. Node selector label key for targeting Kubernetes nodes for working with Apigee services data. See Add node selectors . |
nodeSelector.apigeeData.value
|
Version:1.0.0 Default value:"apigee-data" apigee-data is the node for the Cassandra database. Node selector label value for targeting Kubernetes nodes for working with Apigee services data. See Add node selectors . |
nodeSelector.apigeeRuntime.key
|
Version:1.0.0 Default value:"cloud.google.com/gke-nodepool" Apigee Runtime is the node for the runtime environment for the project. Node selector label key for targeting Kubernetes nodes for Apigee runtime services. See Add node selectors . |
nodeSelector.apigeeRuntime.value
|
Version:1.0.0 Default value:"apigee-runtime" apigee-runtime is the node for the runtime environment for the project. Node selector label value for targeting Kubernetes nodes for Apigee runtime services. See Add node selectors . |
nodeSelector.requiredForScheduling
|
Version:1.0.0 Default value:false The For production, See Add node selectors . |
runtime
The following table describes the properties of the runtime
object:
runtime.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
runtime.image.tag
Default value: 1.0.0
The version label for this service's Docker image.
runtime.image.url
Default value: URL to your installation's image resource, like:
"google/apigee-runtime"
The location of the Docker image for this service.
runtime.livenessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
runtime.livenessProbe.initialDelaySeconds
Default value: 60
The number of seconds after a container is started before a liveness probe is initiated.
runtime.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
runtime.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
runtime.nodeSelector.key
Default value:none
Optional Node selector label key for targeting Kubernetes nodes for runtime
services.
See nodeSelector property .
runtime.nodeSelector.value
Default value:none
Node selector label value for targeting Kubernetes nodes for runtime
services.
See Add node selectors .
runtime.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
runtime.readinessProbe.initialDelaySeconds
Default value: 60
The number of seconds after a container is started before a readiness probe is initiated.
runtime.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
runtime.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
runtime.readinessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
runtime.replicaCountMax
Default value: 4
Maximum number of replicas available for autoscaling.
runtime.replicaCountMin
Default value: 1
Minimum number of replicas available for autoscaling.
runtime.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
runtime.resources.requests.memory
Default value: 1Gi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
runtime.service.type
Default value: ClusterIP
The type of service. You can set this to a service other than ClusterIP; for example, LoadBalancer
.
runtime.targetCPUUtilizationPercentage
Default value: 75
Target CPU utilization for the runtime process on the pod. The
value of this field enables the runtime to auto-scale when CPU utilization
reaches this value, up to replicaCountMax
.
runtime.terminationGracePeriodSeconds
Default value: 180
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
synchronizer
Ensures that the Message Processors are kept up to date with the latest deployed API proxy bundles. To do this, the Synchronizer polls the management plane; when a new contract is detected, the Synchronizer sends it to the runtime plane.
For more information, see Synchronizer .
The following table describes the properties of the synchronizer
object:
synchronizer.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
synchronizer.image.tag
Default value: 1.0.0
The version label for this service's Docker image.
synchronizer.image.url
Default value: "google/apigee-synchronizer"
The location of the Docker image for this service.
synchronizer.livenessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
synchronizer.livenessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a liveness probe is initiated.
synchronizer.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
synchronizer.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
synchronizer.nodeSelector.key
Default value:none
Required
Optional node selector label key for targeting Kubernetes nodes for synchronizer
runtime services.
See nodeSelector .
synchronizer.nodeSelector.value
Default value:none
Optional node selector label value used for targeting Kubernetes nodes for synchronizer
runtime services.
See nodeSelector .
synchronizer.pollInterval
Default value: 60
The length of time that Synchronizer waits between polling operations. Synchronizer polls Apigee control plane services to detect and pull new runtime contracts.
synchronizer.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
synchronizer.readinessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a readiness probe is initiated.
synchronizer.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
synchronizer.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
synchronizer.readinessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
synchronizer.replicaCount
Default value: 2
Number of replicas for autoscaling.
synchronizer.resources.requests.cpu
Default value: 100m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
synchronizer.resources.requests.memory
Default value: 1Gi
The memory needed for normal operation of the resource in a Kubernetes container, in gigabytes.
synchronizer.serviceAccountPath
Default value:none
Required
Path to Google Service Account key file with "Apigee Read Only Admin" role.
synchronizer.targetCPUUtilizationPercentage
Default value: 75
Target CPU utilization for the Synchronizer process on the pod. The
value of this field enables Synchronizer to auto-scale when CPU utilization
reaches this value, up to replicaCountMax
.
synchronizer.terminationGracePeriodSeconds
Default value: 30
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
udca
(Universal Data Collection Agent) Defines the service that runs within the data collection pod in the runtime plane. This service extracts analytics and deployment status data and sends it to the Unified Analytics Platform (UAP).
For more information, see Analytics and deployment status data collection .
The following table describes the properties of the udca
object:
udca.fluentd.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
udca.fluentd.image.tag
Default value: 1.0.0
The version label for this service's Docker image.
udca.fluentd.image.url
Default value: "google/apigee-stackdriver-logging-agent"
The location of the Docker image for this service.
udca.fluentd.resource.limits.memory
Default value: 500Mi
The memory limit for the resource in a Kubernetes container, in mebibytes.
udca.fluentd.resource.requests.cpu
Default value: 500m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
udca.fluentd.resource.requests.memory
Default value: 250Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
udca.image.pullPolicy
Default value:IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
udca.image.tag
Default value: "1.0.0"
The version label for this service's Docker image.
udca.image.url
Default value: "google/apigee-udca"
The location of the Docker image for this service.
udca.jvmXms
Default value: 256m
The starting amount of memory for the data collection pod's JVM .
udca.jvmXmx
Default value: 256m
The maximum allocation of memory for the data collection pod's JVM .
udca.livenessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
udca.livenessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a liveness probe is initiated.
udca.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
udca.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
udca.nodeSelector.key
Default value:none
Required
Node selector label key used to target dedicated Kubernetes nodes for udca
runtime services.
See Add node selectors .
udca.nodeSelector.value
Default value:none
Required
Node selector label value used to target dedicated Kubernetes nodes for udca
runtime services.
See Add node selectors .
udca.pollingIntervalInSec
Default value: 1
The length of time, in seconds, that UDCA waits between polling operations. UDCA polls the data directory on the data collection pod's file system to detect new files to be uploaded.
prometheus.sslCertPath
Default value:none
Required
Path to the SSL cert for the Prometheus metrics collection process. Prometheus is a tool Apigee can use for collecting and processing metrics.
See:
- metrics
- For background information, the Prometheus website
prometheus.sslKeyPath
Default value:none
Required
Path to the SSL Key for the Prometheus metrics collection process. Prometheus is a tool Apigee can use for collecting and processing metrics.
See:
- metrics
- For background information, the Prometheus website
udca.replicaCountMax
Default value: 4
The maximum number of pods that hybrid can automatically add for the UDCA deployment. Because UDCA is implemented as a ReplicaSet, the pods are replicas.
udca.replicaCountMin
Default value: 1
The minimum number of pods for the UDCA deployment. Because UDCA is implemented as a ReplicaSet, the pods are replicas.
If the CPU usage goes above udca.targetCPUUtilizationPercentage,
then hybrid will gradually increase the number of pods, up to udca.replicaCountMax
.
udca.resource.requests.cpu
Default value: 250m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
udca.revision
Default value: "v1"
A static value that is populated in a label to enable canary deployments.
udca.targetCPUUtilizationPercentage
Default value: 75
The threshold of CPU usage for scaling the number of pods in the ReplicaSet, as a percentage of total available CPU resources. Hybrid uses the combined utilization of all containers in the data collection pod (both fluentd and UDCA) to calculate the current utilization.
When CPU usage goes above this value, then hybrid will gradually
increase the number of pods in the ReplicaSet, up to udca.replicaCountMax
.
udca.terminationGracePeriodSeconds
Default value: 600
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
