Step 7: Configure the hybrid runtime

Specify configuration overrides

The Apigee hybrid installer uses defaults for many settings; however, there are a few settings that do not have defaults. You must provide values for these settings, as explained next.

Be sure you are in the hybrid-base-directory /hybrid-files/overrides/ directory.
```
cd hybrid-base-directory 
/hybrid-files/overrides
```
Create a new file named overrides .yaml in your favorite text editor. For example:
```
vi overrides 
.yaml
```
The overrides .yaml provides the configuration for your unique Apigee hybrid installation. The overrides file in this step provides a basic configuration for a small-footprint hybrid runtime installation, suitable for your first installation.

 overrides 
.yaml

, add the required property values, shown below. A detailed description of each property is also provided below:

For installations in production environments, look at the storage requirements for the Cassandra database in Configure Cassandra for production .

Syntax

Make sure the overrides .yaml file has the following structure and syntax. Values in red, bold italics are property values that you must provide. They are described in the table below .

There are differences between the different platforms for the Google Cloud project region and Kubernetes cluster region. Choose the platform where you are installing Apigee hybrid.

gcp:
  region: analytics-region 
projectID: gcp-project-id 
k8sCluster:
  name: cluster-name 
region: cluster-location 
# Must be the closest Google Cloud region to your cluster.
org: org-name 
instanceID: " unique-instance-identifier 
"  # See the property description table below information about this parameter.
  
cassandra:
  hostNetwork: false 
# Set to  false 
 
for single region installations and multi-region installations
    # with connectivity between pods in different clusters, for example GKE installations.
    # Set to  true 
 
for multi-region installations with no communication between
    # pods in different clusters, for example GKE On-prem, GKE on AWS, Anthos on bare metal,
    # AKS, EKS, and OpenShift installations.
    # See Multi-region deployment: Prerequisites 
storage:
    capacity: 500Gi
  resources:
    requests:
      cpu: 7
      memory: 15Gi
  maxHeapSize: 8192M
  heapNewSize: 1200M
    # Minimum storage requirements for a production environment.
    # See Configure Cassandra for production 
.

virtualhosts:
  - name: environment-group-name 
sslCertPath: ./certs/ cert-name 
.pem
    sslKeyPath: ./certs/ key-name 
.key

envs:
  - name: environment-name 
serviceAccountPaths:
      synchronizer: ./service-accounts/ synchronizer-service-account-name.json 
# for non-production environments, gcp-project-id 
 -apigee-non-prod.json 
# for production environments, gcp-project-id 
 -apigee-synchronizer.json 
udca: ./service-accounts/ udca-service-account-name 
.json
        # for non-production environments, gcp-project-id 
 -apigee-non-prod.json 
# for production environments, gcp-project-id 
 -apigee-udca.json 
runtime: ./service-accounts/ runtime-service-account-name 
.json
        # for non-production environments, gcp-project-id 
 -apigee-non-prod.json 
# for production environments, gcp-project-id 
 -apigee-runtime.json 
mart:
  serviceAccountPath: ./service-accounts/ mart-service-account-name.json 
# for non-production environments, gcp-project-id 
 -apigee-non-prod.json 
# for production environments, gcp-project-id 
 -apigee-mart.json 
connectAgent:
  serviceAccountPath: ./service-accounts/ mart-service-account-name.json 
# for non-production environments, gcp-project-id 
 -apigee-non-prod.json 
# for production environments, gcp-project-id 
 -apigee-mart.json 
# Use the same service account for mart and connectAgent 
metrics:
  serviceAccountPath: ./service-accounts/ metrics-service-account-name.json 
# for non-production environments, gcp-project-id 
 -apigee-non-prod.json 
# for production environments, gcp-project-id 
 -apigee-metrics.json 
udca:
  serviceAccountPath: ./service-accounts/ udca-service-account-name.json 
# for non-production environments, gcp-project-id 
 -apigee-non-prod.json 
# for production environments, gcp-project-id 
 -apigee-udca.json 
watcher:
  serviceAccountPath: ./service-accounts/ watcher-service-account-name.json 
# for non-production environments, gcp-project-id 
 -apigee-non-prod.json 
# for production environments, gcp-project-id 
 -apigee-watcher.json 
logger:
  enabled: false 
# Set to  false 
 
to disable logger for GKE installations.
        # Set to  true 
 
for all platforms other than GKE.
        # See apigee-logger 
in Service accounts and roles used by hybrid components 
.
  serviceAccountPath: ./service-accounts/ logger-service-account-name.json 
# for non-production environments, gcp-project-id 
 -apigee-non-prod.json 
# for production environments, gcp-project-id 
 -apigee-logger.json

Example

The following example shows a completed overrides file with example property values added:

gcp:
  region: us-central1
  projectID: hybrid-example

k8sCluster:
  name: apigee-hybrid
  region: us-central1

org: hybrid-example

instanceID: "my_hybrid_example"
  
cassandra:
  hostNetwork: false

virtualhosts:
  - name: example-env-group
    sslCertPath: ./certs/keystore.pem
    sslKeyPath: ./certs/keystore.key

envs:
  - name: test
    serviceAccountPaths:
      synchronizer: ./service-accounts/hybrid-project-apigee-non-prod.json
        # for production environments, hybrid-project-apigee-synchronizer.json
      udca: ./service-accounts/hybrid-project-apigee-non-prod.json
        # for production environments, hybrid-project-apigee-udca.json
      runtime: ./service-accounts/hybrid-project-apigee-non-prod.json
        # for production environments, hybrid-project-apigee-runtime.json

mart:
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-non-prod.json
    # for production environments, hybrid-project-apigee-mart.json

connectAgent:
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-non-prod.json
    # for production environments, example-hybrid-apigee-mart.json

metrics:
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-non-prod.json
    # for production environments, hybrid-project-apigee-metrics.json

udca:
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-non-prod.json
    # for production environments, hybrid-project-apigee-udca.json

watcher:
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-non-prod.json
    # for production environments, hybrid-project-apigee-watcher.json

logger:
  enabled: false # Set to "false" for GKE. Set to "true" for all other kubernetes platforms.
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-non-prod.json
    # for production environments, logger-service-account-name.json

When you are finished, save the file.

The following table describes each of the property values that you must provide in the overrides file. For more information, see Configuration property reference .

Variable

Description

analytics-region

In GKE, You must set this value to the same region where the cluster is running. In all other platforms, select the closest analytics region to your cluster that has Analytics support (see the table in Part 1, Step 4: Create an organization .

This is the value you assigned to the environment variable ANALYTICS_REGION previously.

gcp-project-id

Identifies the Google Cloud project where the apigee-logger and the apigee-metrics push their data. This is the value assigned to the environment variable PROJECT_ID .

cluster-name

Your Kubernetes cluster name. This is the value assigned to the environment variable CLUSTER_NAME .

cluster-location

The region where the cluster is running. This is the region where you created the cluster in Step 1: Create an cluster .

This is the value you assigned to the environment variable CLUSTER_LOCATION previously.

If you are working with zonal clusters, you must specify the region in which your cluster was created. For example, if you created your cluster in the us-central1-a zone, specify us-central1 for the cluster-location .

org-name

The ID of your Apigee hybrid organization. This is the value assigned to the environment variable ORG_NAME .

unique-instance-identifier

A unique string to identify this Apigee hybrid instance per cluster. The string can be a combination of letters and numbers up to 63 characters in length.

You can create multiple organizations in a single cluster. Just make sure to use the same instanceID value for each time you add a new org to the same cluster.
If you have multiple clusters (in the same region or across multiple regions), each cluster requires a unique instanceID .

If you need help generating a unique ID, you can use a random string generation tool of your choice, such as random.org/strings .

environment-group-name

The name of the environment group your environments are assigned to. This is the group you created in Project and org setup - Step 5: Create an environment group . This is the value assigned to the environment variable ENV_GROUP .

cert-name
key-name

Enter the name of the self-signed TLS key and certificate files that you generated previously in Step 6: Create TLS certificates . These files must be located in the

 base_directory 
/hybrid-files/certs

directory. For example:

sslCertPath: ./certs/keystore.pem
sslKeyPath: ./certs/keystore.key

environment-name

Use the same name that you used when you created an environment in the UI, as explained in Project and org setup - Step 5: Create an environment group .

synchronizer-service-account-name

For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-synchronizer service account key file that you generated with the create-service-account tool in Hybrid runtime setup - Step 6: Create service accounts and credentials . You can see the list of service account files in your service-accounts/ directory. Fore example:

ls ../service-accounts/

udca-service-account-name

For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-udca service account key file that you generated with the create-service-account tool.

runtime-service-account-name

For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-runtime service account key file that you generated with the create-service-account tool.

mart-service-account-name

For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-mart service account key file that you generated with the create-service-account tool.

Note: Both mart and connectAgent use the apigee-mart service account.

metrics-service-account-name

For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-metrics service account key file that you generated with the create-service-account tool.

udca-service-account-name

watcher-service-account-name

For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-watcher service account key file that you generated with the create-service-account tool.

logger-service-account-name

For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-logger service account key file that you generated with the create-service-account tool.

Summary

The configuration file tells Kubernetes how to deploy the hybrid components to a cluster. Next, you will enable synchronizer access so the Apigee runtime and management planes will be able to communicate.

1 2 3 4 5 6 7 (NEXT) Step 8: Enable Synchronizer access 9