This section lists all of the configuration properties that you can use to customize the runtime plane of your Apigee hybrid deployment.
Top-level properties
The following table describes the top-level properties in the overrides.yaml
file. These are properties
that do not belong to another object, and apply at the org or environment level:
Default value:https://apigee.googleapis.com
Defines the API path for all APIs in your installation.
gcp.projectID
instead. Version:1.0.0
Default value:none
Required
ID of your Google Cloud
project. Works with k8sClusterName
(deprecated) and gcpRegion
(deprecated)
to identify the project and determine where the apigee-logger
and the apigee-metrics
push
their data.
gcp.region
instead. Version:1.0.0
Default value: us-central1
Required
The closet GCP region or zone of your Kubernetes cluster. Works with gcpProjectID
(deprecated)
and k8sClusterName
(deprecated) to identify the project and determine where the apigee-logger
and the apigee-metrics
push their data.
Default value:None
Kubernetes secret name configured as docker-registry type; used to pull images from private repo.
k8sCluster.name
and k8sCluster.region
instead. Version:1.0.0
Default value:None
Name of the Kubernetes (K8S) procluster where your hybrid project is running. Works with gcpProjectID
(deprecated) and gcpRegion
(deprecated) to identify the project and determine
where the apigee-logger
and the apigee-metrics
push their data.
kmsEncryptionKey
Default value: defaults.org.kmsEncryptionKey
Optional.Use only one of kmsEncryptionKeyor kmsEncryptionPathor kmsEncryptionSecret.
Local file system path for the Apigee KMS data's encryption key.
kmsEncryptionPath
Default value:None
Optional.Use only one of kmsEncryptionKeyor kmsEncryptionPathor kmsEncryptionSecret.
The path to a file containing a base64-encoded encryption key. See Data encryption .
kmsEncryptionSecret.key
Default value:None
Optional.Use only one of kmsEncryptionKeyor kmsEncryptionPathor kmsEncryptionSecret.
The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
kmsEncryptionSecret.name
Default value:None
Optional.Use only one of kmsEncryptionKeyor kmsEncryptionPathor kmsEncryptionSecret.
The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
kvmEncryptionKey
Default value: defaults.org.kmsEncryptionKey
Optional.Use only one of kvmEncryptionKeyor kvmEncryptionPathor kvmEncryptionSecret.
Local file system path for the Apigee KVM data's encryption key.
kvmEncryptionPath
Default value:None
Optional.Use only one of kvmEncryptionKeyor kvmEncryptionPathor kvmEncryptionSecret.
The path to a file containing a base64-encoded encryption key. See Data encryption .
kvmEncryptionSecret.key
Default value:None
Optional.Use only one of kvmEncryptionKeyor kvmEncryptionPathor kvmEncryptionSecret.
The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
kvmEncryptionSecret.name
Default value:None
Optional.Use only one of kvmEncryptionKeyor kvmEncryptionPathor kvmEncryptionSecret.
The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
Default value: apigee
The namespace of your Kubernetes cluster where the Apigee components will be installed.
Version:1.0.0
Default value:None
Required
The hybrid-enabled organization that was provisioned for you by Apigee during the hybrid installation. An organization is the top-level container in Apigee. It contains all your API proxies and related resources. If the value is empty, you must update it with your org name once you have created it.
Default value: v120
Apigee hybrid supports rolling Kubernetes updates, which allow deployment updates to take place with zero downtime by incrementally updating Pod instances with new ones.
When updating certain YAML overrides that result in underlying Kubernetes PodTemplateSpec
change, the revision
override property must also be changed in the customer's override.yaml.
This is required for the underlying Kubernetes ApigeeDeployment
(AD) controller to conduct a safe
rolling update of from the previous version to the new version. You can use any lowercase text value,
eg: "blue", "a", "1.0.0"
When the revision
property is changed and applied, a rolling update will occur for all components
Changes to properties of the following objects require an update to revision
:
For more information, see Rolling updates .
Default value:true
Enables strict validation of service account permissions. This uses Cloud Resource Manager API method "testIamPermissions" to verify that the provided service account has the required permissions. In the case of service accounts for an Apigee Org, the project ID check is the one mapped to the Organization. For Metrics and Logger, the project checked is based on the "gcpProjectID" overrides.yaml configuration.
See also gcpProjectID
ao
Apigee Operators (AO) creates and updates low level Kubernetes and Istio resources that are required to deploy and maintain the ApigeeDeployment (AD). For example, the controller carries out the release of message processors. Also validates the ApigeeDeployment configuration before persisting it in Kubernetes cluster.
The following table describes the properties of the apigee-operators ao
object:
ao.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
ao.image.tag
Default value: 1.2.0
The version label for this service's Docker image.
ao.image.url
Default value: "google/apigee-deployment-controller"
The location of the Docker image for this service.
ao.resources.limits.cpu
Default value: 250m
The CPU limit for the resource in a Kubernetes container, in millicores.
ao.resources.limits.memory
Default value: 256Mi
The memory limit for the resource in a Kubernetes container, in mebibytes.
ao.resources.requests.cpu
Default value: 250m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
ao.resources.requests.memory
Default value: 256Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
authz
The following table describes the properties of the authz
object:
authz.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
authz.image.tag
Default value: 1.2.0
The version label for this service's Docker image.
authz.image.url
Default value: "google/apigee-authn-authz"
The location of the Docker image for this service.
authz.livenessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
authz.livenessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a liveness probe is initiated.
authz.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
authz.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
authz.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
authz.readinessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a readiness probe is initiated.
authz.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
authz.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
authz.readinessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
authz.resources.requests.cpu
Default value: 50m
The ammount of CPU resources to allocate for authentication requests.
authz.resources.requests.memory
Default value: 128Mi
The ammount of memory resources to allocate for authentication requests.
busyBoxInit
(Deprecated)
The following table describes the properties of the busyBoxInit
object:
busyBoxInit.image.pullPolicy
Version:1.0.0
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
busyBoxInit.image.tag
Version:1.0.0
Default value: "1.0.0"
The version label for this service's Docker image.
busyBoxInit.image.url
Version:1.0.0
Default value: "busybox"
The location of the Docker image for this service.
cassandra
Defines the hybrid service that manages the runtime data repository. This repository stores application configurations, distributed quota counters, API keys, and OAuth tokens for applications running on the gateway.
For more information, see Configure Cassandra .
The following table describes the properties of the cassandra
object:
cassandra.auth.admin.password
Default value:"iloveapis123"
Required
Password for the Cassandra administrator. The admin user is used for any administrative activities performed on the Cassandra cluster.
cassandra.auth.ddl.password
Default value:"iloveapis123"
Required
Password for the Cassandra Data Definition Language (DDL) user. Used by MART for any of the data definition tasks like keyspace creation, update, and deletion.
cassandra.auth.default.password
Default value: "iloveapis123"
Required
The password for the default Cassandra user created when Authentication is enabled. This password must be reset when configuring Cassandra authentication. See Configuring TLS for Cassandra .
cassandra.auth.dml.password
Default value:"iloveapis123"
Required
Password for the Cassandra Data Manipulation Language (DML) user. The DML user is used by the client communication to read and write data to Cassandra.
cassandra.auth.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
cassandra.auth.image.tag
Default value: 1.2.0
The version label for this service's Docker image.
cassandra.auth.image.url
Default value: "google/apigee-hybrid-cassandra-client"
The location of the Docker image for this service.
cassandra.backup.cloudProvider
Default value: "GCP"
Required if backup is enabled.
Cloud provider for backup storage.
cassandra.backup.dbStorageBucket
Default value:None
Required if backup is enabled.
Cloud storage bucket for the backup data.
cassandra.backup.enabled
Default value: false
Data backup is not enabled by default. To enable, set to true
.
cassandra.backup.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
cassandra.backup.image.tag
Default value: 1.2.0
The version label for this service's Docker image.
cassandra.backup.image.url
Default value: "google/apigee-cassandra-backup-utility"
The location of the Docker image for this service.
cassandra.backup.schedule
Default value: "0 2 * * *"
The schedule for the chron job.
cassandra.backup.serviceAccountPath
Default value:None
One of either backup.serviceAccountPath or backup.serviceAccountSecretRef is required if backup is enabled.
Path to Google Service Account key file with Storage Object Adminrole.
cassandra.backup.serviceAccountSecretRef
Default value:None
One of either backup.serviceAccountPath or backup.serviceAccountSecretRef is required if backup is enabled.
The name of a Kubernetes secret . You must create the secret using a Google Service Account key with the Storage Object Adminrole as its input.
cassandra.clusterName
Default value: "apigeecluster"
Specifies the name of the Cassandra cluster.
cassandra.datacenter
Default value: "dc-1"
Specifies the datacenter of the Cassandra node.
cassandra.dnsPolicy
Default value: ClusterFirstWithHostNet
When cassandra.hostNetwork
is set to true
, this determines which DNS policy
Cassandra uses. For Anthos based deployments it should be set to ClusterFirstWithHostNet
.
If cassandra.hostNetwork
is set to false
, cassandra.dnsPolicy
is ignored.
See Pod's DNS Policy
in the Kubernetes documentation for more values for cassandra.dnsPolicy
.
cassandra.externalSeedHost
Default value:None
Hostname or IP of a Cassandra cluster node. If not set, the Kubernetes local service is used.
cassandra.heapNewSize
Default value: 100M
The amount of JVM system memory allocated to newer objects, in megabytes.
cassandra.hostNetwork
Default value: true
for Anthos deployments. false
for non-Anthos deployments.
Set to true for Anthos based deployments.
When cassandra.hostNetwork
is true
, make sure cassandra.dnsPolicy
is set to ClusterFirstWithHostNet
.
cassandra.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
cassandra.image.tag
Default value: 1.2.0
The version label for this service's Docker image.
cassandra.image.url
Default value: "google/apigee-hybrid-cassandra"
The location of the Docker image for this service.
cassandra.maxHeapSize
Default value: 512M
The upper limit of JVM system memory available fo Cassandra operations, in megabytes.
cassandra.multiRegionSeedHost
Default value:None
IP address of an existing Cassandra cluster used to expand the existing cluster to a new region. See Configure the multi-region seed host .
cassandra.nodeSelector.key
Default value:None
Required
Node selector label key used to target dedicated Kubernetes nodes for cassandra
data services.
See Add node selectors .
cassandra.nodeSelector.value
Default value:None
Optional ode selector label value used to target dedicated Kubernetes nodes for cassandra
data services and override the nodeSelector.apigeeData settings.
See nodeSelector .
cassandra.port
Default value: 9042
Port number used to connect to cassandra.
cassandra.rack
Default value: "ra-1"
Specifies the rack of the Cassandra node.
cassandra.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
cassandra.readinessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a readiness probe is initiated.
cassandra.readinessProbe.periodSeconds
Default value: 10
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
cassandra.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
cassandra.readinessProbe.timeoutSeconds
Default value: 5
The number of seconds after which a liveness probe times out. The minimum value is 1.
cassandra.replicaCount
Default value: 1
Cassandra is a replicated database. This property specifies the number of Cassandra nodes employed as a StatefulSet .
cassandra.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
cassandra.resources.requests.memory
Default value: 1Gi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
cassandra.restore.cloudProvider
Default value: "GCP"
Required if restore is enabled.
Cloud provider for backup storage.
cassandra.restore.dbStorageBucket
Default value:None
Required if restore is enabled.
Cloud storage bucket for the backup data to restore.
cassandra.restore.enabled
Default value: false
cassandra.restore.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
cassandra.restore.image.tag
Default value: 1.2.0
The version label for this service's Docker image.
cassandra.restore.image.url
Default value: "google/apigee-cassandra-backup-utility"
The location of the Docker image for this service.
cassandra.restore.serviceAccountPath
Default value:None
One of either restore.serviceAccountPath or restore.serviceAccountSecretRef is required if restore is enabled.
Path to Google Service Account key file with Storage Object Adminrole.
cassandra.restore.serviceAccountSecretRef
Default value:None
One of either restore.serviceAccountPath or restore.serviceAccountSecretRef is required if restore is enabled.
The name of a Kubernetes secret . You must create the secret using a Google Service Account key with the Storage Object Adminrole as its input.
cassandra.restore.snapshotTimestamp
Default value:None
Required if restore is enabled.
Timestamp of the backup that should be restored.
cassandra.restore.user
Default value: admin account
Cassandra username used for schema backup restoration. If not specified, the admin user will be used.
cassandra.sslCertPath
Default value:None
The path on your system to a TLS certificate file.
cassandra.sslKeyPath
Default value:None
The path on your system to the TLS private key file.
cassandra.sslRootCAPath
Default value:None
The certificate chain to the root CA (certificate authority).
cassandra.storage.capacity
Default value: 50Gi
Required if storage.storageClass is specified
Specifies the disk size required, in mebibytes.
cassandra.storage.storageClass
Default value:None
Specifies the class of on-prem storage being used.
cassandra.terminationGracePeriodSeconds
Default value: 300
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
certmanager
cert-manageris a certificate manager for Kubernetes implementations used by Apigee. See Welcome to cert-manager .
The following table describes the properties of the certmanager
object:
| Property | Description |
|---|---|
certmanager.image.tag
|
Version:1.2.0 Default value: The version label for this service's Docker image. |
certmanager.image.url
|
Version:1.2.0 Default value: The location of the Docker image for this service. |
certmanagercainjector
The cert-manager CA injector is a cert-manager process responsible for injecting the CA bundle into the cert-manager Webhook process. See CA injector in the cert-manager documentation.
The following table describes the properties of the certmanagercainjector
object:
| Property | Description |
|---|---|
certmanagercainjector.image.tag
|
Version:1.2.0 Default value: The version label for this service's Docker image. |
certmanagercainjector.image.url
|
Version:1.2.0 Default value: The location of the Docker image for this service. |
certmanagerwebhook
The cert-manager Webhook is a process that provides dynamic admission control over cert-manager resources. See Webhook in the cert-manager documentation.
The following table describes the properties of the certmanagerwebhook
object:
| Property | Description |
|---|---|
certmanagerwebhook.image.tag
|
Version:1.2.0 Default value: The version label for this service's Docker image. |
certmanagerwebhook.image.url
|
Version:1.2.0 Default value: The location of the Docker image for this service. |
connectAgent
Apigee Connect allows the Apigee hybrid management plane to connect securely to the MART service in the runtime plane without requiring you to expose the MART endpoint on the internet. If you use Apigee Connect, you do not need to configure the MART ingress gateway with a host alias and an authorized DNS certificate.
The following table describes the properties of the connectAgent
object:
connectAgent.enabled
Default value: false
Is this installation using Apigee Connect instead of Istio ingress for mart? True or False.
See Using Apigee Connect .
connectAgent.server
Default value: "apigeeconnect.googleapis.com:443"
The location of the server and port for this service.
connectAgent.logLevel
Default value: "INFO"
The level of log reporting. Values can be:
-
INFO: Informational messages in addition to warning, error, and fatal messages. Most useful for debugging. -
WARNING: Non-fatal warnings in addition to error and fatal messages. -
ERROR: Internal errors and errors that are not returned to the user in addition to fatal messages. -
FATAL: Unrecoverable errors and events that cause Apigee connect to crash.
connectAgent.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
connectAgent.image.tag
Default value: "1.2.0"
The version label for this service's Docker image.
connectAgent.image.url
Default value: "google/apigee-connect-agent"
The location of the Docker image for this service. Check the values.yaml file for the specific URL.
connectAgent.replicaCountMax
Default value: 5
Maximum number of replicas available for autoscaling.
connectAgent.replicaCountMin
Default value: 1
Minimum number of replicas available for autoscaling.
In production, you may want to increase replicaCountMin to 3, to have a greater number of connections to the control plane for reliability and scalability.
connectAgent.resources.requests.cpu
Default value: 100m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
connectAgent.resources.requests.memory
Default value: 30Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
connectAgent.targetCPUUtilizationPercentage
Default value: 75
Target CPU utilization for the Apigee connect agent on the pod. The
value of this field enables Apigee connect to auto-scale when CPU utilization
reaches this value, up to replicaCountMax
.
connectAgent.terminationGracePeriodSeconds
Default value: 600
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
defaults
The Default encryption keys for the Apigee hybrid installation.
The following table describes the properties of the defaults
object:
| Property | Description |
|---|---|
defaults.org.kmsEncryptionKey
|
Version:1.0.0 Default value: Default encryption key for the org in KMS. |
defaults.org.kvmEncryptionKey
|
Version:1.0.0 Default value: Default encryption key for the org in KVM. |
defaults.env.kmsEncryptionKey
|
Version:1.0.0 Default value: Default encryption key for the environment (env) in KMS. |
defaults.env.kvmEncryptionKey
|
Version:1.0.0 Default value: Default encryption key for the environment (env) in KVM. |
defaults.env.cacheEncryptionKey
|
Version:1.0.0 Default value: Default cache encryption key for the environment (env). |
envs
Defines an array of environments to which you can deploy your API proxies. Each environment provides an isolated context or "sandbox" for running API proxies.
Your hybrid-enabled organization must have at least one environment.
For more information, see Configure environments .
The following table describes the properties of the envs
object:
envs[].cacheEncryptionKey
Default value:None
One of either cacheEncryptionKey, cacheEncryptionPath, or cacheEncryptionSecret is required.
A base64-encoded encryption key. See Data encryption .
envs[].cacheEncryptionPath
Default value:None
One of either cacheEncryptionKey, cacheEncryptionPath, or cacheEncryptionSecret is required.
The path to a file containing a base64-encoded encryption key. See Data encryption .
envs[].cacheEncryptionSecret.key
Default value:None
One of either cacheEncryptionKey, cacheEncryptionPath, or cacheEncryptionSecret is required.
The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
envs[].cacheEncryptionSecret.name
Default value:None
One of either cacheEncryptionKey, or cacheEncryptionPath, or cacheEncryptionSecret is required.
The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
envs[].hostAlias
envs[].hostAliases[]
Default value:None
The host aliases pointing to the environment. Each host alias must be a fully-qualified domain name.
envs[].httpProxy.host
Default value:None
Specifies the host name or IP address where the HTTP proxy is running.
List httpProxy
properties in the order scheme
, host
, port
. For example:
envs:
- name: test
httpProxy:
scheme: HTTP
host: 10.12.0.47
port: 3128
...
See also: Configure forward proxying for API proxies .
envs[].httpProxy.port
Default value:None
Specifies the port on which the HTTP proxy is running. If this property is omitted, by default it uses port 80 for HTTP and port 443 for HTTPS.
envs[].httpProxy.scheme
Default value:None
Specifies the type of the HTTP proxy as HTTP or HTTPS. By default, it uses "HTTP".
envs[].httpProxy.username
Default value:None
If the HTTP proxy requires basic authentication, then use this property to provide a username.
envs[].httpProxy.password
Default value:None
If the HTTP proxy requires basic authentication, then use this property to provide a password.
envs[].kmsEncryptionKey
Default value:None
One of either kmsEncryptionKey, kmsEncryptionPath, or kmsEncryptionSecret is required.
Local file system path for the Apigee KMS data's encryption key.
envs[].kmsEncryptionPath
Default value:None
One of either kmsEncryptionKey, kmsEncryptionPath, or kmsEncryptionSecret is required.
The path to a file containing a base64-encoded encryption key. See Data encryption .
envs[].kmsEncryptionSecret.key
Default value:None
kmsEncryptionKey, kmsEncryptionPath, or kmsEncryptionSecret is required.
The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
envs[].kmsEncryptionSecret.name
Default value:None
One of either kmsEncryptionKey, kmsEncryptionPath, or kmsEncryptionSecret is required.
The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
envs[].name
Default value:None
Required
Apigee environment name to be synchronized.
envs[].pollInterval
Default value:None
Interval used for polling organization and environment synchronization changes, in seconds.
envs[].port
Default value:None
TCP port number for HTTPS traffic.
envs[].serviceAccountPaths.synchronizer
Default value:None
Path to file on local system to a Google Service Account key with the Apigee Synchronizer Managerrole.
envs[].serviceAccountPaths.udca
Default value:None
Path to file on local system to a Google Service Account key with the Apigee Analytic Agentrole.
envs[].serviceAccountSecretRefs.synchronizer
Default value:None
The name of a Kubernetes secret . You must create the secret using a Google Service Account key with the Apigee Synchronizer Managerrole as its input.
envs[].serviceAccountSecretRefs.udca
Default value:None
The name of a Kubernetes secret . You must create the secret using a Google Service Account key with the Apigee Analytic Agentrole as its input.
envs[].sslCertPath
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The path on your system to a TLS certificate file.
envs[].sslKeyPath
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The path on your system to the TLS private key file.
envs[].sslSecret
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The name of a file stored in a Kubernetes secret that contains the TLS certificate and private key. You must create the secret using the TLS certificate and key data as its input.
See also:
- Storing data in a Kubernetes secret
- Secrets in the Kubernetes documentation
- Creating a Secret Using kubectl in the Kubernetes documentation
gcp
Identifies the GCP project ID and region where the apigee-logger
and the apigee-metrics
push their data.
The following table describes the properties of the gcp
object:
| Property | Description |
|---|---|
gcp.region
|
Version:1.2.0 Default value:None Required Identifies the GCP region
where the |
gcp.projectID
|
Version:1.2.0 Default value:None Required Identifies the Google Cloud
project where |
gcp.projectIDRuntime
|
Version:1.2.0 Default value:None Identifies the runtime Kubernetes cluster project. The |
httpProxy
httpProxy
provides configuration parameters for an HTTP forward proxy server. When
configured in overrides.yaml, all internet communication for the MART, Synchronizer, and UDCA
components pass through the proxy server.
See also: MART , Synchronizer , and UDCA .
The following table describes the properties of the httpProxy
object:
| Property | Description |
|---|---|
httpProxy.host
|
Version:1.1.1 Default value:None The hostname of the HTTP Proxy. |
httpProxy.port
|
Version:1.1.1 Default value:None The port of the HTTP Proxy. |
httpProxy.scheme
|
Version:1.1.1 Default value: The scheme used by the proxy. Values can be |
ingress
Ingress is the instantiation of the Istio Ingress Gateway. The ingress is used to specify services that should be exposed outside the cluster. The hybrid runtime installation creates Ingress objects for these two runtime components:
- Runtime
- MART
See also:
- Ingress Gateways in the istio documentation.
- Adding gateways about adding Istio ingress gatewawys in the GCP documentation.
- istio object in Apigee
- MART object
- Runtime object
The following table describes the properties of the ingress
object:
ingress.enableAccesslog
Default value: false
Enable or disable the Ingress access log. By default, it is disabled.
ingress.envoyHeaders.headers
"x-envoy-decorator-operation" "x-envoy-expected-rq-timeout-ms" "x-envoy-external-address" "x-istio-attributes"
none
A list of Envoy headers.
ingress.envoyHeaders.preserved
Default value: false
Determines whether to preserve or not to preserve Envoy's headers. By default, they are not.
ingress.httpsRedirect
Default value: true
Enable or disable the automatic HTTPS redirection for all incoming traffic.
ingress.mart.loadBalancerIP
Default value: 10.0.10.252
IP address of the MART load balancer.
ingress.minTLSProtocolVersion
Default value:If neither minTLSProtocolVersion
nor maxTLSProtocolVersion
are specified, the ingress uses the default TLS_AUTO
as described in Common TLS configuration
in the Envoy proxy documentation.
Allows you to set the minimum TLS version for the ingress. Possible values are 1.0, 1.1, 1.2 and 1.3.
ingress.maxTLSProtocolVersion
Default value:If neither minTLSProtocolVersion
nor maxTLSProtocolVersion
are specified, the ingress uses the default TLS_AUTO
as described in Common TLS configuration
in the Envoy proxy documentation.
Allows you to set the maximum TLS version for the ingress. Possible values are 1.0, 1.1, 1.2 and 1.3.
ingress.runtime.loadBalancerIP
Default value: 10.0.10.251
IP address of the load balancer for the Apigee-runtime object.
ingress.serviceType
Default value: LoadBalancer
The type of service used for routing external traffic to internal services.
Possible values include:
-
ClusterIP(not supported) -
LoadBalancer -
NodePort
istio
Google Cloud Platform's (GCP's) implemention of Istio is a service mesh that layers onto your existing Apigee instance helping it integrate with the logging platform, telemetry and policy system.
See also: GCP's Istio documentation and What is Istio .
The following table describes the properties of the istio
object:
istio.citadel.image.url
Default value: "google/apigee-istio-citadel"
The location of the Docker image for this service.
istio.galley.image.url
Default value: "google/apigee-istio-galley"
The location of the Docker image for this service.
istio.ingressgateway.replicaCountMax
Default value:5
Required
Maximum number of Istio ingress gateway replicas allowed.
See:
- ingress object
- Ingress Gateways in the Istio documentation
- Adding gateways about adding Istio ingress gatewawys in the GCP documentation.
istio.ingressgateway.replicaCountMin
Default value:1
Required
Minimum number of Istio ingress gateway replicas required.
See:
- ingress object
- Ingress Gateways in the Istio documentation
- Adding gateways about adding Istio ingress gatewawys in the GCP documentation.
istio.ingressgateway.resources.requests.cpu
Default value:100m
Required
CPU resources allocated to the ingress controller, needed for the gateway to operate optimally.
See:
- ingress object
- Ingress Gateways in the Istio documentation
- Ingress Controllers in the Kubernetes documentation.
istio.ingressgateway.resources.requests.memory
Default value:128Mi
Memory resources allocated to the ingress controller, needed for the gateway to operate optimally.
istio.kubectl.image.url
Default value: "google/apigee-istio-kubectl"
The location of the Docker image for this service.
istio.mixer.image.url
Default value: "google/apigee-istio-mixer"
The location of the Docker image for this service.
istio.node_agent_k8s.image.url
Default value: "google/apigee-istio-node-agent-k8s"
The location of the Docker image for this service.
istio.nodeSelector.key
Default value:None
Optional node selector label key for targeting Kubernetes nodes for istio
services. If you do not specify a key for mart.nodeselector, the istio
services
use the node specified in the nodeSelector
object.
istio.nodeSelector.value
Default value:None
Optional node selector label value for targeting Kubernetes nodes for istio
services. See also the nodeSelector
object.
istio.pilot.image.url
Default value: "google/apigee-istio-pilot"
The location of the Docker image for this service.
istio.pilot.replicaCountMax
Default value:5
Required
The pilot
core traffic management within the cluster, communicating with the envoy
sidecar proxy. replicaCountMax
is the maximium number of
Istio pilot replicas allowed.
See Pilot: Core traffic management in the Istio documentation
istio.pilot.replicaCountMin
Default value:1
Required
The pilot
core traffic management within the cluster, communicating with the envoy
sidecar proxy. replicaCountMax
is the maximium number of
Istio pilot replicas required.
See Pilot: Core traffic management in the Istio documentation
istio.pilot.resources.requests.cpu
Default value:500m
Required
CPU resources allocated to the pilot process, needed for the gateway to operate optimally.
See:
- Pilot: Core traffic management in the Istio documentation
- pilot-agent in the Istio documentation.
istio.pilot.resources.requests.memory
Default value:2048Mi
Memory resources allocated to the pilot process, needed for the gateway to operate optimally.
See:
- Pilot: Core traffic management in the Istio documentation
- pilot-agent in the Istio documentation.
istio.proxyv2.image.url
Default value: "google/apigee-istio-proxyv2"
The location of the Docker image for this service.
istio.sidecar_injector.image.url
Default value: "google/apigee-istio-sidecar-injector"
The location of the Docker image for this service.
istio.version
Default value: 1.4.6
Version of Istio to use for this implementation of Apigee.
k8sCluster
Identifies Kubernetes cluster where the hybrid runtime is installed.
The following table describes the properties of the k8sCluster
object:
| Property | Description |
|---|---|
k8sCluster.name
|
Version:1.2.0 Default value:None The name of the Kubernetes cluster where the hybrid runtime is installed. |
k8sCluster.region
|
Version:1.2.0 Default value:None Identifies the GCP region in which your Kubernetes cluster was created. |
kubeRBACProxy
Identifies where Apigee should look for Kubernetes role-based access controls.
The following table describes the properties of the kubeRBACProxy
object:
kubeRBACProxy.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
kubeRBACProxy.image.tag
"v0.4.1"
Default value: 1.2.0
The version label for this service's Docker image.
kubeRBACProxy.image.url
Default value: "google/apigee-kube-rbac-proxy"
The location of the Docker image for this service.
If you do not want to use the Google Docker Hub, download the images and use the address where your docker images are hosted internally.
logger
Defines the service that manages operational logs. All of the Apigee hybrid services that run in your Kubernetes cluster output this information.
For more information, see Logging .
The following table describes the properties of the logger
object:
logger.enabled
Default value: true
Enables or disables logging on the cluster. For non- GKE
set to true
, for
Anthos or GKE set to false
.
logger.fluentd.buffer_chunk_limit
Default value: 512k
The maximum size of a buffer chunk allowed, in kilobytes. Chunks exceeding the limit will be flushed to the output queue automatically.
logger.fluentd.buffer_queue_limit
Default value: 6
The maximum length of the output queue. The default limit is 256 chunks.
logger.fluentd.flush_interval
Default value: 5s
The interval to wait before invoking the next buffer flush, in seconds.
logger.fluentd.max_retry_wait
Default value: 30
The maximum interval between write retries, in seconds.
logger.fluentd.num_threads
Default value: 2
The number of threads used to flush the buffer. The default is 1.
logger.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
logger.image.tag
Default value: "1.6.8"
The version label for this service's Docker image.
logger.image.url
Default value: "google/apigee-stackdriver-logging-agent"
The location of the Docker image for this service.
logger.livenessProbe.failureThreshold
Default value: 3
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
logger.livenessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a liveness probe is initiated.
logger.livenessProbe.periodSeconds
Default value: 60
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
logger.livenessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a liveness probe to be considered successful after a failure. The minimum value is 1.
logger.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
logger.nodeSelector.key
Default value: "apigee.com/apigee-logger-enabled"
Required
Node selector label key used to target dedicated Kubernetes nodes for logger
runtime services.
See Add node selectors .
logger.nodeSelector.value
Default value: "true"
Required
Node selector label value used to target dedicated Kubernetes nodes for logger
runtime services.
See Add node selectors .
logger.proxyURL
Default value:None
URL of the customer's proxy server.
logger.resources.limits.memory
Default value: 500Mi
The memory limit for the resource in a Kubernetes container, in mebibytes.
logger.resources.limits.cpu
Default value: 200m
The CPU limit for the resource in a Kubernetes container, in millicores.
logger.resources.requests.cpu
Default value: 100m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
logger.resources.requests.memory
Default value: 250Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
logger.serviceAccountPath
Default value:None
One of either serviceAccountPath or serviceAccountSecretRef is required.
Path to Google Service Account key file with Logs Writerrole.
logger.serviceAccountSecretRef
Default value:None
One of either serviceAccountPath or serviceAccountSecretRef is required.
The name of a Kubernetes secret . You must create the secret using a Google Service Account key with the Logs Writerrole as its input.
logger.terminationGracePeriodSeconds
Default value: 30
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
mart
Defines the MART (Management API for RunTime data) service, which acts as an API provider for public Apigee APIs so that you can access and manage runtime data entities such as KMS (API Keys and OAuth tokens), KVM, Quota, and API products.
The following table describes the properties of the mart
object:
mart.hostAlias
Default value:None
The host alias pointing to the MART
object. You can set this property to *
or
a fully-qualified domain name.
mart.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
mart.image.tag
Default value: 1.2.0
The version label for this service's Docker image.
mart.image.url
Default value: "google/apigee-mart-server"
The location of the Docker image for this service. Check the values.yaml file for the specific URL.You can override this.
mart.initCheckCF.resources.requests.cpu
Default value: 10m
The amount of CPU resourced allocated to the initialization check of the Cloud Foundry process.
mart.livenessProbe.failureThreshold
Default value: 12
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
mart.livenessProbe.initialDelaySeconds
Default value: 15
The number of seconds after a container is started before a liveness probe is initiated.
mart.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
mart.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
mart.metricsURL
Default value: "/v1/server/metrics"
mart.nodeSelector.key
Default value:None
Optional node selector label key for targeting Kubernetes nodes for mart
runtime services. If you do not specify a key for mart.nodeselector, then your runtime uses
the node specified in the nodeSelector
object.
See Add node selectors .
mart.nodeSelector.value
Default value:None
Optional node selector label value for targeting Kubernetes nodes for mart
runtime services. See also the nodeSelector
object.
See Add node selectors .
mart.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
mart.readinessProbe.initialDelaySeconds
Default value: 15
The number of seconds after a container is started before a readiness probe is initiated.
mart.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
mart.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
mart.readinessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
mart.replicaCountMax
Default value: 5
Maximum number of replicas available for autoscaling.
mart.replicaCountMin
Default value: 1
Minimum number of replicas available for autoscaling.
mart.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
mart.resources.requests.memory
Default value: 512Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
mart.serviceAccountPath
Default value:None
One of either serviceAccountPath
or serviceAccountSecretRef
is required.
Path to Google Service Account key file with no role.
mart.serviceAccountSecretRef
Default value:None
One of either serviceAccountPath
or serviceAccountSecretRef
is required.
The name of a Kubernetes secret . You must create the secret using a Google Service Account key with no roleas its input.
mart.sslCertPath
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
Local file system path for loading and encoding the SSL cert to a Secret.
mart.sslKeyPath
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
Local file system path for loading and encoding the SSL key to a Secret.
mart.sslSecret
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The name of a file stored in a Kubernetes secret that contains the TLS certificate and private key. You must create the secret using the TLS certificate and key data as its input.
See also:
- Storing data in a Kubernetes secret
- Secrets in the Kubernetes documentation
- Creating a Secret Using kubectl in the Kubernetes documentation
mart.targetCPUUtilizationPercentage
Default value: 75
Target CPU utilization for the MART process on the pod. The
value of this field enables MART to auto-scale when CPU utilization
reaches this value, up to replicaCountMax
.
mart.terminationGracePeriodSeconds
Default value: 30
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
metrics
Defines the service that collects operations metrics. You can use metrics data to monitor the health of Hybrid services, to set up alerts, and so on.
For more information, see Metrics collection overview .
The following table describes the properties of the metrics
object:
metrics.enabled
Default value: false
Enables Apigee metrics. Set to true
to enable metrics. Set to false
to disable metrics.
metrics.nodeSelector.key
Default value:None
Required
Node selector label key used to target dedicated Kubernetes nodes for metrics
runtime services.
See Add node selectors .
metrics.nodeSelector.value
Default value:None
Required
Node selector label value used to target dedicated Kubernetes nodes for metrics
runtime services.
See Add node selectors .
metrics.prometheus.args.storage_tsdb_retention
Default value: 48h
The amount of time Prometheus waits before removing old data from local storage, in hours.
metrics.prometheus.containerPort
Default value: 9090
The port to connect to the Prometheus metrics service.
metrics.prometheus.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
metrics.prometheus.image.tag
Default value: "v2.9.2"
The version label for this service's Docker image.
metrics.prometheus.image.url
Default value: "google/apigee-prom-prometheus"
The location of the Docker image for this service.
metrics.prometheus.livenessProbe.failureThreshold
Default value: 6
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
metrics.prometheus.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
metrics.prometheus.livenessProbe.timeoutSeconds
Default value: 3
The number of seconds after which a liveness probe times out. The minimum value is 1.
metrics.prometheus.readinessProbe.failureThreshold
Default value: 120
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
metrics.prometheus.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
metrics.prometheus.readinessProbe.timeoutSeconds
Default value: 3
The number of seconds after which a liveness probe times out. The minimum value is 1.
prometheus.sslCertPath
Default value:None
Required
Path to the SSL cert for the Prometheus metrics collection process. Prometheus is a tool Apigee can use for collecting and processing metrics.
See:
- metrics
- For background information, the Prometheus website
prometheus.sslKeyPath
Default value:None
Required
Path to the SSL Key for the Prometheus metrics collection process. Prometheus is a tool Apigee can use for collecting and processing metrics.
See:
- metrics
- For background information, the Prometheus website
metrics.proxyURL
Default value:None
URL for the metrics process sidecar proxy in the Kubernetes cluster.
metrics.resources.limits.cpu
Default value: 250m
The CPU limit for the resource in a Kubernetes container, in millicores.
metrics.resources.limits.memory
Default value: 256Mi
The memory limit for the resource in a Kubernetes container, in mebibytes.
metrics.resources.requests.cpu
Default value: 250m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
metrics.resources.requests.memory
Default value: 256Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
metrics.sdSidecar.containerPort
Default value: 9091
The port for connecting to the StackDriver metrics service.
metrics.sdSidecar.image.pullPolicy
Default value: IfNotPresent
Determines when Kubelet pulls this service's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists -
Always: Always pull the policy, even if it already existsFor more information, see Updating images .
metrics.sdSidecar.image.tag
Default value: "release-0.4.0"
The version label for this service's Docker image.
metrics.sdSidecar.image.url
Default value: "google/apigee-stackdriver-prometheus-sidecar"
The location of the Docker image for this service.
metrics.serviceAccountPath
Default value:None
One of either serviceAccountPath or serviceAccountSecretRef is required.
Path to Google Service Account key file with Monitoring Metric Writerrole.
metrics.serviceAccountSecretRef
Default value:None
One of either serviceAccountPath or serviceAccountSecretRef is required.
The name of a Kubernetes secret . You must create the secret using a Google Service Account key with the Monitoring Metric Writerrole as its input.
metrics.terminationGracePeriodSeconds
Default value: 300
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
nodeSelector
The nodeSelector object defines the node for your Apigee instance. Behind the scenes when apigeectl runs, it is taking care to map the label key/value for apigeeRuntime and apigeeData to the individual Istio and MART components. You can override this for individual objects in the istio:nodeSelector and mart:nodeSelector properties.
The following table describes the properties of the nodeSelector
object:
| Property | Description |
|---|---|
nodeSelector.apigeeData.key
|
Version:1.0.0 Default value:"cloud.google.com/gke-nodepool" ApigeeData is the node for the Cassandra database. Node selector label key for targeting Kubernetes nodes for working with Apigee services data. See Add node selectors . |
nodeSelector.apigeeData.value
|
Version:1.0.0 Default value:"apigee-data" apigee-data is the node for the Cassandra database. Node selector label value for targeting Kubernetes nodes for working with Apigee services data. See Add node selectors . |
nodeSelector.apigeeRuntime.key
|
Version:1.0.0 Default value:"cloud.google.com/gke-nodepool" Apigee Runtime is the node for the runtime environment for the project. Node selector label key for targeting Kubernetes nodes for Apigee runtime services. See Add node selectors . |
nodeSelector.apigeeRuntime.value
|
Version:1.0.0 Default value:"apigee-runtime" apigee-runtime is the node for the runtime environment for the project. Node selector label value for targeting Kubernetes nodes for Apigee runtime services. See Add node selectors . |
nodeSelector.requiredForScheduling
|
Version:1.0.0 Default value:false The For production, See Add node selectors . |
runtime
The following table describes the properties of the runtime
object:
runtime.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
runtime.image.tag
Default value: 1.2.0
The version label for this service's Docker image.
runtime.image.url
Default value: URL to your installation's image resource, like:
"google/apigee-runtime"
The location of the Docker image for this service.
runtime.livenessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
runtime.livenessProbe.initialDelaySeconds
Default value: 60
The number of seconds after a container is started before a liveness probe is initiated.
runtime.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
runtime.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
runtime.nodeSelector.key
Default value:None
Optional Node selector label key for targeting Kubernetes nodes for runtime
services.
See nodeSelector property .
runtime.nodeSelector.value
Default value:None
Node selector label value for targeting Kubernetes nodes for runtime
services.
See Add node selectors .
runtime.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
runtime.readinessProbe.initialDelaySeconds
Default value: 60
The number of seconds after a container is started before a readiness probe is initiated.
runtime.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
runtime.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
runtime.readinessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
runtime.replicaCountMax
Default value: 4
Maximum number of replicas available for autoscaling.
runtime.replicaCountMin
Default value: 1
Minimum number of replicas available for autoscaling.
runtime.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
runtime.resources.requests.memory
Default value: 512Mi
(see note below)
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes
( Mi
) or Gibibytes ( Gi
).
runtime.service.type
Default value: ClusterIP
The type of service. You can set this to a service other than ClusterIP; for example, LoadBalancer
.
runtime.targetCPUUtilizationPercentage
Default value: 75
Target CPU utilization for the runtime process on the pod. The
value of this field enables the runtime to auto-scale when CPU utilization
reaches this value, up to replicaCountMax
.
runtime.terminationGracePeriodSeconds
Default value: 180
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
synchronizer
Ensures that the Message Processors are kept up to date with the latest deployed API proxy bundles. To do this, the Synchronizer polls the management plane; when a new contract is detected, the Synchronizer sends it to the runtime plane.
For more information, see Synchronizer .
The following table describes the properties of the synchronizer
object:
synchronizer.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
synchronizer.image.tag
Default value: 1.2.0
The version label for this service's Docker image.
synchronizer.image.url
Default value: "google/apigee-synchronizer"
The location of the Docker image for this service.
synchronizer.livenessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
synchronizer.livenessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a liveness probe is initiated.
synchronizer.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
synchronizer.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
synchronizer.nodeSelector.key
Default value:None
Required
Optional node selector label key for targeting Kubernetes nodes for synchronizer
runtime services.
See nodeSelector .
synchronizer.nodeSelector.value
Default value:None
Optional node selector label value used for targeting Kubernetes nodes for synchronizer
runtime services.
See nodeSelector .
synchronizer.pollInterval
Default value: 60
The length of time that Synchronizer waits between polling operations. Synchronizer polls Apigee control plane services to detect and pull new runtime contracts.
synchronizer.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
synchronizer.readinessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a readiness probe is initiated.
synchronizer.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
synchronizer.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
synchronizer.readinessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
synchronizer.replicaCount
Default value: 2
Number of replicas for autoscaling.
synchronizer.replicaCountMax
Default value: 4
Maximum number of replicas for autoscaling.
synchronizer.replicaCountMin
Default value: 1
Minimum number of replicas for autoscaling.
synchronizer.resources.requests.cpu
Default value: 100m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
synchronizer.resources.requests.memory
Default value: 1Gi
The memory needed for normal operation of the resource in a Kubernetes container, in gigabytes.
synchronizer.serviceAccountPath
Default value:None
One of either serviceAccountPath or serviceAccountSecretRef is required.
Path to Google Service Account key file with Apigee Synchronizer Managerrole.
synchronizer.serviceAccountSecretRef
Default value:None
One of either serviceAccountPath or serviceAccountSecretRef is required.
The name of a Kubernetes secret . You must create the secret using a Google Service Account key with the Apigee Synchronizer Managerrole as its input.
synchronizer.targetCPUUtilizationPercentage
Default value: 75
Target CPU utilization for the Synchronizer process on the pod. The
value of this field enables Synchronizer to auto-scale when CPU utilization
reaches this value, up to replicaCountMax
.
synchronizer.terminationGracePeriodSeconds
Default value: 30
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
udca
(Universal Data Collection Agent) Defines the service that runs within the data collection pod in the runtime plane. This service extracts analytics and deployment status data and sends it to the Unified Analytics Platform (UAP).
For more information, see Analytics and deployment status data collection .
The following table describes the properties of the udca
object:
udca.fluentd.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
udca.fluentd.image.tag
Default value: 1.2.0
The version label for this service's Docker image.
udca.fluentd.image.url
Default value: "google/apigee-stackdriver-logging-agent"
The location of the Docker image for this service.
udca.fluentd.resource.limits.memory
Default value: 500Mi
The memory limit for the resource in a Kubernetes container, in mebibytes.
udca.fluentd.resource.requests.cpu
Default value: 500m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
udca.fluentd.resource.requests.memory
Default value: 250Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
udca.image.pullPolicy
Default value:IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
udca.image.tag
Default value: "1.2.0"
The version label for this service's Docker image.
udca.image.url
Default value: "google/apigee-udca"
The location of the Docker image for this service.
udca.jvmXms
Default value: 256m
The starting amount of memory for the data collection pod's JVM .
udca.jvmXmx
Default value: 256m
The maximum allocation of memory for the data collection pod's JVM .
udca.livenessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
udca.livenessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a liveness probe is initiated.
udca.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
udca.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
udca.nodeSelector.key
Default value:None
Required
Node selector label key used to target dedicated Kubernetes nodes for udca
runtime services.
See Add node selectors .
udca.nodeSelector.value
Default value:None
Required
Node selector label value used to target dedicated Kubernetes nodes for udca
runtime services.
See Add node selectors .
udca.pollingIntervalInSec
Default value: 1
The length of time, in seconds, that UDCA waits between polling operations. UDCA polls the data directory on the data collection pod's file system to detect new files to be uploaded.
udca.replicaCountMax
Default value: 4
The maximum number of pods that hybrid can automatically add for the UDCA deployment. Because UDCA is implemented as a ReplicaSet, the pods are replicas.
udca.replicaCountMin
Default value: 1
The minimum number of pods for the UDCA deployment. Because UDCA is implemented as a ReplicaSet, the pods are replicas.
If the CPU usage goes above udca.targetCPUUtilizationPercentage,
then hybrid will gradually increase the number of pods, up to udca.replicaCountMax
.
udca.resource.requests.cpu
Default value: 250m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
udca.revision
Default value: "v1"
A static value that is populated in a label to enable canary deployments.
udca.serviceAccountPath
Default value:None
One of either serviceAccountPath or serviceAccountSecretRef is required.
Path to Google Service Account key file with Apigee Analytics Agentrole.
udca.serviceAccountSecretRef
Default value:None
One of either serviceAccountPath or serviceAccountSecretRef is required.
The name of a Kubernetes secret . You must create the secret using a Google Service Account key with the Apigee Analytics Agentrole as its input.
udca.targetCPUUtilizationPercentage
Default value: 75
The threshold of CPU usage for scaling the number of pods in the ReplicaSet, as a percentage of total available CPU resources. Hybrid uses the combined utilization of all containers in the data collection pod (both fluentd and UDCA) to calculate the current utilization.
When CPU usage goes above this value, then hybrid will gradually
increase the number of pods in the ReplicaSet, up to udca.replicaCountMax
.
udca.terminationGracePeriodSeconds
Default value: 600
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
virtualhosts
The virtualhosts
property is a required configuration property.
Virtual hosts allow Apigee hybrid to handle API requests to
multiple domain names and route proxy basepaths to specific environments.
For more information, see Configure virtual hosts .
The following table describes the properties of the virtualhosts
object:
virtualhosts[].additionalGateways
Default value:None
A list of Istio Gateways to route traffic to.
virtualhosts[].name
Default value:None
Required
The name of the virtualhost.
virtualhosts[].hostAliases[]
Default value:None
Required
One or more DNS names for your server. For example, foo-test.mydomain.com
.
If you employ multiple host aliases in a virtual host, each host alias must be unique.
For example, foo-test.mydomain.com
and foo-prod.mydomain.com
.
If you create multiple virtual host definitions, you must have unique host aliases in each one. In other words, two virtual host definitions cannot include the same host alias domain name.
virtualhosts[].routingRules[].connectTimeout
Default value: 300
.
Connection timeout, in seconds, for the set of defined paths.
connectTimeout
is optional.
virtualhosts[].routingRules[].env
Default value:None.
Required
The environment (or environments) to which API calls will be routed. You must specify at least one environment.
If you include paths
entries, the env
entry must be below the paths
that are mapped to this environment.
See also Configure virtual hosts .
virtualhosts[].routingRules[].paths[]
Default value:The default path is /
.
Supports prefix base path routing. Routing rules direct API calls to specific
paths to resolve to the environment specified with env
. paths[]
is optional. The default path is /.
The routing rules configuration follows this pattern:
org : hybrid virtualhosts : - name : default routingRules : - paths : - path - 1 - path - 2 - path - n env : test - paths : - /v1/ customers env : prod
See also Configure virtual hosts .
virtualhosts[].selector
Default value: app: istio-ingressgateway
Required
A key-value selector-value pair for pointing to different ingress selectors.
virtualhosts[].sslCertPath
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The path on your system to a TLS certificate file.
virtualhosts[].sslKeyPath
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The path on your system to the TLS private key file.
virtualhosts[].sslSecret
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The name of a file stored in a Kubernetes secret that contains the TLS certificate and private key. You must create the secret using the TLS certificate and key data as its input.
See also:
- Storing data in a Kubernetes secret
- Secrets in the Kubernetes documentation
- Creating a Secret Using kubectl in the Kubernetes documentation
