Step 3: Configure the GKE on-prem user cluster

Specify configuration overrides

The Apigee hybrid installer uses defaults for many settings; however, there are a few settings that do not have defaults. You must provide values for these settings, as explained next.

Be sure you are in the hybrid-base-directory /hybrid-files directory.
Copy the overrides-small.yaml file from the $APIGEECTL_HOME /examples directory to your overrides directory:
```
cp $APIGEECTL_HOME 
/examples/overrides-small.yaml ./overrides/overrides.yaml
```
This example file provides a basic configuration for a small-footprint hybrid runtime installation, a configuration that is suitable for a your first installation.
cd into the overrides directory:

cd overrides

Open overrides.yaml and add the required property values, shown below. A detailed description of each property is also provided below:

NOTE:Be sure to disable logging by setting logger:enabled:false in the overrides file. Logging is provided by default as part of GKE on-prem.

Syntax

The overrides.yaml file has the following structure and syntax. Values in red, bold italics are property values that you must provide. They are also described in the table below.

 gcp 
 : 
  
 region 
 : 
  
  gcp 
 - 
 region 
 
  
 projectID 
 : 
  
  gcp 
 - 
 project 
 - 
 id 
 
 k8sCluster 
 : 
  
 name 
 : 
  
  cluster 
 - 
 name 
 
  
 region 
 : 
  
  cluster 
 - 
 region 
 
 org 
 : 
  
  org 
 - 
 name 
 
 virtualhosts 
 : 
  
 - 
  
 name 
 : 
  
  virtual 
 - 
 host 
 - 
 name 
 
  
 hostAliases 
 : 
  
 - 
  
 " host-alias-1 
" 
  
 - 
  
 " host-alias-2 
" 
  
 - 
  
 " host-alias- n 
 
" 
  
 sslCertPath 
 : 
  
 ./ 
 certs 
 / 
  test 
 - 
 cert 
 - 
 name 
 
 . 
 pem 
  
 sslKeyPath 
 : 
  
 ./ 
 certs 
 / 
  test 
 - 
 key 
 - 
 name 
 
 . 
 key 
  
 routingRules 
 : 
  
 - 
  
 paths 
 : 
  
 - 
  
  / 
 path1 
 
  
 - 
  
  / 
 path2 
 
  
 - 
  
  / 
 path n 
 
 
  
 env 
 : 
  
  environment 
 - 
 name 
 
 envs 
 : 
  
 - 
  
 name 
 : 
  
  environment 
 - 
 name 
 
  
 # The same name of the env you created in the UI 
  
 serviceAccountPaths 
 : 
  
 synchronizer 
 : 
  
 ./ 
 service 
 - 
 accounts 
 / 
  synchronizer 
 - 
 service 
 - 
 account 
 - 
 name 
 
 . 
 json 
  
 udca 
 : 
  
 ./ 
 service 
 - 
 accounts 
 / 
  udca 
 - 
 service 
 - 
 account 
 - 
 name 
 
 . 
 json 
 mart 
 : 
  
 hostAlias 
 : 
  
  mart 
 - 
 host 
 - 
 alias 
 
  
 serviceAccountPath 
 : 
  
 ./ 
 service 
 - 
 accounts 
 / 
  mart 
 - 
 service 
 - 
 account 
 - 
 name 
 
 . 
 json 
  
 sslCertPath 
 : 
  
 ./ 
 certs 
 / 
  mart 
 - 
 cert 
 - 
 name 
 
 . 
 pem 
  
 sslKeyPath 
 : 
  
 ./ 
 certs 
 / 
  mart 
 - 
 key 
 - 
 name 
 
 . 
 key 
 cassandra 
 : 
  
 hostNetwork 
 : 
  
 true 
  
 dnsPolicy 
 : 
  
 ClusterFirstWithHostNet 
 ingress 
 : 
  
 runtime 
 : 
  
 loadBalancerIP 
 : 
  
  virtual_IP_runtime 
 
  
 mart 
 : 
  
 loadBalancerIP 
 : 
  
  virtual_IP_mart 
 
 metrics 
 : 
  
 serviceAccountPath 
 : 
  
 ./ 
 service 
 - 
 accounts 
 / 
  metrics 
 - 
 service 
 - 
 account 
 - 
 name 
 
 . 
 json 
 logger 
 : 
  
 enabled 
 : 
  
 false

Example

The following example shows a completed overrides file with example property values added:

 gcp 
 : 
  
 region 
 : 
  
 us 
 - 
 central1 
  
 projectID 
 : 
  
 my 
 - 
 gcp 
 - 
 project 
 k8sCluster 
 : 
  
 name 
 : 
  
 apigee 
 - 
 hybrid 
  
 region 
 : 
  
 us 
 - 
 central1 
 org 
 : 
  
 hybrid 
 - 
 org 
 virtualhosts 
 : 
  
 - 
  
 name 
 : 
  
 default 
  
 hostAliases 
 : 
  
 - 
  
 "*.acme.com" 
  
 sslCertPath 
 : 
  
 ./ 
 certs 
 / 
 keystore 
 . 
 pem 
  
 sslKeyPath 
 : 
  
 ./ 
 certs 
 / 
 keystore 
 . 
 key 
  
 routingRules 
 : 
  
 - 
  
 paths 
 : 
  
 - 
  
 / 
 foo 
  
 - 
  
 / 
 bar 
  
 env 
 : 
  
 test 
 envs 
 : 
  
 - 
  
 name 
 : 
  
 test 
  
 serviceAccountPaths 
 : 
  
 synchronizer 
 : 
  
 ./ 
 service 
 - 
 accounts 
 / 
 hybrid 
 - 
 project 
 - 
 apigee 
 - 
 synchronizer 
 . 
 json 
  
 udca 
 : 
  
 ./ 
 service 
 - 
 accounts 
 / 
 hybrid 
 - 
 project 
 - 
 apigee 
 - 
 udca 
 . 
 json 
 mart 
 : 
  
 hostAlias 
 : 
  
 "mart.apigee-hybrid-docs.net" 
  
 serviceAccountPath 
 : 
  
 ./ 
 service 
 - 
 accounts 
 / 
 hybrid 
 - 
 project 
 - 
 apigee 
 - 
 mart 
 . 
 json 
  
 sslCertPath 
 : 
  
 ./ 
 certs 
 / 
 fullchain 
 . 
 pem 
  
 sslKeyPath 
 : 
  
 ./ 
 certs 
 / 
 privkey 
 . 
 key 
 cassandra 
 : 
  
 hostNetwork 
 : 
  
 true 
  
 dnsPolicy 
 : 
  
 ClusterFirstWithHostNet 
 ingress 
 : 
  
 runtime 
 : 
  
 loadBalancerIP 
 : 
  
 21.0 
 . 
 124.13 
  
 mart 
 : 
  
 loadBalancerIP 
 : 
  
 21.0 
 . 
 124.14 
 metrics 
 : 
  
 serviceAccountPath 
 : 
  
 ./ 
 service 
 - 
 accounts 
 / 
 hybrid 
 - 
 project 
 - 
 apigee 
 - 
 metrics 
 . 
 json 
 logger 
 : 
  
 enabled 
 : 
  
 false

When your finished, save the file.

The following table describes each of the property values that you must provide in the overrides file. For more information, see Configuration property reference .

Variable	Description
`project-id`	Your GCP project ID.
`cluster-name`	Your Kubernetes cluster name.
`cluster-region`	The region in which the cluster was created.
`org-name`	The name of your Apigee hybrid organization.
`environment-name`	Use the same name that you used when you created an environment in the UI, as explained in Step 5: Add a new environment in the hybrid UI .
`test-host-alias`	(Required) For the quickstart, use the wildcard character " `` ". The use of `` is only recommended for a trial installation when using self-signed TLS credentials. Later, as you develop more complex Apigee hybrid configurations, such as creating multiple environments, you will need to use a qualified domain name for this value.
`test-cert-name` `test-key-name`	Enter the name of the self-signed TLS key and certificate files that you generated previously in the step Create TLS credentials for the runtime gateway . These files must be located in the `base_directory /hybrid-files/certs` directory. For example: sslCertPath: ./certs/keystore.pem sslKeyPath: ./certs/keystore.key
`synchronizer-service-account-name`	The name of the synchronizer service account key file that you generated with the `create-service-account` tool. For example: synchronizer: ./service-accounts/hybrid-project-apigee-synchronizer.json
`udca-service-account-name`	The name of the udca service account key file that you generated with the `create-service-account` tool. For example: udca: ./service-accounts/hybrid-project-apigee-udca.json
`virtual_IP_runtime , virtual_IP_mart`	To use GKE on-prem integrated load balancing, you need to provide virtual IPs for LoadBalancers on the hybrid MART and runtime services. GKE on-prem automatically configures the virtual IP on the F5 BIG-IP load balancer. For more information, see Setting up your load balancer for GKE on-prem
`mart-host-alias`	A qualified DNS name for the MART server endpoint. This name must match the common name (CN) used in the authorized TLS certificate required for this configuration. For example, `mart.mydomain.com` NOTE:The Common Name (CN) in the certificate must agree with the value specified in the `mart.hostAlias` property. If the CN is `*.hybrid-domain.net` and you've registered the host `mart.hybrid-domain.net` , then you would set `mart.hostAlias` to the value `mart.hybrid-domain.net` .
`mart-service-account-name`	The name of the mart service account key file that you generated with the `create-service-account` tool.
`mart-cert-name` `mart-key-name`	Enter the name of the authorized TLS key and certificate files that you generated previously in the step Create TLS credentials for the MART gateway . These files must be located in the `base_directory /hybrid-files/certs` directory. For example: sslCertPath: ./certs/fullchain.pem sslKeyPath: ./certs/privkey.key
`gcp-region`	Identifies the GCP region where the `apigee-logger` and the `apigee-metrics` push their data.
`gcp-project-id`	Identifies the Google Cloud project where `apigee-logger` and the `apigee-metrics` push their data.
`metrics-service-account-name`	The name of the metrics service account key file that you generated with the `create-service-account` tool. For example: serviceAccountPath: ./service-accounts/hybrid-project-apigee-metrics.json

Summary

The configuration file tells Kubernetes how to deploy the hybrid components to a cluster. Next, you will apply this configuration to your cluster.

1 2 3 (NEXT) Step 4: Install hybrid runtime