This section lists all of the configuration properties that you can use to customize the runtime plane of your Apigee hybrid deployment.
Top-level properties
The following table describes the top-level properties in the overrides.yaml
file. These are properties
that do not belong to another object, and apply at the org or environment level:
Introduced in version:1.3.0
Default value:Your organization name
Optional
The name of a Kubernetes secret that contains a hashing salt value used to encrypt obfuscated user data sent to Apigee analytics. If you do not specify a salt value, your organization name is used by default. Create the secret with the salt value as its input. You can use the same salt across multiple clusters to ensure consistent hashing results between the clusters.
Default value: https://apigee.googleapis.com
Defines the API path for all APIs in your installation.
gcp.projectID
instead. Introduced in version:1.0.0
Default value:none
Required
ID of your Google Cloud project. Works with k8sClusterName
(deprecated) and gcpRegion
(deprecated)
to identify the project and determine where the apigee-logger
and the apigee-metrics
push
their data.
gcp.region
instead. Introduced in version:1.0.0
Default value: us-central1
Required
The closet Google Cloud region or zone of your Kubernetes cluster. Works with gcpProjectID
(deprecated)
and k8sClusterName
(deprecated) to identify the project and determine where the apigee-logger
and the apigee-metrics
push their data.
Default value:None
Kubernetes secret name configured as docker-registry type; used to pull images from private repo.
Default value:None
Required
A unique identifier for this installation.
A unique string to identify this instance. This can be any combination of letters and numbers up to 63 characters in length.
k8sCluster.name
and k8sCluster.region
instead. Introduced in version:1.0.0
Default value:None
Name of the Kubernetes (K8S) procluster where your hybrid project is running. Works with gcpProjectID
(deprecated) and gcpRegion
(deprecated) to identify the project and determine
where the apigee-logger
and the apigee-metrics
push their data.
kmsEncryptionKey
Default value: defaults.org.kmsEncryptionKey
Optional.Use only one of kmsEncryptionKeyor kmsEncryptionPathor kmsEncryptionSecret.
Local file system path for the Apigee KMS data's encryption key.
kmsEncryptionPath
Default value:None
Optional.Use only one of kmsEncryptionKeyor kmsEncryptionPathor kmsEncryptionSecret.
The path to a file containing a base64-encoded encryption key. See Data encryption .
kmsEncryptionSecret.key
Default value:None
Optional.Use only one of kmsEncryptionKeyor kmsEncryptionPathor kmsEncryptionSecret.
The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
kmsEncryptionSecret.name
Default value:None
Optional.Use only one of kmsEncryptionKeyor kmsEncryptionPathor kmsEncryptionSecret.
The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
kvmEncryptionKey
Default value: defaults.org.kmsEncryptionKey
Optional.Use only one of kvmEncryptionKeyor kvmEncryptionPathor kvmEncryptionSecret.
Local file system path for the Apigee KVM data's encryption key.
kvmEncryptionPath
Default value:None
Optional.Use only one of kvmEncryptionKeyor kvmEncryptionPathor kvmEncryptionSecret.
The path to a file containing a base64-encoded encryption key. See Data encryption .
kvmEncryptionSecret.key
Default value:None
Optional.Use only one of kvmEncryptionKeyor kvmEncryptionPathor kvmEncryptionSecret.
The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
kvmEncryptionSecret.name
Default value:None
Optional.Use only one of kvmEncryptionKeyor kvmEncryptionPathor kvmEncryptionSecret.
The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
Default value: apigee
The namespace of your Kubernetes cluster where the Apigee components will be installed.
Introduced in version:1.0.0
Default value:None
Required
The hybrid-enabled organization that was provisioned for you by Apigee during the hybrid installation. An organization is the top-level container in Apigee. It contains all your API proxies and related resources. If the value is empty, you must update it with your org name once you have created it.
Default value: true
Enables the Universal Data Collection Agent service (UDCA) at the org level, that extracts analytics, monetization and debug (trace) and sends it to the Unified Analytics Platform (UAP) which resides in the Control Plane.
If you prefer to use a separate UDCA agent for each environment, set orgScopedUDCA: false
and set the values for envs[].serviceAccountPaths.udca
and envs[].serviceAccountSecretRefs.udca
.
See also: udca .
Default value: v120
Apigee hybrid supports rolling Kubernetes updates, which allow deployment updates to take place with zero downtime by incrementally updating Pod instances with new ones.
When updating certain YAML overrides that result in underlying Kubernetes PodTemplateSpec
change, the revision
override property must also be changed in the customer's override.yaml
.
This is required for the underlying Kubernetes ApigeeDeployment
(AD) controller to conduct a safe
rolling update of from the previous version to the new version. You can use any lowercase text value,
eg: blue
, a
, 1.0.0
When the revision
property is changed and applied, a rolling update will occur for all components
Changes to properties of the following objects require an update to revision
:
For more information, see Rolling updates .
Default value: true
Enables strict validation of the link between the Apigee Org and GCP project and checks for the existence of environment groups.
See also org
Default value: true
Enables strict validation of service account permissions. This uses Cloud Resource Manager
API method testIamPermissions
to verify that the provided service account has the required
permissions. In the case of service accounts for an Apigee Org, the project ID check is the
one mapped to the Organization. For Metrics and Logger, the project checked is based on the gcpProjectID
overrides.yaml
configuration.
See also gcpProjectID
ao
Apigee Operators (AO) creates and updates low level Kubernetes and Istio resources that are required to deploy and maintain a component. For example, the controller carries out the release of message processors.
The following table describes the properties of the apigee-operators ao
object:
ao.args.disableIstioConfigInAPIServer
Default value: false
Stops Apigee from supplying configuration to customer-installed ASM.
- Set to
truefor hybrid installations using Apigee ingress gateway. - Set to
falsefor hybrid installations using Anthos Service Mesh.
ao.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
ao.image.tag
Default value: 1.8.8
The version label for this service's Docker image.
ao.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-operators
The location of the Docker image for this service.
ao.installer.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
ao.installer.tag
Default value: 1.8.8
The version label for this service's Docker image.
ao.installer.url
Default value: gcr.io/apigee-release/hybrid/apigee-installer
The location of the Docker image for this service.
ao.resources.limits.cpu
Default value: 250m
The CPU limit for the resource in a Kubernetes container, in millicores.
ao.resources.limits.memory
Default value: 256Mi
The memory limit for the resource in a Kubernetes container, in mebibytes.
ao.resources.requests.cpu
Default value: 250m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
ao.resources.requests.memory
Default value: 256Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
cassandra
Defines the hybrid service that manages the runtime data repository. This repository stores application configurations, distributed quota counters, API keys, and OAuth tokens for applications running on the gateway.
For more information, see StorageClass configuration .
The following table describes the properties of the cassandra
object:
cassandra.annotations
Default value:None
Optional key/value map used to annotate pods. For more information, see Custom annotations .
cassandra.auth.admin.password
Default value: iloveapis123
Required
Password for the Cassandra administrator. The admin user is used for any administrative activities performed on the Cassandra cluster.
cassandra.auth.ddl.password
Default value: iloveapis123
Required
Password for the Cassandra Data Definition Language (DDL) user. Used by MART for any of the data definition tasks like keyspace creation, update, and deletion.
cassandra.auth.default.password
Default value: iloveapis123
Required
The password for the default Cassandra user created when Authentication is enabled. This password must be reset when configuring Cassandra authentication. See Configuring TLS for Cassandra .
cassandra.auth.dml.password
Default value: iloveapis123
Required
Password for the Cassandra Data Manipulation Language (DML) user. The DML user is used by the client communication to read and write data to Cassandra.
cassandra.auth.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
cassandra.auth.image.tag
Default value: 1.8.8
The version label for this service's Docker image.
cassandra.auth.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-hybrid-cassandra-client
The location of the Docker image for this service.
cassandra.auth.jmx.password
Default value: iloveapis123
Required
Password for the Cassandra JMX operations user. Used to authenticate and communicate with the Cassandra JMX interface.
cassandra.auth.jmx.username
Default value: jmxuser
Required
Username for the Cassandra JMX operations user. Used to authenticate and communicate with the Cassandra JMX interface.
cassandra.auth.jolokia.password
Default value: iloveapis123
Required
Password for the Cassandra Jolokia JMX operations user. Used to authenticate and communicate with the Cassandra JMX API.
cassandra.auth.jolokia.username
Default value: apigee
Required
Username for the Cassandra Jolokia JMX operations user. Used to authenticate and communicate with the Cassandra JMX API.
cassandra.auth.secret
Default value:None
The name of the file stored in a Kubernetes secret that contains the Cassandra users and passwords. You can create the secret using following the following instructions: Create the Secret .
See also:
- Storing data in a Kubernetes secret
- Secrets in the Kubernetes documentation
- Creating a Secret Using kubectl in the Kubernetes documentation
cassandra.backup.cloudProvider
Default value: GCP
Required if backup is enabled.
Cloud provider for backup storage.
You can set the value to either GCP
or HYBRID
. Set the value to GCP
if you want to store the
backup on Google Cloud Storage, and HYBRID
if you want to store the
backup on a remote server.
cassandra.backup.dbStorageBucket
Default value:None
Required if backup is enabled.
Cloud storage bucket for the backup data.
cassandra.backup.enabled
Default value: false
Data backup is not enabled by default. To enable, set to true
.
cassandra.backup.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
cassandra.backup.image.tag
Default value: 1.8.8
The version label for this service's Docker image.
cassandra.backup.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-cassandra-backup-utility
The location of the Docker image for this service.
cassandra.backup.schedule
Default value: 0 2 * * *
The schedule for the cron job.
cassandra.backup.serviceAccountPath
Default value:None
One of either backup.serviceAccountPath
or backup.serviceAccountRef
is required
if backup is enabled.
Path to Google Service Account key file with Storage Object Adminrole.
cassandra.backup.serviceAccountRef
Default value:None
One of either backup.serviceAccountPath
or backup.serviceAccountRef
is required
if backup is enabled.
cassandra.clusterName
Default value: apigeecluster
Specifies the name of the Cassandra cluster.
cassandra.datacenter
Default value: dc-1
Specifies the datacenter of the Cassandra node.
cassandra.dnsPolicy
Default value:None
When you set hostNetwork
to true, the DNS policy is set to ClusterFirstWithHostNet
for you.
cassandra.externalSeedHost
Default value:None
Hostname or IP of a Cassandra cluster node. If not set, the Kubernetes local service is used.
cassandra.heapNewSize
Default value: 100M
The amount of JVM system memory allocated to newer objects, in megabytes.
cassandra.hostNetwork
Default value: false
Enables the Kubernetes hostNetwork
feature. Apigee uses this feature in multi-region installations to communicate between pods
if the pod network namespace does not have connectivity between clusters (the clusters are
running in "island network mode"), which is the default case in non-GKE installations,
including GKE on-prem, GKE on AWS, Anthos on bare metal, AKS, EKS, and OpenShift.
Set cassandra.hostNetwork
to false
for single region
installations and multi-region installations with connectivity between pods in different
clusters, for example GKE installations.
Set cassandra.hostNetwork
to true
for multi-region installations
with no communication between between pods in different clusters, for example GKE On-prem,
GKE on AWS, Anthos on bare metal, AKS, EKS, and OpenShift installations. See Multi-region deployment: Prerequisites
.
When true
, DNS
policy
is automatically set to ClusterFirstWithHostNet
.
cassandra.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
cassandra.image.tag
Default value: 1.8.8
The version label for this service's Docker image.
cassandra.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-hybrid-cassandra
The location of the Docker image for this service.
cassandra.maxHeapSize
Default value: 512M
The upper limit of JVM system memory available for Cassandra operations, in megabytes.
cassandra.multiRegionSeedHost
Default value:None
IP address of an existing Cassandra cluster used to expand the existing cluster to a new region. See Configure the multi-region seed host .
cassandra.nodeSelector.key
Default value:None
Required
Node selector label key used to target dedicated Kubernetes nodes for cassandra
data services.
cassandra.nodeSelector.value
Default value:None
Optional node selector label value used to target dedicated Kubernetes nodes for cassandra
data services and override the nodeSelector.apigeeData
settings.
See nodeSelector .
cassandra.port
Default value: 9042
Port number used to connect to cassandra.
cassandra.rack
Default value: ra-1
Specifies the rack of the Cassandra node.
cassandra.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
cassandra.readinessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a readiness probe is initiated.
cassandra.readinessProbe.periodSeconds
Default value: 10
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
cassandra.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
cassandra.readinessProbe.timeoutSeconds
Default value: 5
The number of seconds after which a liveness probe times out. The minimum value is 1.
cassandra.replicaCount
Default value: 1
Cassandra is a replicated database. This property specifies the number of Cassandra nodes employed as a StatefulSet .
cassandra.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
cassandra.resources.requests.memory
Default value: 1Gi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
cassandra.restore.cloudProvider
Default value: GCP
Required if restore is enabled.
Cloud provider for backup storage.
cassandra.restore.dbStorageBucket
Default value:None
Required if restore is enabled.
Cloud storage bucket for the backup data to restore.
cassandra.restore.enabled
Default value: false
cassandra.restore.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
cassandra.restore.image.tag
Default value: 1.8.8
The version label for this service's Docker image.
cassandra.restore.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-cassandra-backup-utility
The location of the Docker image for this service.
cassandra.restore.serviceAccountPath
Default value:None
One of either restore.serviceAccountPath
or restore.serviceAccountRef
is required if restore is enabled.
Path to Google Service Account key file with Storage Object Adminrole.
cassandra.restore.serviceAccountRef
Default value:None
One of either restore.serviceAccountPath
or restore.serviceAccountRef
is required if restore is enabled.
Default value:None
Required if restore is enabled.
Timestamp of the backup that should be restored.
cassandra.restore.user
Default value: admin account
Cassandra username used for schema backup restoration. If not specified, the admin user will be used.
cassandra.sslCertPath
Default value:None
The path on your system to a TLS certificate file.
cassandra.sslKeyPath
Default value:None
The path on your system to the TLS private key file.
cassandra.sslRootCAPath
Default value:None
The certificate chain to the root CA (certificate authority).
cassandra.storage.capacity
Default value: 50Gi
Required if storage.storageclass
is specified
Specifies the disk size required, in mebibytes.
cassandra.storage.storageclass
Default value:None
Specifies the class of on-prem storage being used.
cassandra.terminationGracePeriodSeconds
Default value: 300
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
connectAgent
Apigee Connect allows the Apigee hybrid management plane to connect securely to the MART service in the runtime plane without requiring you to expose the MART endpoint on the internet.
See Apigee Connect .
The following table describes the properties of the connectAgent
object:
connectAgent.annotations
Default value:None
Optional key/value map used to annotate pods. For more information, see Custom annotations .
connectAgent.server
Default value: apigeeconnect.googleapis.com:443
The location of the server and port for this service.
connectAgent.logLevel
Default value: INFO
The level of log reporting. Values can be:
-
INFO: Informational messages in addition to warning, error, and fatal messages. Most useful for debugging. -
WARNING: Non-fatal warnings in addition to error and fatal messages. -
ERROR: Internal errors and errors that are not returned to the user in addition to fatal messages. -
FATAL: Unrecoverable errors and events that cause Apigee Connect to crash.
connectAgent.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
connectAgent.image.tag
Default value: 1.8.8
The version label for this service's Docker image.
connectAgent.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-connect-agent
The location of the Docker image for this service. Check the values.yaml
file
for the specific URL.
connectAgent.replicaCountMax
Default value: 5
Maximum number of replicas available for autoscaling.
connectAgent.replicaCountMin
Default value: 1
Minimum number of replicas available for autoscaling.
In production, you may want to increase replicaCountMin
to 3, to have a greater number of
connections to the control plane for reliability and scalability.
connectAgent.resources.requests.cpu
Default value: 100m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
connectAgent.resources.requests.memory
Default value: 30Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
connectAgent.targetCPUUtilizationPercentage
Default value: 75
Target CPU utilization for the Apigee Connect agent on the pod. The
value of this field enables Apigee Connect to auto-scale when CPU utilization
reaches this value, up to replicaCountMax
.
connectAgent.terminationGracePeriodSeconds
Default value: 600
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
defaults
The Default encryption keys for the Apigee hybrid installation.
The following table describes the properties of the defaults
object:
| Property | Description |
|---|---|
defaults.org.kmsEncryptionKey
|
Introduced in version:1.0.0 Default value: Default encryption key for the org in KMS. |
defaults.org.kvmEncryptionKey
|
Introduced in version:1.0.0 Default value: Default encryption key for the org in KVM. |
defaults.env.kmsEncryptionKey
|
Introduced in version:1.0.0 Default value: Default encryption key for the environment (env) in KMS. |
defaults.env.kvmEncryptionKey
|
Introduced in version:1.0.0 Default value: Default encryption key for the environment (env) in KVM. |
defaults.env.cacheEncryptionKey
|
Introduced in version:1.0.0 Default value: Default cache encryption key for the environment (env). |
diagnostic
The settings for the Diagnostic collector tool.
See Using the Diagnostic collector
The following table describes the properties of the diagnostic
object:
diagnostic.bucket
Default value:None
Required
The name of the Google Cloud storage bucket where your diagnostic data will be deposited.
See Creating storage buckets .
diagnostic.container
Default value:None
Required
This specifies which type of pod you are capturing data from. The values can be one of:
-
"apigee-cassandra"captures data about the Cassandra databgase. The istio-cassandra pods runs in the apigee namespace. -
"apigee-mart-server"captures data about MART. The apigee-mart-server pods runs in the apigee namespace. -
"apigee-runtime"captures data about the Message Processor. The apigee-runtime pods runs in the apigee namespace. -
"apigee-synchronizer"captures data about the Synchronizer. The apigee-synchronizer pods runs in the apigee namespace. -
"apigee-udca"captures data about UDCA. The apigee-udca pods runs in the apigee namespace. -
"apigee-watcher"captures data about Watcher. The apigee-watcher pods runs in the apigee namespace. -
"istio-proxy"captures data about the Istio ingress gateway. The istio-proxy pods runs in the istio-system namespace.
diagnostic.loggingDetails.logDuration
Default value:None
Required
if the diagnostic collection operation is "LOGGING"
(set with operation: "LOGGING"
)
The duration in milliseconds of the log data collected. A typical value is 30000
.
diagnostic.loggingDetails.loggerNames[]
Default value:None
Required
if the diagnostic collection operation is "LOGGING"
(set with operation: "LOGGING"
)
Specifies by name which loggers to collect data from. For Apigee hybrid version 1.6.0,
the only value supported is ALL
, meaning all loggers. For example:
diagnostic : loggingDetails : loggerNames : - ALL
diagnostic.loggingDetails.logLevel
Default value:None
Required
if the diagnostic collection operation is "LOGGING"
(set with operation: "LOGGING"
)
Specifies the granularity of the logging data to collect. In Apigee hybrid 1.6, Only FINE
is supported.
diagnostic.namespace
Default value:None
Required
The Kubernetes namespace in which the pods you are collecting data on reside. The namespace
must be the correct one for the container you specify with diagnostic.container
:
apigee
for
-
apigee-runtime -
apigee-synchronizer -
apigee-udca -
apigee-watcher -
apigee-cassandra -
apigee-mart-server
istio-system
for
-
istio-proxy
diagnostic.operation
Default value:None
Required
Specifies whether to collect all statistics or just logs.
Values are:
-
"ALL" -
"LOGGING"If you set
diagnostic.operationto"LOGGING", the following properties are required:
diagnostic.podNames[]
Default value:None
Required
The names of the Kubernetes pods for which you are collecting data. For example:
diagnostic : podNames : - apigee - runtime - eng - hybrid - example - 3 b2ebf3 - 150 - 8 vfoj - 2 wcjn - apigee - runtime - eng - hybrid - example - 3 b2ebf3 - 150 - 8 vfoj - 6 xzn2
diagnostic.serviceAccountPath
Default value:None
Required
The path to a service account key file ( .json
) for the service account with
the Storage Admin role ( roles/storage.admin
). In most Apigee hybrid
installations, this is the apigee-cassandra
service account.
See About service accounts .
diagnostic.tcpDumpDetails.maxMsgs
Default value:None
One of either diagnostic.tcpDumpDetails.maxMsgs
or diagnostic.tcpDumpDetails.timeoutInSeconds
is Required
if you are using diagnostic.tcpDumpDetails
.
Sets the maximum number of tcpDump
messages to collect. Apigee recommends a
maximum value no greater than 1000
.
diagnostic.tcpDumpDetails.timeoutInSeconds
Default value:None
One of either diagnostic.tcpDumpDetails.maxMsgs
or diagnostic.tcpDumpDetails.timeoutInSeconds
is Required
if you are using diagnostic.tcpDumpDetails
.
Sets the amount of time in seconds to wait for tcpDump
to return messages.
diagnostic.threadDumpDetails.delayInSeconds
Default value:None
Both diagnostic.threadDumpDetails.delayInSeconds
and diagnostic.threadDumpDetails.iterations
are Required
if you are using diagnostic.threadDumpDetails
.
The delay in seconds between collecting each thread dump.
diagnostic.threadDumpDetails.iterations
Default value:None
Both diagnostic.threadDumpDetails.delayInSeconds
and diagnostic.threadDumpDetails.iterations
are Required
if you are using diagnostic.threadDumpDetails
.
The number of jstack thread dump iterations to collect.
envs
Defines an array of environments to which you can deploy your API proxies. Each environment provides an isolated context or sandbox for running API proxies.
Your hybrid-enabled organization must have at least one environment.
For more information, see About environments .
The following table describes the properties of the envs
object:
envs[].cacheEncryptionKey
Default value:None
One of either cacheEncryptionKey
, cacheEncryptionPath
, or cacheEncryptionSecret
is required.
A base64-encoded encryption key. See Data encryption .
envs[].cacheEncryptionPath
Default value:None
One of either cacheEncryptionKey
, cacheEncryptionPath
, or cacheEncryptionSecret
is required.
The path to a file containing a base64-encoded encryption key. See Data encryption .
envs[].cacheEncryptionSecret.key
Default value:None
One of either cacheEncryptionKey
, cacheEncryptionPath
, or cacheEncryptionSecret
is required.
The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
envs[].cacheEncryptionSecret.name
Default value:None
One of either cacheEncryptionKey
, or cacheEncryptionPath
, or cacheEncryptionSecret
is required.
The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption .
envs[].hostAliases[]
Default value:None
Deprecated : Starting in Hybrid version 1.4 the runtime plane receives this information from the management plane. See About environments and environment groups .
envs[].httpProxy.host
Default value:None
Specifies the host name or IP address where the HTTP proxy is running.
List httpProxy
properties in the order scheme
, host
, port
. For example:
envs:
- name: test
httpProxy:
scheme: HTTP
host: 10.12.0.47
port: 3128
...
See also: Configure forward proxying for API proxies .
envs[].httpProxy.port
Default value:None
Specifies the port on which the HTTP proxy is running. If this property is omitted, by
default it uses port 80
for HTTP and port 443
for HTTPS.
envs[].httpProxy.scheme
Default value:None
Specifies the type of the HTTP proxy as HTTP or HTTPS. By default, it uses "HTTP".
envs[].httpProxy.username
Default value:None
If the HTTP proxy requires basic authentication, then use this property to provide a username.
envs[].httpProxy.password
Default value:None
If the HTTP proxy requires basic authentication, then use this property to provide a password.
envs[].name
Default value:None
Required
Apigee environment name to be synchronized.
envs[].pollInterval
Default value:None
Interval used for polling organization and environment synchronization changes, in seconds.
envs[].port
Default value:None
TCP port number for HTTPS traffic.
envs[].serviceAccountPaths.runtime
Default value:None
Path to file on local system to a Google Service Account key with
the Cloud Trace Agentrole, usually the apigee-runtime
service account. See the About service accounts
for the default names of
the service accounts and their assigned roles.
envs[].serviceAccountPaths.synchronizer
Default value:None
Path to file on local system to a Google Service Account key with the Apigee Synchronizer Managerrole.
envs[].serviceAccountPaths.udca
Default value:None
Path to file on local system to a Google Service Account key with the Apigee Analytic Agentrole.
Only set this property if orgScopedUDCA
is set to false
.
envs[].serviceAccountSecretRefs.runtime
Default value:None
The name of a Kubernetes secret . You must create the secret using a Google Service Account key with the Cloud Trace Agentrole as its input.
envs[].serviceAccountSecretRefs.synchronizer
Default value:None
The name of a Kubernetes secret . You must create the secret using a Google Service Account key with the Apigee Synchronizer Managerrole as its input.
envs[].serviceAccountSecretRefs.udca
Default value:None
The name of a Kubernetes secret . You must create the secret using a Google Service Account key with the Apigee Analytic Agentrole as its input.
Only set this property if orgScopedUDCA
is set to false
.
envs[].sslCertPath
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The path on your system to a TLS certificate file.
envs[].sslKeyPath
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The path on your system to the TLS private key file.
envs[].sslSecret
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The name of a file stored in a Kubernetes secret that contains the TLS certificate and private key. You must create the secret using the TLS certificate and key data as its input.
See also:
- Storing data in a Kubernetes secret
- Secrets in the Kubernetes documentation
- Creating a Secret Using kubectl in the Kubernetes documentation
gcp
Identifies the Google Cloud project ID and region where the apigee-logger
and the apigee-metrics
push their data.
The following table describes the properties of the gcp
object:
gcp.region
Default value:None
Required
Identifies the Google Cloud region
where the apigee-logger
and the apigee-metrics
push their data.
gcp.projectID
Default value:None
Required
Identifies the Google Cloud project where apigee-logger
and the apigee-metrics
push
their data.
gcp.projectIDRuntime
Default value:None
Identifies the runtime Kubernetes cluster project.
The projectIDRuntime
property is optional. If not used, it is assumed that the projectID
value is used for both the Apigee organization's Google Cloud project and the
runtime K8S cluster's project.
gcp.workloadIdentityEnabled
Default value: false
Enables using Workload Identity. Workload Identity allows workloads in your GKE clusters to impersonate Identity and Access Management (IAM) service accounts to access Google Cloud services.
When workloadIdentityEnabled
is false
, the default, Apigee uses
the IAM service accounts for each Apigee hybrid component. See About
service accounts
.
When workloadIdentityEnabled
is true
, Apigee uses Kubernetes
service accounts instead of IAM service accounts and will ignore the following configuration
properties:
-
validateServiceAccounts -
cassandra.backup.serviceAccountPath -
cassandra.backup.serviceAccountRef -
cassandra.restore.serviceAccountPath -
cassandra.restore.serviceAccountRef -
envs[].serviceAccountPaths.* -
logger.serviceAccountPath -
logger.serviceAccountRef -
mart.serviceAccountPath -
mart.serviceAccountRef -
metrics.serviceAccountPath -
metrics.serviceAccountRef -
synchronizer.serviceAccountPath -
synchronizer.serviceAccountRef -
udca.serviceAccountPath -
udca.serviceAccountRef -
watcher.serviceAccountPath -
watcher.serviceAccountRef
httpProxy
httpProxy
provides configuration parameters for an HTTP forward proxy server. When
configured in overrides.yaml
, all internet communication for the MART, Synchronizer, and UDCA
components pass through the proxy server.
See also: logger , mart , metrics , synchronizer , and udca .
The following table describes the properties of the httpProxy
object:
| Property | Description |
|---|---|
httpProxy.host
|
Introduced in version:1.1.1 Default value:None The hostname of the HTTP Proxy. |
httpProxy.port
|
Introduced in version:1.1.1 Default value:None The port of the HTTP Proxy. |
httpProxy.scheme
|
Introduced in version:1.1.1 Default value: The scheme used by the proxy. Values can be |
ingressGateways
Configures the Apigee ingress gateway for Apigee Hybrid.
The following table describes the properties of the ingressGateways
object:
ingressGateways[].image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
ingressGateways[].image.tag
Default value: 1.11.2-asm.17
The version label for this service's Docker image.
ingressGateways[].image.url
Default value: gcr.io/apigee-release/hybrid/apigee-asm-ingress
The location of the Docker image for this service.
ingressGateways[].name
Default value:None
Required
The name of ingress gateway. Other services will use this name to address traffic to the gateway. The name must meet the following requirements:
- have a maximum length of 17 characters
- contain only lowercase alphanumeric characters, '-' or '.'
- start with an alphanumeric character
- end with an alphanumeric character
For more information, see DNS Subdomain Names in the Kubernetes documentation.
ingressGateways[].resources.limits.cpu
Default value: 2000m
The CPU limit for the resource, in millicores.
ingressGateways[].resources.limits.memory
Default value: 1Gi
The memory limit for the resource, in mebibytes.
ingressGateways[].resources.requests.cpu
Default value: 300m
The CPU needed for normal operation of the resource, in millicores.
ingressGateways[].resources.requests.memory
Default value: 128Mi
The memory needed for normal operation of the resource, in mebibytes.
ingressGateways[].replicaCountMax
Default value: 10
The maximum number of pods that hybrid can automatically add for the ingress gateway available for autoscaling.
ingressGateways[].replicaCountMin
Default value: 2
The minimum number of pods for the ingress gateway available for autoscaling.
ingressGateways[].svcAnnotations
Default value:None
Optional key/value map used to annotate the ingress gateway on platforms that support annotation. For example:
intressGateways:
svcAnnotations:
networking.gke.io/load-balancer-type: "Internal"
ingressGateways[].svcLoadBalancerIP
Default value:None
On platforms that support specifying the load balancer IP address, the load balancer will be created with this IP address. On platforms that do not allow you to specify the load balancer IP address, this property is ignored.
ingressGateways[].svcType
Default value:LoadBalancer
Used to change the type of the default k8s service for ingress deployment.
Set the value to ClusterIP
if you want to disable creation of default
load balancer. Possible values:
-
ClusterIP -
LoadBalancer
istiod
Configures the Apigee ingress.
The following table describes the properties of the istiod
object:
istiod.forwardClientCertDetails
Default value: SANITIZE_SET
Determines how the Envoy proxy (for the Apigee ingress gateway) handles the x-forwarded-client-cert
(XFCC) HTTP header.
Possible values are:
-
SANITIZE_SETWhen the client connection is mTLS, reset the XFCC header with the client certificate information and send it to the next hop. -
FORWARD_ONLYWhen the client connection is mTLS (Mutual TLS), forward the XFCC header in the request only. -
APPEND_FORWARDWhen the client connection is mTLS, append the client certificate information to the request's XFCC header and forward it. -
SANITIZE(default) Do not forward the XFCC header. -
ALWAYS_FORWARD_ONLYAlways forward the XFCC header in the request, regardless of whether the client connection is mTLS.
For more information on these values, see the Envoy documentation for Enum extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.ForwardClientCertDetails .
If you change this setting after installing Hybrid, apply it with apigeectl init
and then restart your Apigee ingress gateway pods.
istiod.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
istiod.image.tag
Default value: 1.12.9-asm.3
The version label for this service's Docker image.
istiod.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-asm-istiod
The location of the Docker image for this service.
k8sCluster
Identifies Kubernetes cluster where the hybrid runtime is installed.
The following table describes the properties of the k8sCluster
object:
| Property | Description |
|---|---|
k8sCluster.name
|
Introduced in version:1.2.0 Default value:None The name of the Kubernetes cluster where the hybrid runtime is installed. |
k8sCluster.region
|
Introduced in version:1.2.0 Default value:None Identifies the Google Cloud region in which your Kubernetes cluster was created. |
kubeRBACProxy
Identifies where Apigee should look for Kubernetes role-based access controls.
The following table describes the properties of the kubeRBACProxy
object:
kubeRBACProxy.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
kubeRBACProxy.image.tag
1.2.0
Default value: v0.11.0
The version label for this service's Docker image.
kubeRBACProxy.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-kube-rbac-proxy
The location of the Docker image for this service.
If you do not want to use the Google Docker Hub, download the images and use the address where your docker images are hosted internally.
logger
Defines the service that manages operational logs. All of the Apigee hybrid services that run in your Kubernetes cluster output this information.
For more information, see Logging overview .
The following table describes the properties of the logger
object:
logger.annotations
Default value:None
Optional key/value map used to annotate pods. For more information, see Custom annotations .
logger.enabled
Default value: false
Enables or disables logging on the cluster. For non- GKE
set to true
, for
Anthos or GKE set to false
.
logger.EnvVars
Default value:None
Allows you to include the NO_PROXY
Fluent Bit environment variable, which
specifies URLs for which traffic is not routed through the HTTP proxy. The NO_PROXY
variable should be defined as a comma-separated string of host
names, in the format:
logger: ... EnvVars: NO_PROXY: ' <comma-separated-values> '
for example:
EnvVars: NO_PROXY: 'kubernetes.default.svc,oauth2.googleapis.com,logging.googleapis.com'
Use EnvVars: NO_PROXY
optionally when you have HTTP forward proxy enabled.
See NO_PROXY in the Fluent Bit documentation.
logger.fluentd.buffer_chunk_limit
Default value: 512k
The maximum size of a buffer chunk allowed, in kilobytes. Chunks exceeding the limit will be flushed to the output queue automatically.
logger.fluentd.buffer_queue_limit
Default value: 6
The maximum length of the output queue. The default limit is 256 chunks.
logger.fluentd.flush_interval
Default value: 5s
The interval to wait before invoking the next buffer flush, in seconds.
logger.fluentd.max_retry_wait
Default value: 30
The maximum interval between write retries, in seconds.
logger.fluentd.num_threads
Default value: 2
The number of threads used to flush the buffer. The default is 1.
logger.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
logger.image.tag
Default value: 1.9.9
The version label for this service's Docker image.
logger.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-fluent-bit
The location of the Docker image for this service.
logger.livenessProbe.failureThreshold
Default value: 3
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
logger.livenessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a liveness probe is initiated.
logger.livenessProbe.periodSeconds
Default value: 60
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
logger.livenessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a liveness probe to be considered successful after a failure. The minimum value is 1.
logger.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
logger.nodeSelector.key
Default value: apigee.com/apigee-logger-enabled
Required
Node selector label key used to target dedicated Kubernetes nodes for logger
runtime services.
logger.nodeSelector.value
Default value: true
Required
Node selector label value used to target dedicated Kubernetes nodes for logger
runtime services.
logger.proxyURL
Default value:None
URL of the customer's proxy server.
logger.resources.limits.cpu
Default value: 200m
The CPU limit for the resource in a Kubernetes container, in millicores.
logger.resources.limits.memory
Default value: 500Mi
The memory limit for the resource in a Kubernetes container, in mebibytes.
logger.resources.requests.cpu
Default value: 100m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
logger.resources.requests.memory
Default value: 250Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
logger.serviceAccountPath
Default value:None
One of either serviceAccountPath
or serviceAccountRef
is required.
Path to Google Service Account key file with Logs Writerrole.
logger.serviceAccountRef
Default value:None
One of either serviceAccountPath
or serviceAccountRef
is required.
logger.terminationGracePeriodSeconds
Default value: 30
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
mart
Defines the MART (Management API for RunTime data) service, which acts as an API provider for public Apigee APIs so that you can access and manage runtime data entities such as KMS (API Keys and OAuth tokens), KVM, Quota, and API products.
The following table describes the properties of the mart
object:
mart.annotations
Default value:None
Optional key/value map used to annotate pods. For more information, see Custom annotations .
mart.hostAlias
Default value:None
The host alias pointing to the MART
object. You can set this property to *
or
a fully-qualified domain name.
mart.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
mart.image.tag
Default value: 1.8.8
The version label for this service's Docker image.
mart.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-mart-server
The location of the Docker image for this service. Check the values.yaml
file
for the specific URL.You can override this.
mart.initCheckCF.resources.requests.cpu
Default value: 10m
The amount of CPU resources allocated to the initialization check of the Cloud Foundry process.
mart.livenessProbe.failureThreshold
Default value: 12
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
mart.livenessProbe.initialDelaySeconds
Default value: 15
The number of seconds after a container is started before a liveness probe is initiated.
mart.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
mart.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
mart.metricsURL
Default value: /v1/server/metrics
mart.nodeSelector.key
Default value:None
Optional node selector label key for targeting Kubernetes nodes for mart
runtime services. If you do not specify a key for mart.nodeselector, then your runtime uses
the node specified in the nodeSelector
object.
mart.nodeSelector.value
Default value:None
Optional node selector label value for targeting Kubernetes nodes for mart
runtime services. See also the nodeSelector
object.
mart.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
mart.readinessProbe.initialDelaySeconds
Default value: 15
The number of seconds after a container is started before a readiness probe is initiated.
mart.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
mart.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
mart.readinessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
mart.replicaCountMax
Default value: 5
Maximum number of replicas available for autoscaling.
mart.replicaCountMin
Default value: 1
Minimum number of replicas available for autoscaling.
mart.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
mart.resources.requests.memory
Default value: 512Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
mart.serviceAccountPath
Default value:None
One of either serviceAccountPath
or serviceAccountRef
is required.
Path to Google Service Account key file with no role.
mart.serviceAccountRef
Default value:None
One of either serviceAccountPath
or serviceAccountRef
is required.
mart.sslCertPath
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
Local file system path for loading and encoding the SSL cert to a Secret.
mart.sslKeyPath
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
Local file system path for loading and encoding the SSL key to a Secret.
mart.sslSecret
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The name of a file stored in a Kubernetes secret that contains the TLS certificate and private key. You must create the secret using the TLS certificate and key data as its input.
See also:
- Storing data in a Kubernetes secret
- Secrets in the Kubernetes documentation
- Creating a Secret Using kubectl in the Kubernetes documentation
mart.targetCPUUtilizationPercentage
Default value: 75
Target CPU utilization for the MART process on the pod. The
value of this field enables MART to auto-scale when CPU utilization
reaches this value, up to replicaCountMax
.
mart.terminationGracePeriodSeconds
Default value: 30
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
metrics
Defines the service that collects operations metrics. You can use metrics data to monitor the health of Hybrid services, to set up alerts, and so on.
For more information, see Metrics collection overview .
The following table describes the properties of the metrics
object:
metrics.adapter.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
metrics.adapter.tag
Default value: v0.9.1
The version label for this service's Docker image.
metrics.adapter.url
Default value: gcr.io/apigee-release/hybrid/apigee-prometheus-adapter
The location of the Docker image for this service.
metrics.aggregator.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the aggregator in a Kubernetes container, in millicores.
metrics.aggregator.resources.requests.memory
Default value: 512Mi
The memory needed for normal operation of the aggregator in a Kubernetes container, in mebibytes.
metrics.aggregator.resources.limits.cpu
Default value: 500m
The CPU limit for the aggregator resource in a Kubernetes container, in millicores.
metrics.aggregator.resources.limits.memory
Default value: 3Gi
The memory limit for the aggregator resource in a Kubernetes container, in gibibytes.
metrics.annotations
Default value:None
Optional key/value map used to annotate pods. For more information, see Custom annotations .
metrics.app.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the app in a Kubernetes container, in millicores.
metrics.app.resources.requests.memory
Default value: 512Mi
The memory needed for normal operation of the app in a Kubernetes container, in mebibytes.
metrics.app.resources.limits.cpu
Default value: 500m
The CPU limit for the app resource in a Kubernetes container, in millicores.
metrics.app.resources.limits.memory
Default value: 1Gi
The memory limit for the app resource in a Kubernetes container, in gibibytes.
metrics.appStackdriverExporter.resources.requests.cpu
Default value: 128m
The CPU needed for normal operation of the stackdriverExporter in a Kubernetes container, in millicores.
metrics.appStackdriverExporter.resources.requests.memory
Default value: 512Mi
The memory needed for normal operation of the stackdriverExporter in a Kubernetes container, in mebibytes.
metrics.appStackdriverExporter.resources.limits.cpu
Default value: 500m
The CPU limit for the stackdriverExporter resource in a Kubernetes container, in millicores.
metrics.appStackdriverExporter.resources.limits.memory
Default value: 1Gi
The memory limit for the stackdriverExporter resource in a Kubernetes container, in gibibytes.
metrics.enabled
Default value: true
Enables Apigee metrics. Set to true
to enable metrics. Set to false
to disable metrics.
metrics.nodeSelector.key
Default value:None
Required
Node selector label key used to target dedicated Kubernetes nodes for metrics
runtime services.
metrics.nodeSelector.value
Default value:None
Required
Node selector label value used to target dedicated Kubernetes nodes for metrics
runtime services.
metrics.prometheus.args.storage_tsdb_retention
Default value: 48h
The amount of time Prometheus waits before removing old data from local storage, in hours.
metrics.prometheus.containerPort
Default value: 9090
The port to connect to the Prometheus metrics service.
metrics.prometheus.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
metrics.prometheus.image.tag
Default value: v2.9.2
The version label for this service's Docker image.
metrics.prometheus.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-prom-prometheus
The location of the Docker image for this service.
metrics.prometheus.livenessProbe.failureThreshold
Default value: 6
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
metrics.prometheus.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
metrics.prometheus.livenessProbe.timeoutSeconds
Default value: 3
The number of seconds after which a liveness probe times out. The minimum value is 1.
metrics.prometheus.readinessProbe.failureThreshold
Default value: 120
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
metrics.prometheus.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
metrics.prometheus.readinessProbe.timeoutSeconds
Default value: 3
The number of seconds after which a liveness probe times out. The minimum value is 1.
metrics.prometheus.sslCertPath
Default value:None
Required
Path to the SSL cert for the Prometheus metrics collection process. Prometheus is a tool Apigee can use for collecting and processing metrics.
See:
- metrics
- For background information, the Prometheus website
metrics.prometheus.sslKeyPath
Default value:None
Required
Path to the SSL Key for the Prometheus metrics collection process. Prometheus is a tool Apigee can use for collecting and processing metrics.
See:
- metrics
- For background information, the Prometheus website
metrics.proxy.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the proxy in a Kubernetes container, in millicores.
metrics.proxy.resources.requests.memory
Default value: 512Mi
The memory needed for normal operation of the proxy in a Kubernetes container, in mebibytes.
metrics.proxy.resources.limits.cpu
Default value: 500m
The CPU limit for the proxy resource in a Kubernetes container, in millicores.
metrics.proxy.resources.limits.memory
Default value: 1Gi
The memory limit for the proxy resource in a Kubernetes container, in gibibytes.
metrics.proxyStackdriverExporter.resources.requests.cpu
Default value: 128m
The CPU needed for normal operation of the stackdriverExporter in a Kubernetes container, in millicores.
metrics.proxyStackdriverExporter.resources.requests.memory
Default value: 512Mi
The memory needed for normal operation of the stackdriverExporter in a Kubernetes container, in mebibytes.
metrics.proxyStackdriverExporter.resources.limits.cpu
Default value: 500m
The CPU limit for the stackdriverExporter resource in a Kubernetes container, in millicores.
metrics.proxyStackdriverExporter.resources.limits.memory
Default value: 1Gi
The memory limit for the stackdriverExporter resource in a Kubernetes container, in gibibytes.
metrics.proxyURL
Default value:None
URL for the metrics process sidecar proxy in the Kubernetes cluster.
metrics.sdSidecar.containerPort
Default value: 9091
The port for connecting to the Cloud Monitoring metrics service.
metrics.sdSidecar.image.pullPolicy
Default value: IfNotPresent
Determines when Kubelet pulls this service's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists -
Always: Always pull the policy, even if it already existsFor more information, see Updating images .
metrics.sdSidecar.image.tag
Default value: 0.9.0
The version label for this service's Docker image.
metrics.sdSidecar.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-stackdriver-prometheus-sidecar
The location of the Docker image for this service.
metrics.serviceAccountPath
Default value:None
One of either serviceAccountPath
or serviceAccountRef
is required.
Path to Google Service Account key file with Monitoring Metric Writerrole.
metrics.serviceAccountRef
Default value:None
One of either serviceAccountPath
or serviceAccountRef
is required.
metrics.stackdriverExporter.resources.requests.cpu
Deprecated
: Starting in Hybrid version 1.8, metrics:stackdriverExporter
has been replaced with metrics:appStackdriverExporter
and metrics:proxyStackdriverExporter
. See:
metrics.stackdriverExporter.resources.requests.memory
Deprecated
: Starting in Hybrid version 1.8, metrics:stackdriverExporter
has been replaced with metrics:appStackdriverExporter
and metrics:proxyStackdriverExporter
. See:
metrics.stackdriverExporter.resources.limits.cpu
Deprecated
: Starting in Hybrid version 1.8, metrics:stackdriverExporter
has been replaced with metrics:appStackdriverExporter
and metrics:proxyStackdriverExporter
. See:
metrics.stackdriverExporter.resources.limits.memory
Deprecated
: Starting in Hybrid version 1.8, metrics:stackdriverExporter
has been replaced with metrics:appStackdriverExporter
and metrics:proxyStackdriverExporter
. See:
metrics.terminationGracePeriodSeconds
Default value: 300
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
mintTaskScheduler
mintTaskScheduler
is the cron job to schedule monetization tasks, like recurring fee calculation on a periodic basis.
The following table describes the properties of the mintTaskScheduler
object:
mintTaskScheduler.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
mintTaskScheduler.image.tag
Default value: 1.8.8
The version label for this service's Docker image.
mintTaskScheduler.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-mint-task-scheduler
The location of the Docker image for this service.
nodeSelector
The nodeSelector
object defines the node for your Apigee instance. Behind the scenes
when apigeectl
runs, it is taking care to map the label key/value for apigeeRuntime
and apigeeData
to the individual Istio and MART components.
You can override this for individual objects in the mart:nodeSelector
property.
The following table describes the properties of the nodeSelector
object:
| Property | Description |
|---|---|
nodeSelector.apigeeData.key
|
Introduced in version:1.0.0 Default value: ApigeeData is the node for the Cassandra database. Node selector label key for targeting Kubernetes nodes for working with Apigee services data. |
nodeSelector.apigeeData.value
|
Introduced in version:1.0.0 Default value: apigee-data is the node for the Cassandra database. Node selector label value for targeting Kubernetes nodes for working with Apigee services data. |
nodeSelector.apigeeRuntime.key
|
Introduced in version:1.0.0 Default value: Apigee Runtime is the node for the runtime environment for the project. Node selector label key for targeting Kubernetes nodes for Apigee runtime services. |
nodeSelector.apigeeRuntime.value
|
Introduced in version:1.0.0 Default value: |
nodeSelector.requiredForScheduling
|
Introduced in version:1.0.0 Default value:false The For production, |
redis
The following table describes the properties of the redis
object:
redis.auth.password
Default value: iloveapis123
Required
Password for the Redis administrator. The admin user is used for any administrative activities performed on the Redis cluster.
redis.envoy.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
redis.envoy.tag
Default value: v1.22.2
The version label for this service's Docker image.
redis.envoy.url
Default value: gcr.io/apigee-release/hybrid/apigee-envoy
The location of the Docker image for this service.
redis.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
redis.image.tag
Default value:
The version label for this service's Docker image.
redis.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-redis
The location of the Docker image for this service.
redis.replicaCount
Default value: 2
Redis is a replicated storage. This property specifies the number of Redis nodes employed as a StatefulSet .
redis.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
runtime
The following table describes the properties of the runtime
object:
runtime.annotations
Default value:None
Optional key/value map used to annotate pods. For more information, see Custom annotations .
runtime.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
runtime.image.tag
Default value: 1.8.8
The version label for this service's Docker image.
runtime.image.url
Default value: URL to your installation's image resource, for example:
gcr.io/apigee-release/hybrid/apigee-runtime
The location of the Docker image for this service.
runtime.livenessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
runtime.livenessProbe.initialDelaySeconds
Default value: 60
The number of seconds after a container is started before a liveness probe is initiated.
runtime.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
runtime.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
runtime.nodeSelector.key
Default value:None
Optional Node selector label key for targeting Kubernetes nodes for runtime
services.
See nodeSelector property .
runtime.nodeSelector.value
Default value:None
Node selector label value for targeting Kubernetes nodes for runtime
services.
runtime.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
runtime.readinessProbe.initialDelaySeconds
Default value: 60
The number of seconds after a container is started before a readiness probe is initiated.
runtime.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
runtime.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
runtime.readinessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
runtime.replicaCountMax
Default value: 4
Maximum number of replicas available for autoscaling.
runtime.replicaCountMin
Default value: 1
Minimum number of replicas available for autoscaling.
runtime.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
runtime.resources.requests.memory
Default value: 512Mi
(see note below)
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes
( Mi
) or Gibibytes ( Gi
).
runtime.service.type
Default value: ClusterIP
The type of service. You can set this to a service other than ClusterIP; for example, LoadBalancer
.
runtime.targetCPUUtilizationPercentage
Default value: 75
Target CPU utilization for the runtime process on the pod. The
value of this field enables the runtime to auto-scale when CPU utilization
reaches this value, up to replicaCountMax
.
runtime.terminationGracePeriodSeconds
Default value: 180
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
synchronizer
Ensures that the Message Processors are kept up to date with the latest deployed API proxy bundles. To do this, the Synchronizer polls the management plane; when a new contract is detected, the Synchronizer sends it to the runtime plane. By default, Synchronizer stores environment configuration data in Cassandra.
For more information, see Configure the Synchronizer .
The following table describes the properties of the synchronizer
object:
synchronizer.annotations
Default value:None
Optional key/value map used to annotate pods. For more information, see Custom annotations .
synchronizer.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
synchronizer.image.tag
Default value: 1.8.8
The version label for this service's Docker image.
synchronizer.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-synchronizer
The location of the Docker image for this service.
synchronizer.livenessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
synchronizer.livenessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a liveness probe is initiated.
synchronizer.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
synchronizer.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
synchronizer.nodeSelector.key
Default value:None
Required
Optional node selector label key for targeting Kubernetes nodes for synchronizer
runtime services.
See nodeSelector .
synchronizer.nodeSelector.value
Default value:None
Optional node selector label value used for targeting Kubernetes nodes for synchronizer
runtime services.
See nodeSelector .
synchronizer.pollInterval
Default value: 60
The length of time that Synchronizer waits between polling operations. Synchronizer polls Apigee control plane services to detect and pull new runtime contracts.
synchronizer.readinessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready . The minimum value is 1.
synchronizer.readinessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a readiness probe is initiated.
synchronizer.readinessProbe.periodSeconds
Default value: 5
Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
synchronizer.readinessProbe.successThreshold
Default value: 1
The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
synchronizer.readinessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
synchronizer.replicaCount
Deprecated
: Starting in Hybrid version 1.2, manage the Synchronizer replica
count with: synchronizer.replicaCountMax
and synchronizer.replicaCountMin
synchronizer.replicaCountMax
Default value: 4
Maximum number of replicas for autoscaling.
synchronizer.replicaCountMin
Default value: 1
Minimum number of replicas for autoscaling.
synchronizer.resources.requests.cpu
Default value: 100m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
synchronizer.resources.requests.memory
Default value: 1Gi
The memory needed for normal operation of the resource in a Kubernetes container, in gigabytes.
synchronizer.serviceAccountPath
Default value:None
One of either serviceAccountPath
or serviceAccountRef
is required.
Path to Google Service Account key file with Apigee Synchronizer Managerrole.
synchronizer.serviceAccountRef
Default value:None
One of either serviceAccountPath
or serviceAccountRef
is required.
synchronizer.targetCPUUtilizationPercentage
Default value: 75
Target CPU utilization for the Synchronizer process on the pod. The
value of this field enables Synchronizer to auto-scale when CPU utilization
reaches this value, up to replicaCountMax
.
synchronizer.terminationGracePeriodSeconds
Default value: 30
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
udca
(Universal Data Collection Agent) Defines the service that runs within the data collection pod in the runtime plane. This service extracts analytics and deployment status data and sends it to the Unified Analytics Platform (UAP).
For more information, see Analytics and deployment status data collection .
The following table describes the properties of the udca
object:
udca.annotations
Default value:None
Optional key/value map used to annotate pods. For more information, see Custom annotations .
udca.fluentd.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
udca.fluentd.image.tag
Default value: 1.8.9
The version label for this service's Docker image.
udca.fluentd.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-stackdriver-logging-agent
The location of the Docker image for this service.
udca.fluentd.resources.limits.cpu
Default value: 500m
The memory limit for the resource in a Kubernetes container, in mebibytes.
udca.fluentd.resources.limits.memory
Default value: 500Mi
The memory limit for the resource in a Kubernetes container, in mebibytes.
udca.fluentd.resources.requests.cpu
Default value: 500m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
udca.fluentd.resources.requests.memory
Default value: 250Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
udca.image.pullPolicy
Default value:IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
udca.image.tag
Default value: 1.8.8
The version label for this service's Docker image.
udca.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-udca
The location of the Docker image for this service.
udca.jvmXms
Deprecated
: Starting in Hybrid version 1.8, udca.jvmXms
is no
longer used.
udca.jvmXmx
Deprecated
: Starting in Hybrid version 1.8, udca.jvmXmx
is no
longer used.
udca.livenessProbe.failureThreshold
Default value: 2
The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
udca.livenessProbe.initialDelaySeconds
Default value: 0
The number of seconds after a container is started before a liveness probe is initiated.
udca.livenessProbe.periodSeconds
Default value: 5
Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
udca.livenessProbe.timeoutSeconds
Default value: 1
The number of seconds after which a liveness probe times out. The minimum value is 1.
udca.nodeSelector.key
Default value:None
Required
Node selector label key used to target dedicated Kubernetes nodes for udca
runtime services.
udca.nodeSelector.value
Default value:None
Required
Node selector label value used to target dedicated Kubernetes nodes for udca
runtime services.
udca.pollingIntervalInSec
Default value: 1
The length of time, in seconds, that UDCA waits between polling operations. UDCA polls the data directory on the data collection pod's file system to detect new files to be uploaded.
udca.replicaCountMax
Default value: 4
The maximum number of pods that hybrid can automatically add for the UDCA deployment. Because UDCA is implemented as a ReplicaSet, the pods are replicas.
It is recommended to set udca.replicaCountMax
to a maximum number of replicas
per environment times the number of environments in your Apigee org. For example, if you
want to allow at most 4 replicas per environment and you have 3 environments, set udca.replicaCountMax: 12
.
udca.replicaCountMin
Default value: 1
The minimum number of pods for the UDCA deployment. Because UDCA is implemented as a ReplicaSet, the pods are replicas.
If the CPU usage goes above udca.targetCPUUtilizationPercentage
,
then hybrid will gradually increase the number of pods, up to udca.replicaCountMax
.
udca.resources.limits.cpu
Default value: 500m
The memory limit for the resource in a Kubernetes container, in mebibytes.
udca.resources.limits.memory
Default value: 500Mi
The memory limit for the resource in a Kubernetes container, in mebibytes.
udca.resources.requests.cpu
Default value: 250m
The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
udca.resources.requests.memory
Default value: 250Mi
The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
udca.revision
Default value: v1
A static value that is populated in a label to enable canary deployments.
udca.serviceAccountPath
Default value:None
One of either serviceAccountPath
or serviceAccountRef
is required.
Path to Google Service Account key file with Apigee Analytics Agentrole.
udca.serviceAccountRef
Default value:None
One of either serviceAccountPath
or serviceAccountRef
is required.
udca.targetCPUUtilizationPercentage
Default value: 75
The threshold of CPU usage for scaling the number of pods in the ReplicaSet, as a percentage of total available CPU resources. Hybrid uses the combined utilization of all containers in the data collection pod (both fluentd and UDCA) to calculate the current utilization.
When CPU usage goes above this value, then hybrid will gradually
increase the number of pods in the ReplicaSet, up to udca.replicaCountMax
.
udca.terminationGracePeriodSeconds
Default value: 600
The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
virtualhosts
The virtualhosts
property is a required configuration property.
Virtual hosts allow Apigee hybrid to handle API requests to a
specified environment group..
For more information, see Configure virtual hosts .
The following table describes the properties of the virtualhosts
object:
virtualhosts[].additionalGateways
Default value:None
A list of Istio Gateways to route traffic to.
virtualhosts[].cipherSuites[]
Default value:None
The list of TLS ciphers. You can find the full list of supported ciphers in the documentation for the Boring FIPS build of Envoy . A blank value defaults to the cipher suites supported by the Boring FIPS build of Envoy.
For example, to support TLS v.1.1:
virtualhosts: - name: ENV_GROUP_NAME minTLSProtocolVersion: "1.1" cipherSuites: - "ECDHE-ECDSA-AES128-GCM-SHA256" - "ECDHE-RSA-AES128-GCM-SHA256" - "ECDHE-ECDSA-AES256-GCM-SHA384" - "ECDHE-RSA-AES256-GCM-SHA384" - "ECDHE-ECDSA-CHACHA20-POLY1305" - "ECDHE-RSA-CHACHA20-POLY1305" - "ECDHE-ECDSA-AES128-SHA" - "ECDHE-RSA-AES128-SHA" - "ECDHE-ECDSA-AES256-SHA" - "ECDHE-RSA-AES256-SHA" ...
virtualhosts[].name
Default value:None
Required
The name of the virtual host.
virtualhosts[].hostAliases[]
Default value:None
Required
Deprecated : Starting in Hybrid version 1.4 the runtime plane receives this information from the management plane. See About environments and environment groups .
virtualhosts[].maxTLSProtocolVersion
Default value:None
The maximum version of the TLS protocol Envoy can select. Envoy automatically uses the
optimal TLS protocol version between virtualhosts[].minTLSProtocolVersion
and virtualhosts[].maxTLSProtocolVersion
.
The value must be in the form of a number. For example:
virtualhosts:
- name: default
maxTLSProtocolVersion: "1.3"
Where the number represents the TLS version number in the form #.#
. In
the example above, "1.3"
represents the Istio TLS version TLSV1_3
.
See also ServerTLSSettings.TLSProtocol
in the Istio documentation.
virtualhosts[].minTLSProtocolVersion
Default value:None
The minimum version of the TLS protocol Envoy can select. Envoy automatically uses the
optimal TLS protocol version between virtualhosts[].minTLSProtocolVersion
and virtualhosts[].maxTLSProtocolVersion
.
The value must be in the form of a number. For example:
virtualhosts:
- name: default
minTLSProtocolVersion: "1.2"
Where the number represents the TLS version number in the form #.#
. In
the example above, 1.2
represents the Istio TLS version TLSV1_2
.
See also ServerTLSSettings.TLSProtocol
in the Istio documentation.
virtualhosts[].selector
Default value: app: apigee-ingressgateway
Required
A key-value selector-value pair for pointing to different ingress selectors.
-
apigee-ingressgateway: for Apigee hybrid installations using Apigee ingress gateway. -
istio-ingressgateway: for Apigee hybrid installations using Anthos Service Mesh.
If no selector label is supplied, the configuration is supplied to both Apigee ingress gateway and customer-installed Anthos Service Mesh.
virtualhosts[].sslCertPath
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The path on your system to a TLS certificate file.
virtualhosts[].sslKeyPath
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The path on your system to the TLS private key file.
virtualhosts[].sslSecret
Default value:None
Either sslCertPath
/ sslKeyPath
or sslSecret
is required.
The name of a file stored in a Kubernetes secret that contains the TLS certificate and private key. You must create the secret using the TLS certificate and key data as its input.
See also:
- Storing data in a Kubernetes secret
- Secrets in the Kubernetes documentation
- Creating a Secret Using kubectl in the Kubernetes documentation
watcher
The watcher
property is a required configuration property.
The watcher is a process that watches for configuration changes and triggers their application to
the runtime plane..
The following table describes the properties of the watcher
object:
watcher.annotations
Default value:None
Optional key/value map used to annotate pods. For more information, see Custom annotations .
watcher.image.pullPolicy
Default value: IfNotPresent
Determines when kubelet pulls the pod's Docker image. Possible values include:
-
IfNotPresent: Do not pull a new image if it already exists. -
Always: Always pull the image, regardless of whether it exists already.
For more information, see Updating images .
watcher.image.tag
Default value: 1.8.8
The version label for this service's Docker image.
watcher.image.url
Default value: gcr.io/apigee-release/hybrid/apigee-watcher
he location of the Docker image for this service.
watcher.replicaCountMax
Default value: 1
The maximum number of watcher replicas. This should be kept at 1
to avoid conflicts.
watcher.replicaCountMin
Default value: 1
The minimum number of watcher replicas.
watcher.serviceAccountPath
Default value:None
Required.
Path to Google Service Account key file with Apigee Runtime Agentrole.
watcher.serviceAccountRef
Default value:None
One of either serviceAccountPath or serviceAccountRef is required.
