Installing and managing Apigee hybrid with Helm charts

This document guides you through the step-by-step process of installing Apigee hybrid v1.10 using Helm charts.

Version

Apigee hybrid Helm charts is for use with Apigee hybrid v1.10.x. See Apigee hybrid release history for the list of hybrid releases.

Prerequisites

• Apigee hybrid 1.10.4
• Helm v3.10+
• Access to the Apigee hybrid Helm chart repository at:
  oci://us-docker.pkg.dev/apigee-release/apigee-hybrid-helm-charts
• gcloud CLI
• Creating and managing projects
• A Kubernetes cluster for your Apigee hybrid installation. See:
  • Supported Kubernetes Platform and version
  • Minimum cluster configurations

Scope

• This release supports only Apigee hybrid version 1.10.4.
• This release supports:
  • New Apigee hybrid installations.
  • Existing Apigee hybrid installations upgraded to version 1.10.4 and migrated to Helm management using the Apigee hybrid Helm migration tool.
• This release supports:
  • Basic Apigee hybrid installation
  • Cassandra backup and restore
  • Multi-region setup

Supported Kubernetes platforms and versions

Limitations

• Helm charts do not fully support CRDs; therefore, we will be using the kubectl -k command for installing and upgrading them. We aim to follow community and Google best practices around Kubernetes management. CRD deployments through Helm have not yet reached a community state where we see broad support, or requests for such a model. Therefore, management of Apigee CRDs should be done using kubectl as mentioned in this document.
• In apigeectl, we have used files throughout overrides.yaml for service accounts and certs; however, Helm does not support referencing files outside of the chart directory. Pick one of the following options for service account and cert files:
  • Place copies of relevant files within each chart directory
  • Create symbolic links within each chart directory for each file, or a folder. Helm will follow symbolic links out of the chart directory, but will output a warning like the following:
    apigee-operator/gsa -> ../gsa
  • Use Kubernetes secrets. For example, for service accounts:

    kubectl create secret generic SECRET_NAME \
      --from-file="client_secret.json=CLOUD_IAM_FILE_NAME.json" \
      -n apigee
    

    Replace the following:
    • SECRET_NAME with the name of the Kubernetes secret you created.
    • CLOUD_IAM_FILE_NAME.json with the name of the downloaded JSON file.

Supported Kubernetes Platform and versions

For a list of supported platforms, see the v1.10 column in the Apigee hybrid supported platforms table.

Permissions required

This table lists the resources and permissions required for Kubernetes and Apigee.

To filter this table, do one or more of the following: select a category, type a search term, or click a column heading to sort.

See also:

• Using RBAC Authorization
• Determine the Request Verb

Prepare for installation

Apigee hybrid charts are hosted in Google Artifact Registry:

oci://us-docker.pkg.dev/apigee-release/apigee-hybrid-helm-charts

Pull Apigee Helm charts

Using the pull command, copy all of the Apigee hybrid Helm charts to your local storage with the following command:

export CHART_REPO=oci://us-docker.pkg.dev/apigee-release/apigee-hybrid-helm-charts
export CHART_VERSION=1.10.4
helm pull $CHART_REPO/apigee-operator --version $CHART_VERSION --untar
helm pull $CHART_REPO/apigee-datastore --version $CHART_VERSION --untar
helm pull $CHART_REPO/apigee-env --version $CHART_VERSION --untar
helm pull $CHART_REPO/apigee-ingress-manager --version $CHART_VERSION --untar
helm pull $CHART_REPO/apigee-org --version $CHART_VERSION --untar
helm pull $CHART_REPO/apigee-redis --version $CHART_VERSION --untar
helm pull $CHART_REPO/apigee-telemetry --version $CHART_VERSION --untar
helm pull $CHART_REPO/apigee-virtualhost --version $CHART_VERSION --untar

Install Apigee hybrid

Installation sequence overview

Installation of components is done from left to right in sequence as shown in the following figure. Components that are stacked vertically in the figure can be installed together and in any order. Once you have installed any component, you can update that component individually and at any point; for example, replica, memory, CPU, and so on.

Prepare to install Apigee hybrid with Helm charts

1. Create the namespace that will be used for apigee resources. This should match the namespace field in the overrides.yaml file. If this is not present in overrides.yaml, then the default is apigee.

   1. Check if the namespace already exists:

      kubectl get namespace apigee

      If the namespace exists, your output includes:

        NAME     STATUS   AGE
        apigee   Active   1d
      

   2. If the namespace does not already exist, create it:

      kubectl create namespace apigee

2. Create the service accounts and assign the appropriate IAM roles to them. Apigee hybrid uses the following service accounts:

   Service account	IAM roles
   apigee-cassandra	Storage Object Admin
   apigee-logger	Logs Writer
   apigee-mart	Apigee Connect Agent
   apigee-metrics	Monitoring Metric Writer
   apigee-runtime	No role required
   apigee-synchronizer	Apigee Synchronizer Manager
   apigee-udca	Apigee Analytics Agent
   apigee-watcher	Apigee Runtime Agent

   Apigee provides a tool, create-service-account, in the apigee-operator/etc/tools directory:

   APIGEE_HELM_CHARTS_HOME/
   └── apigee-operator/
       └── etc/
           └── tools/
               └── create-service-account
   

   This tool creates the service accounts, assigns the IAM roles to each account, and downloads the certificate files in JSON format for each account.

   1. Create the directory where you want to download the service account cert files. You will specify this in the following command in the place of SERVICE_ACCOUNTS_PATH.
   2. You can create all the service accounts with a single command with the following options:

      APIGEE_HELM_CHARTS_HOME/apigee-operator/etc/tools/create-service-account --env prod --dir SERVICE_ACCOUNTS_PATH
      

   3. List the names of your service accounts for your overrides file:

      ls service-accounts
      

      my_project-apigee-cassandra.json    my_project-apigee-runtime.json
      my_project-apigee-logger.json       my_project-apigee-synchronizer.json
      my_project-apigee-mart.json         my_project-apigee-udca.json
      my_project-apigee-metrics.json      my_project-apigee-watcher.json
      

      For more information see:

      • Step 4: Create service accounts
      • About service accounts
3. Before installing, look at the overrides.yaml file to verify the settings:

   instanceID: UNIQUE_ID_TO_IDENTIFY_THIS_CLUSTER
   namespace: apigee # required for Helm charts installation
   
   # By default, logger and metrics are enabled and requires below details
   # Google Cloud project and cluster
   gcp:
     projectID: PROJECT_ID
     region: REGION
   
   k8sCluster:
     name: CLUSTER_NAME
     region: REGION
   
   org: ORG_NAME
   
   envs:
   - name: "ENV_NAME"
     serviceAccountPaths:
       runtime: "PATH_TO_RUNTIME_SVC_ACCOUNT"
       synchronizer: "PATH_TO_SYNCHRONIZER_SVC_ACCOUNT"
       udca: "PATH_TO_UDCA_SVC_ACCOUNT"
   
   ingressGateways:
   - name: GATEWAY_NAME # maximum 17 characters, eg: "ingress-1". See Known issue 243167389.
     replicaCountMin: 1
     replicaCountMax: 2
     svcType: LoadBalancer
   
   virtualhosts:
   - name: ENV_GROUP_NAME
     selector:
       app: apigee-ingressgateway
       ingress_name: GATEWAY_NAME
     sslSecret: SECRET_NAME
   
   mart:
     serviceAccountPath: "PATH_TO_MART_SVC_ACCOUNT"
   
   logger:
     enabled: TRUE_FALSE # lowercase without quotes, eg: true
     serviceAccountPath: "PATH_TO_LOGGER_SVC_ACCOUNT"
   
   metrics:
     enabled: TRUE_FALSE # lowercase without quotes, eg: true
     serviceAccountPath: "PATH_TO_METRICS_SVC_ACCOUNT"
   
   udca:
     serviceAccountPath: "PATH_TO_UDCA_SVC_ACCOUNT"
   
   connectAgent:
     serviceAccountPath: "PATH_TO_MART_SVC_ACCOUNT"
   
   watcher:
     serviceAccountPath: "PATH_TO_WATCHER_SVC_ACCOUNT"
   

   This is the same overrides config you will use for this Helm installation. For more settings see the Configuration property reference.

   For more examples of overrides files, see Step 6: Configure the hybrid runtime.

4. Enable synchronizer access. This is a prerequisite for installing Apigee hybrid.

   1. Check to see if synchronizer access is already enabled with the following commands:

      export TOKEN=$(gcloud auth print-access-token)
      

      curl -X POST -H "Authorization: Bearer $TOKEN" \
        -H "Content-Type:application/json" \
        "https://apigee.googleapis.com/v1/organizations/ORG_NAME:getSyncAuthorization" \
        -d ''
      

      Your output should look something like the following:

      {
        "identities":[
           "serviceAccount:SYNCHRONIZER_SERVICE_ACCOUNT_ID"
        ],
        "etag":"BwWJgyS8I4w="
      }
      

   2. If the output does not include the service account ID, enable synchronizer access. Your account must have the Apigee Organization Admin IAM role (roles/apigee.admin) to perform this task.

      curl -X POST -H "Authorization: Bearer $TOKEN" \
        -H "Content-Type:application/json" \
        "https://apigee.googleapis.com/v1/organizations/ORG_NAME:setSyncAuthorization" \
        -d '{"identities":["'"serviceAccount:SYNCHRONIZER_SERVICE_ACCOUNT_ID"'"]}'
      

      See Step 7: Enable Synchronizer access in the Apigee hybrid installation documentation for more detailed information.

5. Install Cert Manager with the following command:

   kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.1/cert-manager.yaml
   

6. Install the Apigee CRDs:

   1. Use the kubectl dry-run feature by running the following command:

      kubectl apply -k  apigee-operator/etc/crds/default/ --server-side --force-conflicts --validate=false --dry-run=server
      

   2. After validating with the dry-run command, run the following command:

      kubectl apply -k  apigee-operator/etc/crds/default/ --server-side --force-conflicts --validate=false
      

   3. Validate the installation with the kubectl get crds command:

      kubectl get crds | grep apigee

      Your output should look something like the following:

      apigeedatastores.apigee.cloud.google.com                    2023-10-09T14:48:30Z
      apigeedeployments.apigee.cloud.google.com                   2023-10-09T14:48:30Z
      apigeeenvironments.apigee.cloud.google.com                  2023-10-09T14:48:31Z
      apigeeissues.apigee.cloud.google.com                        2023-10-09T14:48:31Z
      apigeeorganizations.apigee.cloud.google.com                 2023-10-09T14:48:32Z
      apigeeredis.apigee.cloud.google.com                         2023-10-09T14:48:33Z
      apigeerouteconfigs.apigee.cloud.google.com                  2023-10-09T14:48:33Z
      apigeeroutes.apigee.cloud.google.com                        2023-10-09T14:48:33Z
      apigeetelemetries.apigee.cloud.google.com                   2023-10-09T14:48:34Z
      cassandradatareplications.apigee.cloud.google.com           2023-10-09T14:48:35Z
      

7. Check the existing labels on the cluster nodes. By default, Apigee schedules data pods on nodes with the label cloud.google.com/gke-nodepool=apigee-data and runtime pods are scheduled on nodes with the label cloud.google.com/gke-nodepool=apigee-runtime. You can customize your node pool labels in the overrides.yaml file.

   For more information, see Configuring dedicated node pools.

Install the Apigee hybrid Helm charts

1. Install Apigee Operator/Controller:

   helm upgrade operator apigee-operator/ \
     --install \
     --create-namespace \
     --namespace apigee-system \
     --atomic \
     -f overrides.yaml
   

   Verify Apigee Operator installation:

   helm ls -n apigee-system
   

   NAME           NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
   operator    apigee-system   3               2023-06-26 00:42:44.492009 -0800 PST    deployed        apigee-operator-1.10.4   1.10.4
   

   Verify it is up and running by checking its availability:

   kubectl -n apigee-system get deploy apigee-controller-manager
   

   NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
   apigee-controller-manager   1/1     1            1           7d20h
   

2. Install Apigee datastore:

   helm upgrade datastore apigee-datastore/ \
     --install \
     --namespace apigee \
     --atomic \
     -f overrides.yaml
   

   Verify apigeedatastore is up and running by checking its state:

   kubectl -n apigee get apigeedatastore default
   

   NAME      STATE       AGE
   default   running    2d
   

3. Install Apigee telemetry:

   helm upgrade telemetry apigee-telemetry/ \
     --install \
     --namespace apigee \
     --atomic \
     -f overrides.yaml
   

   Verify it is up and running by checking its state:

   kubectl -n apigee get apigeetelemetry apigee-telemetry
   

   NAME               STATE     AGE
   apigee-telemetry   running   2d
   

4. Install Apigee Redis:

   helm upgrade redis apigee-redis/ \
     --install \
     --namespace apigee \
     --atomic \
     -f overrides.yaml
   

   Verify it is up and running by checking its state:

   kubectl -n apigee get apigeeredis default
   

   NAME      STATE     AGE
   default   running   2d
   

5. Install Apigee ingress manager:

   helm upgrade ingress-manager apigee-ingress-manager/ \
     --install \
     --namespace apigee \
     --atomic \
     -f overrides.yaml
   

   Verify it is up and running by checking its availability:

   kubectl -n apigee get deployment apigee-ingressgateway-manager
   

   NAME                            READY   UP-TO-DATE   AVAILABLE   AGE
   apigee-ingressgateway-manager   2/2     2            2           2d
   

6. Install Apigee organization:

   helm upgrade ORG_NAME apigee-org/ \
     --install \
     --namespace apigee \
     --atomic \
     -f overrides.yaml
   

   Verify it is up and running by checking the state of the respective org:

   kubectl -n apigee get apigeeorg
   

   NAME                      STATE     AGE
   apigee-org1-xxxxx          running   2d
   

7. Install the environment.

   You must install one environment at a time. Specify the environment with --set env=ENV_NAME:

   helm upgrade apigee-env-ENV_NAME apigee-env/ \
     --install \
     --namespace apigee \
     --atomic \
     --set env=ENV_NAME \
     -f overrides.yaml
   

   Verify it is up and running by checking the state of the respective env:

   kubectl -n apigee get apigeeenv
   

   NAME                          STATE       AGE   GATEWAYTYPE
   apigee-org1-dev-xxx            running     2d
   

8. Create the TLS certificates. You are required to provide TLS certificates for the runtime ingress gateway in your Apigee hybrid configuration.

   1. Create the certificates. In a production environment, you will need to use signed certificates. You can use either a certificate and key pair or a Kubernetes secret.

      For demonstration and testing installation, the runtime gateway can accept self-signed credentials. In the following example, openssl is used to generate the self-signed credentials:

      openssl req -nodes -new -x509 \
        -keyout PATH_TO_CERTS_DIRECTORY/keystore_ENV_GROUP_NAME.key \
        -out PATH_TO_CERTS_DIRECTORY/keystore_ENV_GROUP_NAME.pem \
        -subj '/CN='YOUR_DOMAIN'' -days 3650
      

      For more information, see Step 5: Create TLS certificates.

   2. Create the Kubernetes secret to reference the certs:

      kubectl create secret generic NAME \
        --from-file="cert=PATH_TO_CRT_FILE" \
        --from-file="key=PATH_TO_KEY_FILE" \
        -n apigee
      

9. Install virtual host.

   You must install one environment group (virtualhost) at a time. Specify the environment group with --set envgroup=ENV_GROUP_NAME:

   # repeat the following command for each env group mentioned in the overrides.yaml file
   helm upgrade apigee-virtualhost-ENV_GROUP_NAME apigee-virtualhost/ \
     --install \
     --namespace apigee \
     --atomic \
     --set envgroup=ENV_GROUP_NAME \
     -f overrides.yaml
   

   This creates ApigeeRouteConfig (ARC) which internally creates ApigeeRoute (AR) once the Apigee watcher pulls env group related details from the control plane. Therefore, check that the corresponding AR's state is running:

   kubectl -n apigee get arc
   

   NAME                                STATE   AGE
   apigee-org1-dev-egroup                       2d
   

   kubectl -n apigee get ar
   

   NAME                                        STATE     AGE
   apigee-org1-dev-egroup-xxxxxx                running   2d
   

Additional use cases for Helm charts with Apigee hybrid

Cassandra backup and restore

1. To enable backup:

   1. Update the Cassandra backup details in the overrides.yaml file:

      cassandra:
        backup:
          enabled: true
          serviceAccountPath: PATH_TO_GSA_FILE
          dbStorageBucket: BUCKET_LINK
          schedule: "45 23 * * 6"
      

   2. Run the Helm upgrade on apigee-datastore chart:

      helm upgrade datastore apigee-datastore/ \
        --namespace apigee \
        --atomic \
        -f overrides.yaml
      

2. Similarly, to enable restore:

   1. Update the Cassandra restore details in the overrides.yaml file:

      cassandra:
        restore:
          enabled: true
          snapshotTimestamp: TIMESTAMP
          serviceAccountPath: PATH_TO_GSA_FILE
          cloudProvider: "CSI"
      

   2. Run the Helm upgrade on apigee-datastore chart:

      helm upgrade datastore apigee-datastore/ \
        --namespace apigee \
        --atomic \
        -f overrides.yaml
      

See Cassandra backup overview for more details on Cassandra backup and restore.

Multi-region expansion

Multi-region setup with Helm charts requires the same prerequisites as the current apigeectl procedures. For details, see Prerequisites for multi-region deployments.

The procedure to configure hybrid for multi-region is the same as the existing procedure up through the process of configuring the multi-region seed host and setting up the Kubernetes cluster and context.

Configure the first region

Use the following steps to configure the first region and prepare for configuring the second region:

1. Follow the steps in Configure Apigee hybrid for multi-region to Configure the multi-region seed host on your platform.

2. For the first region created, get the pods in the apigee namespace:

   kubectl get pods -o wide -n apigee
   

3. Identify the multi-region seed host address for Cassandra in this region, for example 10.0.0.11.

4. Prepare the overrides.yaml file for the second region and add in the seed host IP address as follows:

   cassandra:
     multiRegionSeedHost: "SEED_HOST_IP_ADDRESS"
     datacenter: "DATACENTER_NAME"
     rack: "RACK_NAME"
     clusterName: CLUSTER_NAME
     hostNetwork: false
   

   Replace the following:

   • SEED_HOST_IP_ADDRESS with the seed host IP address, for example 10.0.0.11.
   • DATACENTER_NAME with the datacenter name, for example dc-2.
   • RACK_NAME with the rack name, for example ra-1.
   • CLUSTER_NAME with the name of your Apigee cluster. By default the value is apigeecluster. If you use a different cluster name, you must specify a value for cassandra.clusterName. This value must be the same in all regions.

Configure the second region

To set up the new region:

1. Install cert-manager in region 2:

   kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.1/cert-manager.yaml
   

2. Create a Kubernetes secret for your service account.
3. Create a Kubernetes secret for your ingress certificate.
4. Copy your certificate from the existing cluster to the new cluster. The new CA root is used by Cassandra and other hybrid components for mTLS. Therefore, it is essential to have consistent certificates across the cluster.

   1. Set the context to the original namespace:

      kubectl config use-context ORIGINAL_CLUSTER_NAME
      

   2. Export the current namespace configuration to a file:

      kubectl get namespace apigee -o yaml > apigee-namespace.yaml
      

   3. Export the apigee-ca secret to a file:

      kubectl -n cert-manager get secret apigee-ca -o yaml > apigee-ca.yaml
      

   4. Set the context to the new region's cluster name:

      kubectl config use-context NEW_CLUSTER_NAME
      

   5. Import the namespace configuration to the new cluster. Be sure to update the namespace in the file if you're using a different namespace in the new region:

      kubectl apply -f apigee-namespace.yaml
      

   6. Import the secret to the new cluster:

      kubectl -n cert-manager apply -f apigee-ca.yaml
      

5. Now use Helm charts to install Apigee hybrid in the new region with the following Helm Chart commands (as done in region 1):

   helm upgrade operator apigee-operator \
     --install \
     --create-namespace \
     --namespace apigee-system \
     --atomic
     -f overrides-DATACENTER_NAME.yaml
   helm upgrade datastore apigee-datastore \
     --install \
     --namespace apigee \
     --atomic \
     -f overrides-DATACENTER_NAME.yaml
   helm upgrade telemetry apigee-telemetry \
     --install \
     --namespace apigee \
     --atomic \
     -f overrides-DATACENTER_NAME.yaml
   helm upgrade redis apigee-redis \
     --install \
     --namespace apigee \
     --atomic \
     -f overrides-DATACENTER_NAME.yaml
   helm upgrade ingress-manager apigee-ingress-manager \
     --install \
     --namespace apigee \
     --atomic \
     -f overrides-DATACENTER_NAME.yaml
   helm upgrade ORG_NAME apigee-org \
     --install \
     --namespace apigee \
     --atomic \
     -f overrides-DATACENTER_NAME.yaml
   # repeat the below command for each env mentioned on the overrides
   helm upgrade apigee-env-ENV_NAME apigee-env/ \
     --install \
     --namespace apigee \
     --atomic \
     --set env=ENV_NAME \
     -f overrides-DATACENTER_NAME.yaml
   # repeat the below command for each env group mentioned on the overrides
   helm upgrade apigee-virtualhost-ENV_GROUP_NAME apigee-virtualhost/ \
     --install \
     --namespace apigee \
     --atomic \
     --set envgroup=ENV_GROUP_NAME \
     -f overrides-DATACENTER_NAME.yaml
   

6. Once all the components are installed, set up Cassandra on all the pods in the new data centers. For instructions, see Configure Apigee hybrid for multi-region, select your platform, scroll to Set up the new region, and then locate step 5.
7. Once the data replication is complete and verified, update the seed hosts:
   1. Remove multiRegionSeedHost: 10.0.0.11 from overrides-DATACENTER_NAME.yaml.

   2. Reapply the change to update the apigee datastore CR:

      helm upgrade datastore apigee-datastore/ \
        --install \
        --namespace apigee \
        --atomic \
        -f overrides-DATACENTER_NAME.yaml
      

Hosting images privately

Instead of relying on the public Google Cloud repository, you may optionally want to host the images privately. Instead of overriding each component, you can add hub details on the overrides:

hub: PRIVATE_REPO

For example, if the following hub is provided, it will automatically resolve the image path:

hub: private-docker-host.com

as:

## an example of internal component vs 3rd party
containers:
- name: apigee-udca
  image: private-docker-host.com/apigee-udca:1.10.4
  imagePullPolicy: IfNotPresent

containers:
- name: apigee-ingressgateway
  image: private-docker-host.com/apigee-asm-ingress:1.17.2-asm.8-distroless
  imagePullPolicy: IfNotPresent

apigee:
  gcr.io/apigee-release/hybrid/apigee-mart-server:1.10.3
  gcr.io/apigee-release/hybrid/apigee-synchronizer:1.10.3
  gcr.io/apigee-release/hybrid/apigee-runtime:1.10.3
  gcr.io/apigee-release/hybrid/apigee-hybrid-cassandra-client:1.10.3
  gcr.io/apigee-release/hybrid/apigee-hybrid-cassandra:1.10.3
  gcr.io/apigee-release/hybrid/apigee-cassandra-backup-utility:1.10.3
  gcr.io/apigee-release/hybrid/apigee-udca:1.10.3
  gcr.io/apigee-release/hybrid/apigee-connect-agent:1.10.3
  gcr.io/apigee-release/hybrid/apigee-watcher:1.10.3
  gcr.io/apigee-release/hybrid/apigee-operators:1.10.3
  gcr.io/apigee-release/hybrid/apigee-redis:1.10.3
  gcr.io/apigee-release/hybrid/apigee-mint-task-scheduler:1.10.3

third party:
  gcr.io/apigee-release/hybrid/apigee-stackdriver-logging-agent:1.9.12-2
  gcr.io/apigee-release/hybrid/apigee-prom-prometheus:v2.45.0
  gcr.io/apigee-release/hybrid/apigee-stackdriver-prometheus-sidecar:0.9.0
  gcr.io/apigee-release/hybrid/apigee-kube-rbac-proxy:v0.14.2
  gcr.io/apigee-release/hybrid/apigee-envoy:v1.27.0
  gcr.io/apigee-release/hybrid/apigee-prometheus-adapter:v0.11.0
  gcr.io/apigee-release/hybrid/apigee-asm-ingress:1.17.2-asm.8-distroless
  gcr.io/apigee-release/hybrid/apigee-asm-istiod:1.17.2-asm.8-distroless
  gcr.io/apigee-release/hybrid/apigee-fluent-bit:2.1.8

To display a list of the Apigee images hosted in the Google Cloud repository on the command line:

./apigee-operator/etc/tools/apigee-pull-push.sh --list

Tolerations

To use the Taints and Tolerations feature of Kubernetes, you must define the tolerations override property for each Apigee hybrid component. The following components support defining tolerations:

• ao
• apigeeIngressGateway
• cassandra
• cassandraSchemaSetup
• cassandraSchemaValidation
• cassandraUserSetup
• connectAgent
• istiod
• logger
• mart
• metrics
• mintTaskScheduler
• redis
• runtime
• synchronizer
• udca
• Watcher

See Configuration property reference for more information about these components.

For example, to apply the tolerations to the Apigee operator deployment:

ao:
  tolerations:
  - key: "key1"
    operator: "Equal"
    value: "value1"
    effect: "NoExecute"
    tolerationSeconds: 3600

To apply the tolerations to the Cassandra StatefulSet:

cassandra:
  tolerations:
  - key: "key1"
    operator: "Equal"
    value: "value1"
    effect: "NoExecute"
    tolerationSeconds: 3600