This section describes common terms you should be familiar with when using Apigee hybrid.

Term Definition
app image See image.
Apigee APIs The endpoints that you can use to configure environments, organizations, API proxies, and other hybrid services. You access this through the MART.
app/application A hybrid service that has been packaged and deployed inside a container, on a pod, within a node, in a cluster . Also known as a container image, micro-service, service, containerized application, or docker image (when docker is the container).

The Edge runtime data repository that stores application configurations, distributed quota counters, API keys, and OAuth tokens for applications running on the gateway.

This is a resource intensive StatefulSet and should be on a separate worker node from the Message Processor.

For more information, see About the runtime plane.

central management infrastructure (or "plane") See management plane.
CNCF Cloud Native Computing Foundation. You can run the hybrid runtime on any CNCF-conformant implementation of Kubernetes, except OpenShift.
configuration template See template.

Typically 1 container to 1 app. Decoupled from OS and its filesystem; have their own filesystem; cannot interact with other containers' processes; inside a pod. Docker or rkt are examples of containers.

The hybrid runtime Message Processor container (mp) contains both the router and Message Processor, though.

container[ized] image See image.
control plane See management plane.
controller Examines the system and re-assigns resources as necessary.

There are scheduler, deployment, replication, endpoint, Kubelet, and other controllers.

Deployment See app/application.
deployment spec The complete configuration file for your runtime plane. It is the combination of default values from the values.yaml file and your custom settings in the overrides.yaml file.
environment Provides an isolated context or "sandbox" for running API proxies. In a single organization, you can have multiple environments, and each environment has an Istio ingress gateway service mapped to it. All traffic from outside the cluster passes through this TLS-secured ingress endpoint.
GCR Google Container Repository.
GKE Google Kubernetes Engine. A Google-managed, production-ready environment for deploying containerized applications into Kubernetes. GKE allows you to get up and running with Kubernetes in no time, by completely eliminating the need to install, manage, and operate your own Kubernetes clusters.

An image can refer to two different states of an app and its dependencies:

  • app image is a version of an app's source code plus its dependencies. For example, you might use a repository or source code management tool such as Git or Perforce to version your app, within a build system that manages the app's dependencies.

    You reference an app image when creating a Deployment:

    kubectl run kubernetes-bootcamp --image=app_image_location
  • container image: An app image plus a dockerfile, packaged for deployment. Also known as a containerized app image or docker image. Apigee hybrid currently supports only docker containerized app images.

    The process for creating a container image is as follows:

    app image -> [package/build utility] -> container image

    Note that when you first create a deployment, the kubectl run command takes an image option. This option that specifies the location of the app image (before it is containerized). In most places, though, the term "image" refers to the containerized app: the result of the run command/the output of an app image being processed by a packaging utility.

image repository A group of shared container images.
Ingress/Ingress controller A containerized app that routes traffic from outside the cluster to services within the cluster.
KMS Key Management Service. Stores, maintains, and presents keys and OAuth tokens for encrypting and descrypting traffic. The Edge KMS manages keys for apps, developers, and API products.
KVM Key Value Map. A custom collection of key/value String pairs that is either encrypted or unencrypted. For more information, see Working with key value maps.
Kubernetes administration machine Your local machine that you use to run commands against your Kubernetes cluster. This machine is typically a desktop machine that has access to your Kubernetes VMs.
management plane The Google-hosted central services that communicate with the runtime plane via service accounts.

The API for runtime data interacts with the local runtime datastore (Cassandra). It serves as the API provider for public Apigee API to access and manage runtime data.

MART is a stateless application just like Message Processors. It is a Kuberenetes containerized app.

For more information, see About the runtime plane.

master node A Kubernetes term for a node that includes the apiserver, cloud-controller-manager (CCM), scheduler, and kube-controller-manager.
Message Processor (MP)

A Message Processor processes the customer API runtime requests and enforces proxy policies. Also known as an API gateway.

The Message Processor evaluates an incoming request, executes any Apigee policies, and calls the back-end systems and other systems to retrieve data. Once those responses have been received, the Message Processor formats a response and returns it to the client.

The MP is a Kubernetes Deployment. It is configured for a single Edge environment, pointing to a scoped subdirectory within the shared filesystem to which the Synchronizer provides data.

An MP is resource intensive and should be on a separate worker node from Cassandra.

For more information, see About the runtime plane.

namespace Virtual clusters used to divide cluster resources. Namespaces are for larger clusters with many users; smaller clusters with only tens of users do not need namespaces typically.
node A worker machine that may be either a virtual or a physical machine, depending on the cluster. Kubernetes creates node objects, but not nodes themselves. Nodes are created by external cloud providers like Google Compute Engine (GCE).
open source Kubernetes The reference implementation of Kubernetes. See Kubernetes. Apigee hybrid runtime runs on open source Kubernetes and open-source based versions of Kubernetes that are CNCF conformant.
organization A container for all the entities in an Apigee account, including API proxies, API products, API packages, apps, and developers. This document uses the terms Apigee organization or hybrid-enabled organization interchangeably.

To install and use hybrid, you must have an Apigee organization that is bound to a Google Cloud project. You do this when you create the organization in a process known as provisioning.

An Apigee organization is not the same as a GCP organization. Where the possibility of ambiguity exists, this document should specify that the “organization” is an Apigee organization.

pod A pod is the basic building block of Kubernetes: the smallest and simplest unit in the Kubernetes object model that you create or deploy. A pod represents a running process on your cluster.
proxy Also API proxy. An API proxy is an abstraction layer that "fronts" for your backend service APIs and provides value-added features such as security, rate limiting, quotas, analytics, and more.
replication controller Reschedules pods and handles self-healing for pods.
resource Also Kubernetes API resource. Objects that you use to manage the cluster, as well as the containers, applications, and other resources within it.

API resources include services that provide discovery, load balancing, configuration, and storage. An example of an API resource is an Ingress controller.

runtime plane

Apigee hybrid services that you manage on your own Kubernetes cluster exist within the runtime plane. These services communicate via service accounts with the management plane.

Includes MART, Synchronizer, Message Processors, and Cassandra.

For more information, see About the runtime plane.


A general term for the containerized apps running on your Kubernetes cluster in the runtime plane. These services include MART, Synchronizer, Message Processors, and Cassandra.

For more information, see About the runtime plane.

Snuffleupagus A large, slow moving woolly mammoth, popularized by a children's television show.
stateful node A cluster node that requires persistent storage to maintain state. See Configure dedicated node pools.
stateless node A cluster node that does not require persistent storage. See Configure dedicated node pools.

An runtime plane service that polls the management plane for deployment configuration and events for each environment. It downloads required metadata about deployed proxies, the proxy configuration files, and more to the runtime plane.

The Synchronizer stores its information on a shared file system that Message Processor reads. This will run as a DaemonSet application; it has no runtime API traffic and it can synchronize data for multiple environments from a single process/Kubernetes pod.

For more information, see About the runtime plane.


A YAML file that defines a service. Most hybrid services have their own template; for example, mp.yaml defines the Message Processor service.

During installation, the apigeectl command merges the templates into a single file that contains the cluster's configuration information called values.yaml. You can override some values in the values.yaml file using the overrides.yaml file.

The hybrid configuration templates are located in the hybrid_install_dir/templates directory on the Kubernetes administration machine.


Universal Data Collection Agent. A service running within the data collection pod in the runtime plane that extracts analytics, trace, and deployment status data and sends it to the UAP.

For more information, see Trace, analytics, and deployment status data collection.


Unified Analytics Platform. An Apigee service in the management plane that processes incoming analytics, trace, and deployment status data and makes it available to you via the Apigee hybrid UI or the Apigee APIs.

For more information, see Trace, analytics, and deployment status data collection.

volume Shared storage that can be used by all containerized applications within a pod.