Specify configuration overrides
The Apigee hybrid installer uses defaults for many settings; however, there are a few settings that do not have defaults. You must provide values for these settings, as explained next.
- Be sure you are in the
hybrid-base-directory/hybrid-files
directory. - Copy the
overrides-small.yaml
file from the
directory to your$APIGEECTL_HOME
/examplesoverrides
directory:cp
$APIGEECTL_HOME
/examples/overrides-small.yaml ./overrides/overrides.yamlThis example file provides a basic configuration for a small-footprint hybrid runtime installation, a configuration that is suitable for a your first installation.
cd
into theoverrides
directory:- Open
overrides.yaml
and add the required property values, shown below. A detailed description of each property is also provided below:Syntax
The
overrides.yaml
file has the following structure and syntax. Values in red, bold italics are property values that you must provide. They are also described in the table below.gcp: region: gcp-region projectID: gcp-project-id k8sCluster: name: cluster-name region: cluster-region org: org-name virtualhosts: - name: virtual-host-name hostAliases: - "host-alias-1" - "host-alias-2" - "host-alias-n" sslCertPath: ./certs/test-cert-name.pem sslKeyPath: ./certs/test-key-name.key routingRules: - paths: - /path1 - /path2 - /pathn env: environment-name envs: - name: environment-name # The same name of the env you created in the UI serviceAccountPaths: synchronizer: ./service-accounts/synchronizer-service-account-name.json udca: ./service-accounts/udca-service-account-name.json mart: hostAlias: mart-host-alias serviceAccountPath: ./service-accounts/mart-service-account-name.json sslCertPath: ./certs/mart-cert-name.pem sslKeyPath: ./certs/mart-key-name.key cassandra: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet ingress: runtime: loadBalancerIP: virtual_IP_runtime mart: loadBalancerIP: virtual_IP_mart metrics: serviceAccountPath: ./service-accounts/metrics-service-account-name.json logger: enabled: false
Example
The following example shows a completed overrides file with example property values added:
gcp: region: us-central1 projectID: my-gcp-project k8sCluster: name: apigee-hybrid region: us-central1 org: hybrid-org virtualhosts: - name: default hostAliases: - "*.acme.com" sslCertPath: ./certs/keystore.pem sslKeyPath: ./certs/keystore.key routingRules: - paths: - /foo - /bar env: test envs: - name: test serviceAccountPaths: synchronizer: ./service-accounts/hybrid-project-apigee-synchronizer.json udca: ./service-accounts/hybrid-project-apigee-udca.json mart: hostAlias: "mart.apigee-hybrid-docs.net" serviceAccountPath: ./service-accounts/hybrid-project-apigee-mart.json sslCertPath: ./certs/fullchain.pem sslKeyPath: ./certs/privkey.key cassandra: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet ingress: runtime: loadBalancerIP: 21.0.124.13 mart: loadBalancerIP: 21.0.124.14 metrics: serviceAccountPath: ./service-accounts/hybrid-project-apigee-metrics.json logger: enabled: false
- When your finished, save the file.
cd overrides
The following table describes each of the property values that you must provide in the overrides file. For more information, see Configuration property reference.
Variable | Description |
---|---|
project-id | Your GCP project ID. |
cluster-name | Your Kubernetes cluster name. |
cluster-region | The region in which the cluster was created. |
org-name | The name of your Apigee hybrid organization. |
environment-name | Use the same name that you used when you created an environment in the UI, as explained in Step 5: Add a new environment in the hybrid UI. |
test-host-alias | (Required) For the quickstart, use the wildcard character " The use of |
test-cert-name test-key-name | Enter the name of the self-signed TLS key and certificate files that you generated previously in the step
Create TLS credentials for the runtime gateway. These files must be located in
the base_directory/hybrid-files/certs directory. For example:
sslCertPath: ./certs/keystore.pem sslKeyPath: ./certs/keystore.key |
synchronizer-service-account-name | The name of the synchronizer service account key file that you generated with the
create-service-account tool. For example:
synchronizer: ./service-accounts/hybrid-project-apigee-synchronizer.json |
udca-service-account-name | The name of the udca service account key file that you generated with the
create-service-account tool. For example:
udca: ./service-accounts/hybrid-project-apigee-udca.json |
virtual_IP_runtime, virtual_IP_mart |
To use GKE on-prem integrated load balancing, you need to provide virtual IPs for LoadBalancers on the hybrid MART and runtime services. GKE on-prem automatically configures the virtual IP on the F5 BIG-IP load balancer. For more information, see Setting up your load balancer for GKE on-prem |
mart-host-alias | A qualified DNS name for the MART server endpoint. This name must match
the common name (CN) used in the authorized TLS certificate required for
this configuration. For example,
mart.mydomain.com
|
mart-service-account-name | The name of the mart service account key file that you generated with the
create-service-account tool. |
mart-cert-name mart-key-name |
Enter the name of the authorized TLS key and certificate files that you generated previously in the step
Create TLS credentials for the MART gateway.
These files must be located in
the base_directory/hybrid-files/certs directory. For example:
sslCertPath: ./certs/fullchain.pem sslKeyPath: ./certs/privkey.key |
gcp-region | Identifies the GCP region
where the apigee-logger
and the apigee-metrics push their data. |
gcp-project-id | Identifies the Google Cloud project where apigee-logger and the apigee-metrics push
their data. |
metrics-service-account-name | The name of the metrics service account key file that you generated with the
create-service-account tool. For example:
serviceAccountPath: ./service-accounts/hybrid-project-apigee-metrics.json |
Summary
The configuration file tells Kubernetes how to deploy the hybrid components to a cluster. Next, you will apply this configuration to your cluster.
1 2 3 (NEXT) Step 4: Install hybrid runtime