NOTE: Some aspects of this product are in Beta. The hybrid installation options are GA. To join the Beta program, reach out to your Apigee representative.

Step 5: Install hybrid runtime

Apply the configuration to the cluster

Use the following steps to install Apigee hybrid into your cluster:

  1. Be sure that you are in the hybrid-base-directory/hybrid-files directory.
  2. Verify that kubectl is set to the correct context using the following command. The current context should be set to the cluster to which you are deploying Apigee hybrid.
    kubectl config get-contexts
  3. Do a dry run initialization. Execute the init command with the --dry-run flag. Doing a dry run lets you check for any errors before any changes are made to the cluster.

    In hybrid version 1.3, the syntax of the --dry-run flag depends on the version of kubectl you are running. Check the version of kubectl with the following command:

    gcloud version

    kubectl version 1.17 and older:

    $APIGEECTL_HOME/apigeectl init -f overrides/overrides.yaml --dry-run=true

    kubectl version 1.18 and newer:

    $APIGEECTL_HOME/apigeectl init -f overrides/overrides.yaml --dry-run=client
  4. If there are no errors, execute the init command as follows:
    $APIGEECTL_HOME/apigeectl init -f overrides/overrides.yaml

    The init command installs the Apigee deployment services Apigee Deployment Controller and Apigee Admission Webhook.

  5. To check the status of the deployment, you can use the following commands:
    $APIGEECTL_HOME/apigeectl check-ready -f overrides/overrides.yaml
    kubectl get pods -n apigee-system
    kubectl get pods -n istio-system

    When the pods are ready, go to the next step.

  6. Do a dry run install. Execute the apply command with the --dry-run flag.

    kubectl version 1.17 and older:

    $APIGEECTL_HOME/apigeectl apply -f overrides/overrides.yaml --dry-run=true

    kubectl version 1.18 and newer:

    $APIGEECTL_HOME/apigeectl apply -f overrides/overrides.yaml --dry-run=client
  7. If there are no errors, you can apply the Apigee-specific runtime components to the cluster with the following command:
    $APIGEECTL_HOME/apigeectl apply -f overrides/overrides.yaml
  8. To check the status of the deployment, run the following command:
    $APIGEECTL_HOME/apigeectl check-ready -f overrides/overrides.yaml

    Repeat this step until the pods are all ready. The pods may take several minutes to start up.

Enable synchronizer access

To enable synchronizer access:

  1. Make sure you are in the /hybrid-base-directory/hybrid-files/ directory.
  2. Verify the path to the Apigee Org Admin service account key. This is the account you created in Step 3: Install apigeectl. Use the following command:
    ls service-accounts/*admin*

    The result should look something like the following:

    service-accounts/hybrid-example-2-apigee-org-admin.json
  3. Create an ORG_ADMIN_ACCOUNT environment variable with the name of the key file. For example:
    export ORG_ADMIN_ACCOUNT="hybrid-example-2-apigee-org-admin.json"
  4. Execute the following commands to get a token:
    export GOOGLE_APPLICATION_CREDENTIALS=./service-accounts/$ORG_ADMIN_ACCOUNT
    export TOKEN=$(gcloud auth application-default print-access-token)
  5. Get the email address for your apigee-synchronizer service account with the following command:
    gcloud iam service-accounts list --filter "apigee-synchronizer"

    If it matches the pattern apigee-synchronizer$ORG_NAME.iam.gserviceaccount.com, you can use that pattern in the next step.

  6. Call the setSyncAuthorization API to enable the required permissions for Synchronizer using the following command:
    curl -X POST -H "Authorization: Bearer $TOKEN" \
      -H "Content-Type:application/json" \
      "https://apigee.googleapis.com/v1/organizations/$ORG_NAME:setSyncAuthorization" \
       -d '{"identities":["'"serviceAccount:apigee-synchronizer@$ORG_NAME.iam.gserviceaccount.com"'"]}'
    

    Where:

    • $ORG_NAME: The name of your hybrid organization.
    • apigee-synchronizer$ORG_NAME.iam.gserviceaccount.com: The email address of the apigee-syncnronizer service account.
  7. To verify that the service account was set, use the following command to call the API to get a list of service accounts:
    curl -X POST -H "Authorization: Bearer $TOKEN" \
      -H "Content-Type:application/json" \
      "https://apigee.googleapis.com/v1/organizations/$ORG_NAME:getSyncAuthorization" \
       -d ''
    

    The output looks similar to the following:

    {
       "identities":[
          "serviceAccount:my-synchronizer-manager-service_account@my_project_id.iam.gserviceaccount.com"
       ],
       "etag":"BwWJgyS8I4w="
    }

Enable Apigee Connect

Apigee Connect manages communication between the Apigee management plane and MART in the runtime plane. For more information see Using Apigee Connect.

To enable Apigee Connect, do the following steps:

  1. On the command line, get your gcloud authentication credentials, as the following example shows:

    TOKEN=$(gcloud auth print-access-token)

    To check that your token was populated, use echo, as the following example shows:

    echo $TOKEN

    This should display your token as an encoded string.

    For more information, see gcloud command-line tool overview.

  2. Use the following command to see if Apigee Connect is enabled for your organization.
    curl -H "Authorization: Bearer $TOKEN" \
      "https://apigee.googleapis.com/v1/organizations/$ORG_NAME"

    Where $ORG_NAME is the ID of your organization.

    If the output contains the following:

          "name" : "features.mart.connect.enabled",
          "value" : "true"

    Apigee Connect is enabled and you can skip the rest of this section.

  3. Enable Apigee Connect with the following command:
    curl -H "Authorization: Bearer $TOKEN" -X PUT \
      -H "Content-Type: application/json" \
      -d '{
        "name" : "'"$ORG_NAME"'",
        "properties" : {
          "property" : [ {
            "name" : "features.hybrid.enabled",
            "value" : "true"
          }, {
            "name" : "features.mart.connect.enabled",
            "value" : "true"
          } ]
        }
      }' \
      "https://apigee.googleapis.com/v1/organizations/$ORG_NAME"
    

    If the output contains the following properties, Apigee Connect was successfully enabled:

          {
            "name": "features.mart.connect.enabled",
            "value": "true"
          },
          {
            "name": "features.hybrid.enabled",
            "value": "true"
          }
    

    The output should look something like the following:

    {
      "name": "hybrid-example-2",
      "createdAt": "1594409699772",
      "lastModifiedAt": "1594776283697",
      "environments": [
        "example-env"
      ],
      "properties": {
        "property": [
          {
            "name": "features.mart.connect.enabled",
            "value": "true"
          },
          {
            "name": "features.hybrid.enabled",
            "value": "true"
          }
        ]
      },
      "analyticsRegion": "us-central1",
      "runtimeType": "HYBRID",
      "subscriptionType": "TRIAL"
    }