NOTE: Some aspects of this product are in Beta. The hybrid installation options are GA. To join the Beta program, reach out to your Apigee representative.

MART configuration

The Apigee Hybrid management plane must be able to reach the MART service in the runtime plane. For this reason, you must expose the MART endpoint to requests coming from outside of the cluster. The MART endpoint is a secure TLS connection. Hybrid uses an Istio ingress gateway service to expose traffic to this endpoint.

This topic explains the steps to take to expose the MART endpoint.

Adding the MART service account

MART requires a GCP service account for authentication.

  1. In the GCP setup step, Add service accounts, you created a service account with no role for MART. Locate the key file you downloaded for that service account. The file should have a .json extension.
  2. Add the key file path to the mart.serviceAccountPath property:
    ...
    mart:
      sslCertPath:
      sslKeyPath:
      hostAlias:
      serviceAccountPath: "path to a file"
    ...

    For example:

    ...
    mart:
      sslCertPath:
      sslKeyPath:
      hostAlias:
      serviceAccountPath: "your_keypath/mart-service-account.json
    ...

Adding TLS credentials and the host alias

  1. Open your overrides file.
  2. Add the mart.sslCertPath, mart.sslKeyPath, and mart.hostAlias properties. The following table describes these properties:
    Property Value
    mart.sslCertPath
    mart.sslKeyPath
    The MART certificate/key pair must be authorized by a certificate authority (CA). If you have not previously created an authorized cert/key pair, then you must do so now and enter the certificate and key filenames for the corresponding property values. If you need help generating the authorized cert/key pair, see Obtain TLS credentials: An example.
    mart.hostAlias. (Required) A qualified DNS name for the MART server endpoint. For example, foo-mart.mydomain.com.

    For example, where the host alias is a qualified domain name:

    ...
    
    mart:
      sslCertPath: path-to-file/mart-server.crt
      sslKeyPath: path-to-file/mart-server.key
      hostAlias: foo-mart.mydomain.com
      serviceAccountPath: "your_keypath/mart-service-account.json
    
    ...
    
  3. Save your changes.