Configuration property reference

This section lists all of the configuration properties that you can use to customize the runtime plane of your Apigee hybrid deployment.

Top-level properties

The following table describes the top-level properties in the overrides.yaml file. These are properties that do not belong to another object, and apply at the org or environment level:

Property Description
axHashSalt

Introduced in version: 1.3.0

Default value: Your organization name

Optional

The name of a Kubernetes secret that contains a hashing salt value used to encrypt obfuscated user data sent to Apigee analytics. If you do not specify a salt value, your organization name is used by default. Create the secret with the salt value as its input. You can use the same salt across multiple clusters to ensure consistent hashing results between the clusters.

contractProvider Introduced in version: 1.0.0

Default value: https://apigee.googleapis.com

Defines the API path for all APIs in your installation.

gcpProjectID Deprecated: For v1.2.0 and later, use gcp.projectID instead.

Introduced in version: 1.0.0

Default value: none

Required

ID of your Google Cloud project. Works with k8sClusterName (deprecated) and gcpRegion (deprecated) to identify the project and determine where the apigee-logger and the apigee-metrics push their data.

gcpRegion Deprecated: For v1.2.0 and later, use gcp.region instead.

Introduced in version: 1.0.0

Default value: us-central1

Required

The closet Google Cloud region or zone of your Kubernetes cluster. Works with gcpProjectID (deprecated) and k8sClusterName (deprecated) to identify the project and determine where the apigee-logger and the apigee-metrics push their data.

imagePullSecrets.name Introduced in version: 1.0.0

Default value: None

Kubernetes secret name configured as docker-registry type; used to pull images from private repo.

k8sClusterName Deprecated: For v1.2.0 and later, use k8sCluster.name and k8sCluster.region instead.

Introduced in version: 1.0.0

Default value: None

Name of the Kubernetes (K8S) procluster where your hybrid project is running. Works with gcpProjectID (deprecated) and gcpRegion (deprecated) to identify the project and determine where the apigee-logger and the apigee-metrics push their data.

kmsEncryptionKey Introduced in version: 1.0.0

Default value: defaults.org.kmsEncryptionKey

Optional. Use only one of kmsEncryptionKey or kmsEncryptionPath or kmsEncryptionSecret.

Local file system path for the Apigee KMS data's encryption key.

kmsEncryptionPath Introduced in version: 1.2.0

Default value: None

Optional. Use only one of kmsEncryptionKey or kmsEncryptionPath or kmsEncryptionSecret.

The path to a file containing a base64-encoded encryption key. See Data encryption.

kmsEncryptionSecret.key Introduced in version: 1.2.0

Default value: None

Optional. Use only one of kmsEncryptionKey or kmsEncryptionPath or kmsEncryptionSecret.

The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.

kmsEncryptionSecret.name Introduced in version: 1.2.0

Default value: None

Optional. Use only one of kmsEncryptionKey or kmsEncryptionPath or kmsEncryptionSecret.

The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.

kvmEncryptionKey Introduced in version: 1.0.0

Default value: defaults.org.kmsEncryptionKey

Optional. Use only one of kvmEncryptionKey or kvmEncryptionPath or kvmEncryptionSecret.

Local file system path for the Apigee KVM data's encryption key.

kvmEncryptionPath Introduced in version: 1.2.0

Default value: None

Optional. Use only one of kvmEncryptionKey or kvmEncryptionPath or kvmEncryptionSecret.

The path to a file containing a base64-encoded encryption key. See Data encryption.

kvmEncryptionSecret.key Introduced in version: 1.2.0

Default value: None

Optional. Use only one of kvmEncryptionKey or kvmEncryptionPath or kvmEncryptionSecret.

The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.

kvmEncryptionSecret.name Introduced in version: 1.2.0

Default value: None

Optional. Use only one of kvmEncryptionKey or kvmEncryptionPath or kvmEncryptionSecret.

The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.

namespace Introduced in version: 1.0.0

Default value: apigee

The namespace of your Kubernetes cluster where the Apigee components will be installed.

org

Introduced in version: 1.0.0

Default value: None

Required

The hybrid-enabled organization that was provisioned for you by Apigee during the hybrid installation. An organization is the top-level container in Apigee. It contains all your API proxies and related resources. If the value is empty, you must update it with your org name once you have created it.

revision Introduced in version: 1.0.0

Default value: v120

Apigee hybrid supports rolling Kubernetes updates, which allow deployment updates to take place with zero downtime by incrementally updating Pod instances with new ones.

When updating certain YAML overrides that result in underlying Kubernetes PodTemplateSpec change, the revision override property must also be changed in the customer's override.yaml. This is required for the underlying Kubernetes ApigeeDeployment (AD) controller to conduct a safe rolling update of from the previous version to the new version. You can use any lowercase text value, eg: blue, a, 1.0.0

When the revision property is changed and applied, a rolling update will occur for all components

Changes to properties of the following objects require an update to revision:

For more information, see Rolling updates.

validateServiceAccounts Introduced in version: 1.0.0

Default value: true

Enables strict validation of service account permissions. This uses Cloud Resource Manager API method testIamPermissions to verify that the provided service account has the required permissions. In the case of service accounts for an Apigee Org, the project ID check is the one mapped to the Organization. For Metrics and Logger, the project checked is based on the gcpProjectID overrides.yaml configuration.

See also gcpProjectID

ao

Apigee Operators (AO) creates and updates low level Kubernetes and Istio resources that are required to deploy and maintain the ApigeeDeployment (AD). For example, the controller carries out the release of message processors. Also validates the ApigeeDeployment configuration before persisting it in Kubernetes cluster.

The following table describes the properties of the apigee-operators ao object:

Property Description
ao.image.pullPolicy Introduced in version: 1.2.0

Default value: IfNotPresent

Determines when kubelet pulls the pod's Docker image. Possible values include:

  • IfNotPresent: Do not pull a new image if it already exists.
  • Always: Always pull the image, regardless of whether it exists already.

For more information, see Updating images.

ao.image.tag Introduced in version: 1.2.0

Default value: 1.3.6

The version label for this service's Docker image.

ao.image.url Introduced in version: 1.2.0

Default value: gcr.io/apigee-release/hybrid/apigee-operators

The location of the Docker image for this service.

ao.resources.limits.cpu Introduced in version: 1.2.0

Default value: 250m

The CPU limit for the resource in a Kubernetes container, in millicores.

ao.resources.limits.memory Introduced in version: 1.2.0

Default value: 256Mi

The memory limit for the resource in a Kubernetes container, in mebibytes.

ao.resources.requests.cpu Introduced in version: 1.2.0

Default value: 250m

The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.

ao.resources.requests.memory Introduced in version: 1.2.0

Default value: 256Mi

The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.

authz

The following table describes the properties of the authz object:

Property Description
authz.image.pullPolicy Introduced in version: 1.0.0

Default value: IfNotPresent

Determines when kubelet pulls the pod's Docker image. Possible values include:

  • IfNotPresent: Do not pull a new image if it already exists.
  • Always: Always pull the image, regardless of whether it exists already.

For more information, see Updating images.

authz.image.tag Introduced in version: 1.0.0

Default value: 1.3.6

The version label for this service's Docker image.

authz.image.url Introduced in version: 1.0.0

Default value: gcr.io/apigee-release/hybrid/apigee-authn-authz

The location of the Docker image for this service.

authz.livenessProbe.failureThreshold Introduced in version: 1.0.0

Default value: 2

The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.

authz.livenessProbe.initialDelaySeconds Introduced in version: 1.0.0

Default value: 0

The number of seconds after a container is started before a liveness probe is initiated.

authz.livenessProbe.periodSeconds Introduced in version: 1.0.0

Default value: 5

Determines how often to perform a liveness probe, in seconds. The minimum value is 1.

authz.livenessProbe.timeoutSeconds Introduced in version: 1.0.0

Default value: 1

The number of seconds after which a liveness probe times out. The minimum value is 1.

authz.readinessProbe.failureThreshold Introduced in version: Beta2

Default value: 2

The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready. The minimum value is 1.

authz.readinessProbe.initialDelaySeconds Introduced in version: 1.0.0

Default value: 0

The number of seconds after a container is started before a readiness probe is initiated.

authz.readinessProbe.periodSeconds Introduced in version: 1.0.0

Default value: 5

Determines how often to perform a readiness probe, in seconds. The minimum value is 1.

authz.readinessProbe.successThreshold Introduced in version: 1.0.0

Default value: 1

The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.

authz.readinessProbe.timeoutSeconds Introduced in version: 1.0.0

Default value: 1

The number of seconds after which a liveness probe times out. The minimum value is 1.

authz.resources.requests.cpu Introduced in version: 1.0.0

Default value: 50m

The amount of CPU resources to allocate for authentication requests.

authz.resources.requests.memory Introduced in version: 1.0.0

Default value: 128Mi

The amount of memory resources to allocate for authentication requests.

cassandra

Defines the hybrid service that manages the runtime data repository. This repository stores application configurations, distributed quota counters, API keys, and OAuth tokens for applications running on the gateway.

For more information, see StorageClass configuration.

The following table describes the properties of the cassandra object:

Property Description
cassandra.annotations Introduced in version: 1.5.0

Default value: None

Optional key/value map used to annotate pods. For more information, see Custom annotations.

cassandra.auth.admin.password Introduced in version: 1.0.0

Default value: iloveapis123

Required

Password for the Cassandra administrator. The admin user is used for any administrative activities performed on the Cassandra cluster.

cassandra.auth.ddl.password Introduced in version: 1.0.0

Default value: iloveapis123

Required

Password for the Cassandra Data Definition Language (DDL) user. Used by MART for any of the data definition tasks like keyspace creation, update, and deletion.

cassandra.auth.default.password Introduced in version: 1.0.0

Default value: iloveapis123

Required

The password for the default Cassandra user created when Authentication is enabled. This password must be reset when configuring Cassandra authentication. See Configuring TLS for Cassandra.

cassandra.auth.dml.password Introduced in version: 1.0.0

Default value: iloveapis123

Required

Password for the Cassandra Data Manipulation Language (DML) user. The DML user is used by the client communication to read and write data to Cassandra.

cassandra.auth.image.pullPolicy Introduced in version: 1.0.0

Default value: IfNotPresent

Determines when kubelet pulls the pod's Docker image. Possible values include:

  • IfNotPresent: Do not pull a new image if it already exists.
  • Always: Always pull the image, regardless of whether it exists already.

For more information, see Updating images.

cassandra.auth.image.tag Introduced in version: 1.0.0

Default value: 1.3.6

The version label for this service's Docker image.

cassandra.auth.image.url Introduced in version: 1.0.0

Default value: gcr.io/apigee-release/hybrid/apigee-hybrid-cassandra-client

The location of the Docker image for this service.

cassandra.auth.jmx.password Introduced in version: 1.4.0

Default value: iloveapis123

Required

Password for the Cassandra JMX operations user. Used to authenticate and communicate with the Cassandra JMX interface.

cassandra.auth.jmx.username Introduced in version: 1.4.0

Default value: apigee

Required

Username for the Cassandra JMX operations user. Used to authenticate and communicate with the Cassandra JMX interface.

cassandra.auth.jolokia.password Introduced in version: 1.4.0

Default value: iloveapis123

Required

Password for the Cassandra Jolokia JMX operations user. Used to authenticate and communicate with the Cassandra JMX API.

cassandra.auth.jolokia.username Introduced in version: 1.4.0

Default value: apigee

Required

Username for the Cassandra Jolokia JMX operations user. Used to authenticate and communicate with the Cassandra JMX API.

cassandra.auth.secret Introduced in version: 1.3.3

Default value: None

The name of a file stored in a Kubernetes secret that contains the TLS certificate and private key. You must create the secret using the TLS certificate and key data as its input.

See also:

cassandra.backup.cloudProvider Introduced in version: 1.0.0

Default value: GCP

Required if backup is enabled.

Cloud provider for backup storage.

You can set the value to either GCP or HYBRID. Set the value to GCP if you want to store the backup on Google Cloud Storage, and HYBRID if you want to store the backup on a remote server.

cassandra.backup.dbStorageBucket Introduced in version: 1.0.0

Default value: None

Required if backup is enabled.

Cloud storage bucket for the backup data.

cassandra.backup.enabled Introduced in version: 1.0.0

Default value: false

Data backup is not enabled by default. To enable, set to true.

See Cassandra backup and recovery.

cassandra.backup.image.pullPolicy Introduced in version: 1.0.0

Default value: IfNotPresent

Determines when kubelet pulls the pod's Docker image. Possible values include:

  • IfNotPresent: Do not pull a new image if it already exists.
  • Always: Always pull the image, regardless of whether it exists already.

For more information, see Updating images.

cassandra.backup.image.tag Introduced in version: 1.0.0

Default value: 1.3.6

The version label for this service's Docker image.

cassandra.backup.image.url Introduced in version: 1.0.0

Default value: gcr.io/apigee-release/hybrid/apigee-cassandra-backup-utility

The location of the Docker image for this service.

cassandra.backup.schedule Introduced in version: 1.0.0

Default value: 0 2 * * *

The schedule for the cron job.

See Cassandra backup and recovery.

cassandra.backup.serviceAccountPath Introduced in version: 1.0.0

Default value: None

One of either backup.serviceAccountPath or backup.serviceAccountRef is required if backup is enabled.

Path to Google Service Account key file with Storage Object Admin role.

cassandra.backup.serviceAccountRef Introduced in version: 1.2.0

Default value: None

One of either backup.serviceAccountPath or backup.serviceAccountRef is required if backup is enabled.

cassandra.clusterName Introduced in version: 1.0.0

Default value: apigeecluster

Specifies the name of the Cassandra cluster.

cassandra.datacenter Introduced in version: 1.0.0

Default value: dc-1

Specifies the datacenter of the Cassandra node.

cassandra.dnsPolicy Introduced in version: 1.1.1

Default value: None

When you set hostNetwork to true, the DNS policy is set to ClusterFirstWithHostNet for you.

cassandra.externalSeedHost Introduced in version: 1.0.0

Default value: None

Hostname or IP of a Cassandra cluster node. If not set, the Kubernetes local service is used.

cassandra.heapNewSize Introduced in version: 1.0.0

Default value: 100M

The amount of JVM system memory allocated to newer objects, in megabytes.

cassandra.hostNetwork Introduced in version: 1.1.1

Default value: false

Enables the Kubernetes hostNetwork feature. Apigee uses this feature in multi-region installations to communicate between pods if the pod network namespace does not have connectivity betweem clusters (the clusters are running in "island network mode"), which is the default case in non-GKE installations, including GKE on-prem, GKE on AWS, Anthos on bare metal, AKS, EKS, and OpenShift.

Set cassandra.hostNetwork to false for single region installations and multi-region installations with connectivity between pods in different clusters, for example GKE installations.

Set cassandra.hostNetwork to true for multi-region installations with no communication between between pods in different clusters, for example GKE On-prem, GKE on AWS, Anthos on bare metal, AKS, EKS, and OpenShift installations. See Multi-region deployment: Prerequisites.

When true, DNS policy is automatically set to ClusterFirstWithHostNet.

cassandra.image.pullPolicy Introduced in version: 1.0.0

Default value: IfNotPresent

Determines when kubelet pulls the pod's Docker image. Possible values include:

  • IfNotPresent: Do not pull a new image if it already exists.
  • Always: Always pull the image, regardless of whether it exists already.

For more information, see Updating images.

cassandra.image.tag Introduced in version: 1.0.0

Default value: 1.3.6

The version label for this service's Docker image.

cassandra.image.url Introduced in version: 1.0.0

Default value: googgcr.io/apigee-releasele/apigee-hybrid-cassandra

The location of the Docker image for this service.

cassandra.maxHeapSize Introduced in version: 1.0.0

Default value: 512M

The upper limit of JVM system memory available for Cassandra operations, in megabytes.

cassandra.multiRegionSeedHost Introduced in version: 1.0.0

Default value: None

IP address of an existing Cassandra cluster used to expand the existing cluster to a new region. See Configure the multi-region seed host.

cassandra.nodeSelector.key Introduced in version: 1.0.0

Default value: None

Required

Node selector label key used to target dedicated Kubernetes nodes for cassandra data services.

See Configuring dedicated node pools.

cassandra.nodeSelector.value Introduced in version: 1.0.0

Default value: None

Optional node selector label value used to target dedicated Kubernetes nodes for cassandra data services and override the nodeSelector.apigeeData settings.

See nodeSelector.

cassandra.port Introduced in version: 1.0.0

Default value: 9042

Port number used to connect to cassandra.

cassandra.rack Introduced in version: 1.0.0

Default value: ra-1

Specifies the rack of the Cassandra node.

cassandra.readinessProbe.failureThreshold Introduced in version: 1.0.0

Default value: 2

The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready. The minimum value is 1.

cassandra.readinessProbe.initialDelaySeconds Introduced in version: 1.0.0

Default value: 0

The number of seconds after a container is started before a readiness probe is initiated.

cassandra.readinessProbe.periodSeconds Introduced in version: 1.0.0

Default value: 10

Determines how often to perform a readiness probe, in seconds. The minimum value is 1.

cassandra.readinessProbe.successThreshold Introduced in version: 1.0.0

Default value: 1

The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.

cassandra.readinessProbe.timeoutSeconds Introduced in version: 1.0.0

Default value: 5

The number of seconds after which a liveness probe times out. The minimum value is 1.

cassandra.replicaCount Introduced in version: 1.0.0

Default value: 1

Cassandra is a replicated database. This property specifies the number of Cassandra nodes employed as a StatefulSet.

cassandra.resources.requests.cpu Introduced in version: 1.0.0

Default value: 500m

The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.

cassandra.resources.requests.memory Introduced in version: 1.0.0

Default value: 1Gi

The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.

cassandra.restore.cloudProvider Introduced in version: 1.0.0

Default value: GCP

Required if restore is enabled.

Cloud provider for backup storage.

cassandra.restore.dbStorageBucket Introduced in version: 1.0.0

Default value: None

Required if restore is enabled.

Cloud storage bucket for the backup data to restore.

cassandra.restore.enabled Introduced in version: 1.0.0

Default value: false

cassandra.restore.image.pullPolicy Introduced in version: 1.0.0

Default value: IfNotPresent

Determines when kubelet pulls the pod's Docker image. Possible values include:

  • IfNotPresent: Do not pull a new image if it already exists.
  • Always: Always pull the image, regardless of whether it exists already.

For more information, see Updating images.

cassandra.restore.image.tag Introduced in version: 1.0.0

Default value: 1.3.6

The version label for this service's Docker image.

cassandra.restore.image.url Introduced in version: 1.0.0

Default value: gcr.io/apigee-release/hybrid/apigee-cassandra-backup-utility

The location of the Docker image for this service.

cassandra.restore.serviceAccountPath Introduced in version: 1.0.0

Default value: None

One of either restore.serviceAccountPath or restore.serviceAccountRef is required if restore is enabled.

Path to Google Service Account key file with Storage Object Admin role.

cassandra.restore.serviceAccountRef Introduced in version: 1.2.0

Default value: None

One of either restore.serviceAccountPath or restore.serviceAccountRef is required if restore is enabled.

cassandra.restore.snapshotTimestamp Introduced in version: 1.0.0

Default value: None

Required if restore is enabled.

Timestamp of the backup that should be restored.

cassandra.restore.user Introduced in version: 1.0.0

Default value: admin account

Cassandra username used for schema backup restoration. If not specified, the admin user will be used.

cassandra.sslCertPath Introduced in version: 1.2.0

Default value: None

The path on your system to a TLS certificate file.

cassandra.sslKeyPath Introduced in version: 1.2.0

Default value: None

The path on your system to the TLS private key file.

cassandra.sslRootCAPath Introduced in version: 1.2.0

Default value: None

The certificate chain to the root CA (certificate authority).

cassandra.storage.capacity Introduced in version: 1.0.0

Default value: 50Gi

Required if storage.storageClass is specified

Specifies the disk size required, in mebibytes.

cassandra.storage.storageClass Introduced in version: 1.0.0

Default value: None

Specifies the class of on-prem storage being used.

cassandra.terminationGracePeriodSeconds Introduced in version: 1.0.0

Default value: 300

The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.

connectAgent

Apigee Connect allows the Apigee hybrid management plane to connect securely to the MART service in the runtime plane without requiring you to expose the MART endpoint on the internet.

See Apigee Connect.

The following table describes the properties of the connectAgent object:

Property Description
connectAgent.annotations Introduced in version: 1.5.0

Default value: None

Optional key/value map used to annotate pods. For more information, see Custom annotations.

connectAgent.enabled Introduced in version: 1.2.0

Default value: false

Is this installation using Apigee Connect instead of Istio ingress for mart? True or False.

See Apigee Connect.

connectAgent.server Introduced in version: 1.2.0

Default value: apigeeconnect.googleapis.com:443

The location of the server and port for this service.

connectAgent.logLevel Introduced in version: 1.2.0

Default value: INFO

The level of log reporting. Values can be:

  • INFO: Informational messages in addition to warning, error, and fatal messages. Most useful for debugging.
  • WARNING: Non-fatal warnings in addition to error and fatal messages.
  • ERROR: Internal errors and errors that are not returned to the user in addition to fatal messages.
  • FATAL: Unrecoverable errors and events that cause Apigee Connect to crash.
connectAgent.image.pullPolicy Introduced in version: 1.2.0

Default value: IfNotPresent

Determines when kubelet pulls the pod's Docker image. Possible values include:

  • IfNotPresent: Do not pull a new image if it already exists.
  • Always: Always pull the image, regardless of whether it exists already.

For more information, see Updating images.

connectAgent.image.tag Introduced in version: 1.2.0

Default value: 1.3.6

The version label for this service's Docker image.

connectAgent.image.url Introduced in version: 1.2.0

Default value: gcr.io/apigee-release/hybrid/apigee-connect-agent

The location of the Docker image for this service. Check the values.yaml file for the specific URL.

connectAgent.replicaCountMax Introduced in version: 1.2.0

Default value: 5

Maximum number of replicas available for autoscaling.

connectAgent.replicaCountMin Introduced in version: 1.2.0

Default value: 1

Minimum number of replicas available for autoscaling.

In production, you may want to increase replicaCountMin to 3, to have a greater number of connections to the control plane for reliability and scalability.

connectAgent.resources.requests.cpu Introduced in version: 1.0.0

Default value: 100m

The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.

connectAgent.resources.requests.memory Introduced in version: 1.0.0

Default value: 30Mi

The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.

connectAgent.targetCPUUtilizationPercentage Introduced in version: 1.2.0

Default value: 75

Target CPU utilization for the Apigee Connect agent on the pod. The value of this field enables Apigee Connect to auto-scale when CPU utilization reaches this value, up to replicaCountMax.

connectAgent.terminationGracePeriodSeconds Introduced in version: 1.2.0

Default value: 600

The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.

defaults

The Default encryption keys for the Apigee hybrid installation.

The following table describes the properties of the defaults object:

Property Description
defaults.org.kmsEncryptionKey Introduced in version: 1.0.0

Default value: aWxvdmVhcGlzMTIzNDU2Nw==

Default encryption key for the org in KMS.

defaults.org.kvmEncryptionKey Introduced in version: 1.0.0

Default value: aWxvdmVhcGlzMTIzNDU2Nw==

Default encryption key for the org in KVM.

defaults.env.kmsEncryptionKey Introduced in version: 1.0.0

Default value: aWxvdmVhcGlzMTIzNDU2Nw==

Default encryption key for the environment (env) in KMS.

defaults.env.kvmEncryptionKey Introduced in version: 1.0.0

Default value: aWxvdmVhcGlzMTIzNDU2Nw==

Default encryption key for the environment (env) in KVM.

defaults.env.cacheEncryptionKey Introduced in version: 1.0.0

Default value: aWxvdmVhcGlzMTIzNDU2Nw==

Default cache encryption key for the environment (env).

diagnostic

The settings for the Diagnostic collector tool.

See Using the Diagnostic collector

The following table describes the properties of the diagnostic object:

Property Description
diagnostic.bucket Introduced in version: 1.6.0

Default value: None

Required

The name of the Google Cloud storage bucket where your diagnostic data will be deposited.

See Creating storage buckets.

diagnostic.container Introduced in version: 1.6.0

Default value: None

Required

This specifies which type of pod you are capturing data from. The values can be one of:

  • "apigee-cassandra" captures data about the Cassandra databgase. The istio-cassandra pods runs in the apigee namespace.
  • "apigee-mart-server" captures data about MART. The apigee-mart-server pods runs in the apigee namespace.
  • "apigee-runtime" captures data about the Message Processor. The apigee-runtime pods runs in the apigee namespace.
  • "apigee-synchronizer" captures data about the Synchronizer. The apigee-synchronizer pods runs in the apigee namespace.
  • "apigee-udca" captures data about UDCA. The apigee-udca pods runs in the apigee namespace.
  • "apigee-watcher" captures data about Watcher. The apigee-watcher pods runs in the apigee namespace.
  • "istio-proxy" captures data about the Istio ingress gateway. The istio-proxy pods runs in the istio-system namespace.
diagnostic.loggingDetails.logDuration Introduced in version: 1.6.0

Default value: None

Required if the diagnostic collection operation is "LOGGING" (set with operation: "LOGGING")

The duration in milliseconds of the log data collected. A typical value is 30000.

See diagnostic.operation

diagnostic.loggingDetails.loggerNames[] Introduced in version: 1.6.0

Default value: None

Required if the diagnostic collection operation is "LOGGING" (set with operation: "LOGGING")

Specifies by name which loggers to collect data from. For Apigee hybrid version 1.6.0, the only value supported is ALL, meaning all loggers. For example:

diagnostic:
 loggingDetails:
   loggerNames:
   - ALL
diagnostic.loggingDetails.logLevel Introduced in version: 1.6.0

Default value: None

Required if the diagnostic collection operation is "LOGGING" (set with operation: "LOGGING")

Specifies the granularity of the logging data to collect. In Apigee hybrid 1.6, Only FINE is supported.

diagnostic.namespace Introduced in version: 1.6.0

Default value: None

Required

The Kubernetes namespace in which the pods you are collecting data on reside. The namespace must be the correct one for the container you specify with diagnostic.container:

apigee for

  • apigee-runtime
  • apigee-synchronizer
  • apigee-udca
  • apigee-watcher
  • apigee-cassandra
  • apigee-mart-server

istio-system for

  • istio-proxy
diagnostic.operation Introduced in version: 1.6.0

Default value: None

Required

Specifies whether to collect all statistics or just logs.

Values are:

diagnostic.podNames[] Introduced in version: 1.6.0

Default value: None

Required

The names of the Kubernetes pods for which you are collecting data. For example:

diagnostic:
 podNames:
 - apigee-runtime-eng-hybrid-example-3b2ebf3-150-8vfoj-2wcjn
 - apigee-runtime-eng-hybrid-example-3b2ebf3-150-8vfoj-6xzn2
diagnostic.serviceAccountPath Introduced in version: 1.6.0

Default value: None

Required

The path to a service account key file (.json) for the service account with the Storage Admin role (roles/storage.admin).

See:

diagnostic.tcpDumpDetails.maxMsgs Introduced in version: 1.6.0

Default value: None

One of either diagnostic.tcpDumpDetails.maxMsgs or diagnostic.tcpDumpDetails.timeoutInSeconds is Required if you are using diagnostic.tcpDumpDetails.

Sets the maximum number of tcpDump messages to collect. Apigee recommends a maximum value no greater than 1000.

diagnostic.tcpDumpDetails.timeoutInSeconds Introduced in version: 1.6.0

Default value: None

One of either diagnostic.tcpDumpDetails.maxMsgs or diagnostic.tcpDumpDetails.timeoutInSeconds is Required if you are using diagnostic.tcpDumpDetails.

Sets the amount of time in seconds to wait for tcpDump to return messages.

diagnostic.threadDumpDetails.delayInSeconds Introduced in version: 1.6.0

Default value: None

Both diagnostic.threadDumpDetails.delayInSeconds and diagnostic.threadDumpDetails.iterations are Required if you are using diagnostic.threadDumpDetails.

The delay in seconds between collecting each thread dump.

diagnostic.threadDumpDetails.iterations Introduced in version: 1.6.0

Default value: None

Both diagnostic.threadDumpDetails.delayInSeconds and diagnostic.threadDumpDetails.iterations are Required if you are using diagnostic.threadDumpDetails.

The number of jstack thread dump iterations to collect.

envs

Defines an array of environments to which you can deploy your API proxies. Each environment provides an isolated context or sandbox for running API proxies.

Your hybrid-enabled organization must have at least one environment.

For more information, see About environments.

The following table describes the properties of the envs object:

Property Description
envs[].cacheEncryptionKey Introduced in version: 1.0.0

Default value: None

One of either cacheEncryptionKey, cacheEncryptionPath, or cacheEncryptionSecret is required.

A base64-encoded encryption key. See Data encryption.

envs[].cacheEncryptionPath Introduced in version: 1.2.0

Default value: None

One of either cacheEncryptionKey, cacheEncryptionPath, or cacheEncryptionSecret is required.

The path to a file containing a base64-encoded encryption key. See Data encryption.

envs[].cacheEncryptionSecret.key Introduced in version: 1.2.0

Default value: None

One of either cacheEncryptionKey, cacheEncryptionPath, or cacheEncryptionSecret is required.

The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.

envs[].cacheEncryptionSecret.name Introduced in version: 1.2.0

Default value: None

One of either cacheEncryptionKey, or cacheEncryptionPath, or cacheEncryptionSecret is required.

The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.

envs[].hostAliases[] Introduced in version: 1.2.0

Default value: None

Deprecated: Starting in Hybrid version 1.4 the runtime plane receives this information from the management plane. See About environments and environment groups.

envs[].httpProxy.host Introduced in version: 1.2.0

Default value: None

Specifies the host name or IP address where the HTTP proxy is running.

List httpProxy properties in the order scheme, host, port. For example:

envs:
  - name: test
    httpProxy:
      scheme: HTTP
      host: 10.12.0.47
      port: 3128
      ...

See also: Configure forward proxying for API proxies.

envs[].httpProxy.port Introduced in version: 1.2.0

Default value: None

Specifies the port on which the HTTP proxy is running. If this property is omitted, by default it uses port 80 for HTTP and port 443 for HTTPS.

envs[].httpProxy.scheme Introduced in version: 1.2.0

Default value: None

Specifies the type of the HTTP proxy as HTTP or HTTPS. By default, it uses "HTTP".

envs[].httpProxy.username Introduced in version: 1.2.0

Default value: None

If the HTTP proxy requires basic authentication, then use this property to provide a username.

envs[].httpProxy.password Introduced in version: 1.2.0

Default value: None

If the HTTP proxy requires basic authentication, then use this property to provide a password.

envs[].name Introduced in version: 1.0.0

Default value: None

Required

Apigee environment name to be synchronized.

envs[].pollInterval Introduced in version: 1.0.0

Default value: None

Interval used for polling organization and environment synchronization changes, in seconds.

envs[].port Introduced in version: 1.0.0

Default value: None

TCP port number for HTTPS traffic.

envs[].serviceAccountPaths.runtime Introduced in version: 1.4.0

Default value: None

Path to file on local system to a Google Service Account key with the Cloud Trace Agent role, usually the apigee-runtime service account. See the About service accounts for the default names of the service accounts and their assigned roles.

envs[].serviceAccountPaths.synchronizer Introduced in version: 1.0

Default value: None

Path to file on local system to a Google Service Account key with the Apigee Synchronizer Manager role.

envs[].serviceAccountPaths.udca Introduced in version: 1.0

Default value: None

Path to file on local system to a Google Service Account key with the Apigee Analytic Agent role.

envs[].serviceAccountSecretRefs.runtime Introduced in version: 1.4.0

Default value: None

The name of a Kubernetes secret. You must create the secret using a Google Service Account key with the Cloud Trace Agent role as its input.

envs[].serviceAccountSecretRefs.synchronizer Introduced in version: 1.2.0

Default value: None

The name of a Kubernetes secret. You must create the secret using a Google Service Account key with the Apigee Synchronizer Manager role as its input.

envs[].serviceAccountSecretRefs.udca Introduced in version: 1.2.0

Default value: None

The name of a Kubernetes secret. You must create the secret using a Google Service Account key with the Apigee Analytic Agent role as its input.

envs[].sslCertPath Introduced in version: 1.2.0

Default value: None

Either sslCertPath/sslKeyPath or sslSecret is required.

The path on your system to a TLS certificate file.

envs[].sslKeyPath Introduced in version: 1.2.0

Default value: None

Either sslCertPath/sslKeyPath or sslSecret is required.

The path on your system to the TLS private key file.

envs[].sslSecret Introduced in version: 1.2.0

Default value: None

Either sslCertPath/sslKeyPath or sslSecret is required.

The name of a file stored in a Kubernetes secret that contains the TLS certificate and private key. You must create the secret using the TLS certificate and key data as its input.

See also:

gcp

Identifies the Google Cloud project ID and region where the apigee-logger and the apigee-metrics push their data.

The following table describes the properties of the gcp object:

Property Description
gcp.region Introduced in version: 1.2.0

Default value: None

Required

Identifies the Google Cloud region where the apigee-logger and the apigee-metrics push their data.

gcp.projectID Introduced in version: 1.2.0

Default value: None

Required

Identifies the Google Cloud project where apigee-logger and the apigee-metrics push their data.

gcp.projectIDRuntime Introduced in version: 1.2.0

Default value: None

Identifies the runtime Kubernetes cluster project.

The projectIDRuntime property is optional. If not used, it is assumed that the projectID value is used for both the Apigee organization's Google Cloud project and the runtime K8S cluster's project.

httpProxy

httpProxy provides configuration parameters for an HTTP forward proxy server. When configured in overrides.yaml, all internet communication for the MART, Synchronizer, and UDCA components pass through the proxy server.

See also: logger, mart, metrics, synchronizer, and udca.

The following table describes the properties of the httpProxy object:

Property Description
httpProxy.host Introduced in version: 1.1.1

Default value: None

The hostname of the HTTP Proxy.

httpProxy.port Introduced in version: 1.1.1

Default value: None

The port of the HTTP Proxy.

httpProxy.scheme Introduced in version: 1.1.1

Default value: HTTPS

The scheme used by the proxy. Values can be HTTP or HTTPS. Values must be uppercase only.

k8sCluster

Identifies Kubernetes cluster where the hybrid runtime is installed.

The following table describes the properties of the k8sCluster object:

Property Description
k8sCluster.name Introduced in version: 1.2.0

Default value: None

The name of the Kubernetes cluster where the hybrid runtime is installed.

k8sCluster.region Introduced in version: 1.2.0

Default value: None

Identifies the Google Cloud region in which your Kubernetes cluster was created.

kubeRBACProxy

Identifies where Apigee should look for Kubernetes role-based access controls.

The following table describes the properties of the kubeRBACProxy object:

Property Description
kubeRBACProxy.image.pullPolicy Introduced in version: 1.2.0

Default value: IfNotPresent

Determines when kubelet pulls the pod's Docker image. Possible values include:

  • IfNotPresent: Do not pull a new image if it already exists.
  • Always: Always pull the image, regardless of whether it exists already.

For more information, see Updating images.

kubeRBACProxy.image.tag Introduced in version: 1.2.0

Default value: v0.11.0

The version label for this service's Docker image.

kubeRBACProxy.image.url Introduced in version: 1.2.0

Default value: gcr.io/apigee-release/hybrid/apigee-kube-rbac-proxy

The location of the Docker image for this service.

If you do not want to use the Google Docker Hub, download the images and use the address where your docker images are hosted internally.

logger

Defines the service that manages operational logs. All of the Apigee hybrid services that run in your Kubernetes cluster output this information.

For more information, see Logging overview.

The following table describes the properties of the logger object:

Property Description
logger.annotations Introduced in version: 1.5.0

Default value: None

Optional key/value map used to annotate pods. For more information, see Custom annotations.

logger.enabled Introduced in version: 1.0.0

Default value: false

Enables or disables logging on the cluster. For non-GKE set to true, for Anthos or GKE set to false.

logger.fluentd.buffer_chunk_limit Introduced in version: 1.0.0

Default value: 512k

The maximum size of a buffer chunk allowed, in kilobytes. Chunks exceeding the limit will be flushed to the output queue automatically.

logger.fluentd.buffer_queue_limit Introduced in version: 1.0.0

Default value: 6

The maximum length of the output queue. The default limit is 256 chunks.

logger.fluentd.flush_interval Introduced in version: 1.0.0

Default value: 5s

The interval to wait before invoking the next buffer flush, in seconds.

logger.fluentd.max_retry_wait Introduced in version: 1.0.0

Default value: 30

The maximum interval between write retries, in seconds.

logger.fluentd.num_threads Introduced in version: 1.0.0

Default value: 2

The number of threads used to flush the buffer. The default is 1.

logger.image.pullPolicy Introduced in version: 1.0.0

Default value: IfNotPresent

Determines when kubelet pulls the pod's Docker image. Possible values include:

  • IfNotPresent: Do not pull a new image if it already exists.
  • Always: Always pull the image, regardless of whether it exists already.

For more information, see Updating images.

logger.image.tag Introduced in version: 1.0.0

Default value: 1.8.9

The version label for this service's Docker image.

logger.image.url Introduced in version: 1.0.0

Default value: gcr.io/apigee-release/hybrid/apigee-stackdriver-logging-agent

The location of the Docker image for this service.

logger.livenessProbe.failureThreshold Introduced in version: 1.0.0

Default value: 3

The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.

logger.livenessProbe.initialDelaySeconds Introduced in version: 1.0.0

Default value: 0

The number of seconds after a container is started before a liveness probe is initiated.

logger.livenessProbe.periodSeconds Introduced in version: 1.0.0

Default value: 60

Determines how often to perform a liveness probe, in seconds. The minimum value is 1.

logger.livenessProbe.successThreshold Introduced in version: 1.0.0

Default value: 1

The minimum consecutive successes needed for a liveness probe to be considered successful after a failure. The minimum value is 1.

logger.livenessProbe.timeoutSeconds Introduced in version: 1.0.0

Default value: 1

The number of seconds after which a liveness probe times out. The minimum value is 1.

logger.nodeSelector.key Introduced in version: 1.0.0

Default value: apigee.com/apigee-logger-enabled

Required

Node selector label key used to target dedicated Kubernetes nodes for logger runtime services.

See Configuring dedicated node pools.

logger.nodeSelector.value Introduced in version: 1.0.0

Default value: true

Required

Node selector label value used to target dedicated Kubernetes nodes for logger runtime services.

See Configuring dedicated node pools.

logger.proxyURL Introduced in version: 1.0.0

Default value: None

URL of the customer's proxy server.

logger.resources.limits.memory Introduced in version: 1.0.0

Default value: 500Mi

The memory limit for the resource in a Kubernetes container, in mebibytes.

logger.resources.limits.cpu Introduced in version: 1.0.0

Default value: 200m

The CPU limit for the resource in a Kubernetes container, in millicores.

logger.resources.requests.cpu Introduced in version: 1.0.0

Default value: 100m

The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.

logger.resources.requests.memory Introduced in version: 1.0.0

Default value: 250Mi

The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.

logger.serviceAccountPath Introduced in version: 1.0.0

Default value: None

One of either serviceAccountPath or serviceAccountRef is required.

Path to Google Service Account key file with Logs Writer role.

logger.serviceAccountRef Introduced in version: 1.2.0

Default value: None

One of either serviceAccountPath or serviceAccountRef is required.

logger.terminationGracePeriodSeconds Introduced in version: 1.0.0

Default value: 30

The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.

mart

Defines the MART (Management API for RunTime data) service, which acts as an API provider for public Apigee APIs so that you can access and manage runtime data entities such as KMS (API Keys and OAuth tokens), KVM, Quota, and API products.

The following table describes the properties of the mart object:

Property Description
mart.annotations Introduced in version: 1.5.0

Default value: None

Optional key/value map used to annotate pods. For more information, see Custom annotations.

mart.hostAlias Introduced in version: 1.0.0

Default value: None

The host alias pointing to the MART object. You can set this property to * or a fully-qualified domain name.

mart.image.pullPolicy Introduced in version: 1.0.0

Default value: IfNotPresent

Determines when kubelet pulls the pod's Docker image. Possible values include:

  • IfNotPresent: Do not pull a new image if it already exists.
  • Always: Always pull the image, regardless of whether it exists already.

For more information, see Updating images.

mart.image.tag Introduced in version: 1.0.0

Default value: 1.3.6

The version label for this service's Docker image.

mart.image.url Introduced in version: 1.0.0

Default value: gcr.io/apigee-release/hybrid/apigee-mart-server

The location of the Docker image for this service. Check the values.yaml file for the specific URL.You can override this.

mart.initCheckCF.resources.requests.cpu Introduced in version: 1.0.0

Default value: 10m

The amount of CPU resources allocated to the initialization check of the Cloud Foundry process.

mart.livenessProbe.failureThreshold Introduced in version: 1.0.0

Default value: 12

The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.

mart.livenessProbe.initialDelaySeconds Introduced in version: 1.0.0

Default value: 15

The number of seconds after a container is started before a liveness probe is initiated.

mart.livenessProbe.periodSeconds Introduced in version: 1.0.0

Default value: 5

Determines how often to perform a liveness probe, in seconds. The minimum value is 1.

mart.livenessProbe.timeoutSeconds Introduced in version: 1.0.0

Default value: 1

The number of seconds after which a liveness probe times out. The minimum value is 1.

mart.metricsURL Introduced in version: 1.0.0

Default value: /v1/server/metrics

mart.nodeSelector.key Introduced in version: 1.0.0

Default value: None

Optional node selector label key for targeting Kubernetes nodes for mart runtime services. If you do not specify a key for mart.nodeselector, then your runtime uses the node specified in the nodeSelector object.

See Configuring dedicated node pools.

mart.nodeSelector.value Introduced in version: 1.0.0

Default value: None

Optional node selector label value for targeting Kubernetes nodes for mart runtime services. See also the nodeSelector object.

See Configuring dedicated node pools.

mart.readinessProbe.failureThreshold Introduced in version: 1.0.0

Default value: 2

The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready. The minimum value is 1.

mart.readinessProbe.initialDelaySeconds Introduced in version: 1.0.0

Default value: 15

The number of seconds after a container is started before a readiness probe is initiated.

mart.readinessProbe.periodSeconds Introduced in version: 1.0.0

Default value: 5

Determines how often to perform a readiness probe, in seconds. The minimum value is 1.

mart.readinessProbe.successThreshold Introduced in version: 1.0.0

Default value: 1

The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.

mart.readinessProbe.timeoutSeconds Introduced in version: 1.0.0

Default value: 1

The number of seconds after which a liveness probe times out. The minimum value is 1.

mart.replicaCountMax Introduced in version: 1.0.0

Default value: 5

Maximum number of replicas available for autoscaling.

mart.replicaCountMin Introduced in version: 1.0.0

Default value: 1

Minimum number of replicas available for autoscaling.

mart.resources.requests.cpu Introduced in version: 1.0.0

Default value: 500m

The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.

mart.resources.requests.memory Introduced in version: 1.0.0

Default value: 512Mi

The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.

mart.serviceAccountPath Introduced in version: 1.1.1

Default value: None

One of either serviceAccountPath or serviceAccountRef is required.

Path to Google Service Account key file with no role.

mart.serviceAccountRef Introduced in version: 1.2.0

Default value: None

One of either serviceAccountPath or serviceAccountRef is required.

mart.sslCertPath Introduced in version: 1.0.0

Default value: None

Either sslCertPath/sslKeyPath or sslSecret is required.

Local file system path for loading and encoding the SSL cert to a Secret.

mart.sslKeyPath Introduced in version: 1.0.0

Default value: None

Either sslCertPath/sslKeyPath or sslSecret is required.

Local file system path for loading and encoding the SSL key to a Secret.

mart.sslSecret Introduced in version: 1.2.0

Default value: None

Either sslCertPath/sslKeyPath or sslSecret is required.

The name of a file stored in a Kubernetes secret that contains the TLS certificate and private key. You must create the secret using the TLS certificate and key data as its input.

See also:

mart.targetCPUUtilizationPercentage Introduced in version: 1.0.0

Default value: 75

Target CPU utilization for the MART process on the pod. The value of this field enables MART to auto-scale when CPU utilization reaches this value, up to replicaCountMax.

mart.terminationGracePeriodSeconds Introduced in version: 1.0.0

Default value: 30

The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.

metrics

Defines the service that collects operations metrics. You can use metrics data to monitor the health of Hybrid services, to set up alerts, and so on.

For more information, see Metrics collection overview.

The following table describes the properties of the metrics object:

Property Description
metrics.aggregator.resources.requests.cpu Introduced in version: 1.4.0

Default value: 500m

The CPU needed for normal operation of the aggregator in a Kubernetes container, in millicores.

metrics.aggregator.resources.requests.memory Introduced in version: 1.4.0

Default value: 512Mi

The memory needed for normal operation of the aggregator in a Kubernetes container, in mebibytes.

metrics.aggregator.resources.limits.cpu Introduced in version: 1.4.0

Default value: 500m

The CPU limit for the aggregator resource in a Kubernetes container, in millicores.

metrics.aggregator.resources.limits.memory Introduced in version: 1.4.0

Default value: 3Gi

The memory limit for the aggregator resource in a Kubernetes container, in gibibytes.

metrics.annotations Introduced in version: 1.5.0

Default value: None

Optional key/value map used to annotate pods. For more information, see Custom annotations.

metrics.app.resources.requests.cpu Introduced in version: 1.4.0

Default value: 500m

The CPU needed for normal operation of the app in a Kubernetes container, in millicores.

metrics.app.resources.requests.memory Introduced in version: 1.4.0

Default value: 512Mi

The memory needed for normal operation of the app in a Kubernetes container, in mebibytes.

metrics.app.resources.limits.cpu Introduced in version: 1.4.0

Default value: 500m

The CPU limit for the app resource in a Kubernetes container, in millicores.

metrics.app.resources.limits.memory Introduced in version: 1.4.0

Default value: 1Gi

The memory limit for the app resource in a Kubernetes container, in gibibytes.

metrics.enabled Introduced in version: 1.0.0

Default value: true

Enables Apigee metrics. Set to true to enable metrics. Set to false to disable metrics.

metrics.nodeSelector.key Introduced in version: 1.0.0

Default value: None

Required

Node selector label key used to target dedicated Kubernetes nodes for metrics runtime services.

See Configuring dedicated node pools.

metrics.nodeSelector.value Introduced in version: 1.0.0

Default value: None

Required

Node selector label value used to target dedicated Kubernetes nodes for metrics runtime services.

See Configuring dedicated node pools.

metrics.prometheus.args.storage_tsdb_retention Introduced in version: 1.0.0

Default value: 48h

The amount of time Prometheus waits before removing old data from local storage, in hours.

metrics.prometheus.containerPort Introduced in version: 1.0.0

Default value: 9090

The port to connect to the Prometheus metrics service.

metrics.prometheus.image.pullPolicy Introduced in version: 1.0.0

Default value: IfNotPresent

Determines when kubelet pulls the pod's Docker image. Possible values include:

  • IfNotPresent: Do not pull a new image if it already exists.
  • Always: Always pull the image, regardless of whether it exists already.

For more information, see Updating images.

metrics.prometheus.image.tag Introduced in version: 1.0.0

Default value: v2.33.5

The version label for this service's Docker image.

metrics.prometheus.image.url Introduced in version: 1.0.0

Default value: gcr.io/apigee-release/hybrid/apigee-prom-prometheus

The location of the Docker image for this service.

metrics.prometheus.livenessProbe.failureThreshold Introduced in version: 1.0.0

Default value: 6

The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.

metrics.prometheus.livenessProbe.periodSeconds Introduced in version: 1.0.0

Default value: 5

Determines how often to perform a liveness probe, in seconds. The minimum value is 1.

metrics.prometheus.livenessProbe.timeoutSeconds Introduced in version: 1.0.0

Default value: 3

The number of seconds after which a liveness probe times out. The minimum value is 1.

metrics.prometheus.readinessProbe.failureThreshold Introduced in version: 1.0.0

Default value: 120

The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready. The minimum value is 1.

metrics.prometheus.readinessProbe.periodSeconds Introduced in version: 1.0.0

Default value: 5

Determines how often to perform a readiness probe, in seconds. The minimum value is 1.

metrics.prometheus.readinessProbe.timeoutSeconds Introduced in version: 1.0.0

Default value: 3

The number of seconds after which a liveness probe times out. The minimum value is 1.

metrics.prometheus.sslCertPath Introduced in version: 1.0.0

Default value: None

Required

Path to the SSL cert for the Prometheus metrics collection process. Prometheus is a tool Apigee can use for collecting and processing metrics.

See:

metrics.prometheus.sslKeyPath Introduced in version: 1.0.0

Default value: None

Required

Path to the SSL Key for the Prometheus metrics collection process. Prometheus is a tool Apigee can use for collecting and processing metrics.

See:

metrics.proxy.resources.requests.cpu Introduced in version: 1.4.0

Default value: 500m

The CPU needed for normal operation of the proxy in a Kubernetes container, in millicores.

metrics.proxy.resources.requests.memory Introduced in version: 1.4.0

Default value: 512Mi

The memory needed for normal operation of the proxy in a Kubernetes container, in mebibytes.

metrics.proxy.resources.limits.cpu Introduced in version: 1.4.0

Default value: 500m

The CPU limit for the proxy resource in a Kubernetes container, in millicores.

metrics.proxy.resources.limits.memory Introduced in version: 1.4.0

Default value: 1Gi

The memory limit for the proxy resource in a Kubernetes container, in gibibytes.

metrics.proxyURL Introduced in version: 1.0.0

Default value: None

URL for the metrics process sidecar proxy in the Kubernetes cluster.

metrics.sdSidecar.containerPort Introduced in version: 1.0.0

Default value: 9091

The port for connec