Step 7: Configure the hybrid runtime

Specify configuration overrides

The Apigee hybrid installer uses defaults for many settings; however, there are a few settings that do not have defaults. You must provide values for these settings, as explained next.

  1. Be sure you are in the hybrid-base-directory/hybrid-files/overrides/ directory. 
    cd hybrid-base-directory/hybrid-files/overrides
  2. Create a new file named overrides.yaml in your favorite text editor. For example: 
    vi overrides.yaml

    The overrides.yaml provides the configuration for your unique Apigee hybrid installation. The overrides file in this step provides a basic configuration for a small-footprint hybrid runtime installation, suitable for your first installation.

  3. In overrides.yaml, add the required property values, shown below. A detailed description of each property is also provided below:

    For installations in production environments, look at the storage requirements for the Cassandra database in Configure Cassandra for production.

    Syntax

    Make sure the overrides.yaml file has the following structure and syntax. Values in red, bold italics are property values that you must provide. They are described in the table below.

    There are differences between the different platforms for the Google Cloud project region and Kubernetes cluster region. Choose the platform where you are installing Apigee hybrid. 

    gcp:
  region: analytics-region
  projectID: gcp-project-id

k8sCluster:
  name: cluster-name
  region: cluster-location # Must be the closest Google Cloud region to your cluster.
org: org-name

instanceID: "unique-instance-identifier"  # See the property description table below information about this parameter.
  
cassandra:
  hostNetwork: false
    # Set to false for single region installations and multi-region installations
    # with connectivity between pods in different clusters, for example GKE installations.
    # Set to true  for multi-region installations with no communication between
    # pods in different clusters, for example GKE On-prem, GKE on AWS, Anthos on bare metal,
    # AKS, EKS, and OpenShift installations.
    # See Multi-region deployment: Prerequisites
  storage:
    capacity: 500Gi
  resources:
    requests:
      cpu: 7
      memory: 15Gi
  maxHeapSize: 8192M
  heapNewSize: 1200M
    # Minimum storage requirements for a production environment.
    # See Configure Cassandra for production.

virtualhosts:
  - name: environment-group-name
    sslCertPath: ./certs/cert-name.pem
    sslKeyPath: ./certs/key-name.key

envs:
  - name: environment-name
    serviceAccountPaths:
      synchronizer: ./service-accounts/synchronizer-service-account-name.json
        # for non-production environments, gcp-project-id-apigee-non-prod.json
        # for production environments, gcp-project-id-apigee-synchronizer.json
      udca: ./service-accounts/udca-service-account-name.json
        # for non-production environments, gcp-project-id-apigee-non-prod.json
        # for production environments, gcp-project-id-apigee-udca.json
      runtime: ./service-accounts/runtime-service-account-name.json
        # for non-production environments, gcp-project-id-apigee-non-prod.json
        # for production environments, gcp-project-id-apigee-runtime.json

mart:
  serviceAccountPath: ./service-accounts/mart-service-account-name.json
        # for non-production environments, gcp-project-id-apigee-non-prod.json
        # for production environments, gcp-project-id-apigee-mart.json

connectAgent:
  serviceAccountPath: ./service-accounts/mart-service-account-name.json
        # for non-production environments, gcp-project-id-apigee-non-prod.json
        # for production environments, gcp-project-id-apigee-mart.json
        # Use the same service account for mart and connectAgent

metrics:
  serviceAccountPath: ./service-accounts/metrics-service-account-name.json
        # for non-production environments, gcp-project-id-apigee-non-prod.json
        # for production environments, gcp-project-id-apigee-metrics.json

udca:
  serviceAccountPath: ./service-accounts/udca-service-account-name.json
        # for non-production environments, gcp-project-id-apigee-non-prod.json
        # for production environments, gcp-project-id-apigee-udca.json

watcher:
  serviceAccountPath: ./service-accounts/watcher-service-account-name.json
        # for non-production environments, gcp-project-id-apigee-non-prod.json
        # for production environments, gcp-project-id-apigee-watcher.json

logger:
  enabled: false
        # Set to false to disable logger for GKE installations.
        # Set to true for all platforms other than GKE.
        # See apigee-logger in Service accounts and roles used by hybrid components.
  serviceAccountPath: ./service-accounts/logger-service-account-name.json
        # for non-production environments, gcp-project-id-apigee-non-prod.json
        # for production environments, gcp-project-id-apigee-logger.json

    Example

    The following example shows a completed overrides file with example property values added:

    gcp:
  region: us-central1
  projectID: hybrid-example

k8sCluster:
  name: apigee-hybrid
  region: us-central1

org: hybrid-example

instanceID: "my_hybrid_example"
  
cassandra:
  hostNetwork: false

virtualhosts:
  - name: example-env-group
    sslCertPath: ./certs/keystore.pem
    sslKeyPath: ./certs/keystore.key

envs:
  - name: test
    serviceAccountPaths:
      synchronizer: ./service-accounts/hybrid-project-apigee-non-prod.json
        # for production environments, hybrid-project-apigee-synchronizer.json
      udca: ./service-accounts/hybrid-project-apigee-non-prod.json
        # for production environments, hybrid-project-apigee-udca.json
      runtime: ./service-accounts/hybrid-project-apigee-non-prod.json
        # for production environments, hybrid-project-apigee-runtime.json

mart:
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-non-prod.json
    # for production environments, hybrid-project-apigee-mart.json

connectAgent:
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-non-prod.json
    # for production environments, example-hybrid-apigee-mart.json

metrics:
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-non-prod.json
    # for production environments, hybrid-project-apigee-metrics.json

udca:
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-non-prod.json
    # for production environments, hybrid-project-apigee-udca.json

watcher:
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-non-prod.json
    # for production environments, hybrid-project-apigee-watcher.json

logger:
  enabled: false # Set to "false" for GKE. Set to "true" for all other kubernetes platforms.
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-non-prod.json
    # for production environments, logger-service-account-name.json
  4. When you are finished, save the file.

The following table describes each of the property values that you must provide in the overrides file. For more information, see Configuration property reference.

Variable Description
analytics-region In GKE, You must set this value to the same region where the cluster is running. In all other platforms, select the closest analytics region to your cluster that has Analytics support (see the table in Part 1, Step 4: Create an organization.

This is the value you assigned to the environment variable ANALYTICS_REGION previously.
gcp-project-id Identifies the Google Cloud project where the apigee-logger and the apigee-metrics push their data. This is the value assigned to the environment variable PROJECT_ID.
cluster-name Your Kubernetes cluster name. This is the value assigned to the environment variable CLUSTER_NAME.
cluster-location The region where the cluster is running. This is the region where you created the cluster in Step 1: Create an cluster.

This is the value you assigned to the environment variable CLUSTER_LOCATION previously.
org-name The ID of your Apigee hybrid organization. This is the value assigned to the environment variable ORG_NAME.
unique-instance-identifier

A unique string to identify this Apigee hybrid instance per cluster. The string can be a combination of letters and numbers up to 63 characters in length.

  • You can create multiple organizations in a single cluster. Just make sure to use the same instanceID value for each time you add a new org to the same cluster.
  • If you have multiple clusters (in the same region or across multiple regions), each cluster requires a unique instanceID.

If you need help generating a unique ID, you can use a random string generation tool of your choice, such as random.org/strings.
environment-group-name The name of the environment group your environments are assigned to. This is the group you created in Project and org setup - Step 5: Create an environment group. This is the value assigned to the environment variable ENV_GROUP.
cert-name
key-name		 Enter the name of the self-signed TLS key and certificate files that you generated previously in Step 6: Create TLS certificates. These files must be located in the base_directory/hybrid-files/certs directory. For example: 
sslCertPath: ./certs/keystore.pem
sslKeyPath: ./certs/keystore.key
environment-name Use the same name that you used when you created an environment in the UI, as explained in Project and org setup - Step 5: Create an environment group.
synchronizer-service-account-name For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-synchronizer service account key file that you generated with the create-service-account tool in Hybrid runtime setup - Step 6: Create service accounts and credentials. You can see the list of service account files in your service-accounts/ directory. Fore example: 
ls ../service-accounts/
udca-service-account-name For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-udca service account key file that you generated with the create-service-account tool.
runtime-service-account-name For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-runtime service account key file that you generated with the create-service-account tool.
mart-service-account-name For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-mart service account key file that you generated with the create-service-account tool.
metrics-service-account-name For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-metrics service account key file that you generated with the create-service-account tool.
udca-service-account-name For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-udca service account key file that you generated with the create-service-account tool.
watcher-service-account-name For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-watcher service account key file that you generated with the create-service-account tool.
logger-service-account-name For non-production environments, the name of the single service account, non-prod by default. For production environments, the name of the apigee-logger service account key file that you generated with the create-service-account tool.

Summary

The configuration file tells Kubernetes how to deploy the hybrid components to a cluster. Next, you will enable synchronizer access so the Apigee runtime and management planes will be able to communicate.

1 2 3 4 5 6 7 (NEXT) Step 8: Enable Synchronizer access 9