Step 4: Configure the cluster

Specify configuration overrides

The Apigee hybrid installer uses defaults for many settings; however, there are a few settings that do not have defaults. You must provide values for these settings, as explained next.

  1. Be sure you are in the hybrid-base-directory/hybrid-files/overrides/ directory.
    cd hybrid-base-directory/hybrid-files/overrides
  2. Create a new file named overrides.yaml in your favorite text editor. For example:
    vi overrides.yaml

    The overrides.yaml provides the configuration for your unique Apigee hybrid installation. The overrides file in this step provides a basic configuration for a small-footprint hybrid runtime installation, suitable for your first installation.

  3. In overrides.yaml, add the required property values, shown below. A detailed description of each property is also provided below:

    Syntax

    Make sure the overrides.yaml file has the following structure and syntax. Values in red, bold italics are property values that you must provide. They are described in the table below.

    gcp:
      region: analytics-region
      projectID: gcp-project-id
    
    k8sCluster:
      name: cluster-name
      region: analytics-region
    
    org: org-name
    
    instanceID: "unique-instance-identifier"
    
    cassandra:
      hostNetwork: false #Set this to `true` for GKE-On-prem installations.
    
    virtualhosts:
      - name: environment-group-name
        sslCertPath: ./certs/cert-name.pem
        sslKeyPath: ./certs/key-name.key
    
    envs:
      - name: environment-name
        serviceAccountPaths:
          synchronizer: ./service-accounts/synchronizer-service-account-name.json
          udca: ./service-accounts/udca-service-account-name.json
    
    mart:
      serviceAccountPath: ./service-accounts/mart-service-account-name.json
    
    connectAgent:
      serviceAccountPath: ./service-accounts/mart-service-account-name.json
      # Same account used for mart and connectAgent
    
    metrics:
      serviceAccountPath: ./service-accounts/metrics-service-account-name.json
    
    watcher:
      serviceAccountPath: ./service-accounts/watcher-service-account-name.json
    
    logger:
      enabled: true
      serviceAccountPath: ./service-accounts/logger-service-account-name.json
    

    Example

    The following example shows a completed overrides file with example property values added:

    gcp:
      region: us-central1
      projectID: hybrid-example
    
    k8sCluster:
      name: apigee-hybrid
      region: us-central1
    
    org: hybrid-example
    
    instanceID: "my_hybrid_example"
    
    cassandra:
      hostNetwork: false #Set this to `true` for GKE-On Prem installations.
    
    virtualhosts:
      - name: example-env-group
        sslCertPath: ./certs/keystore.pem
        sslKeyPath: ./certs/keystore.key
    
    envs:
      - name: test
        serviceAccountPaths:
          synchronizer: ./service-accounts/hybrid-project-apigee-synchronizer.json
          udca: ./service-accounts/hybrid-project-apigee-udca.json
    
    mart:
      serviceAccountPath: ./service-accounts/hybrid-project-apigee-mart.json
    
    connectAgent:
      serviceAccountPath: ./service-accounts/example-hybrid-apigee-mart.json
    
    metrics:
      serviceAccountPath: ./service-accounts/hybrid-project-apigee-metrics.json
    
    watcher:
      serviceAccountPath: ./service-accounts/hybrid-project-apigee-watcher.json
    
    logger:
      enabled: true
      serviceAccountPath: ./service-accounts/logger-service-account-name.json
    
    
  4. When you are finished, save the file.

The following table describes each of the property values that you must provide in the overrides file. For more information, see Configuration property reference.

Variable Description
analytics-region You must set this value to the same region where the cluster is running. This is the value you assigned to the environment variable ANALYTICS_REGION previously during cluster creation The apigee-logger and the apigee-metrics push their data to this region.
gcp-project-id Identifies the Google Cloud project where the apigee-logger and the apigee-metrics push their data. This is the value assigned to the environment variable PROJECT_ID.
cluster-name Your Kubernetes cluster name. This is the value assigned to the environment variable CLUSTER_NAME.
org-name The ID of your Apigee hybrid organization. This is the value assigned to the environment variable ORG_NAME.
unique-instance-identifier

A unique string to identify this instance. This can be any combination of letters and numbers up to 63 characters in length.

environment-group-name The name of the environment group your environments are assigned to. This is the group you created in Project and org setup - Step 6: Create an environment group. This is the value assigned to the environment variable ENV_GROUP.
cert-name
key-name
Enter the name of the self-signed TLS key and certificate files that you generated previously in Step 3: Install apigeectl. These files must be located in the base_directory/hybrid-files/certs directory. For example:
sslCertPath: ./certs/keystore.pem
sslKeyPath: ./certs/keystore.key
environment-name Use the same name that you used when you created an environment in the UI, as explained in Project and org setup - Step 6: Create an environment group.
synchronizer-service-account-name The name of the synchronizer service account key file that you generated with the create-service-account tool. For example:
serviceAccountPath:
  synchronizer: ./service-accounts/hybrid-project-apigee-synchronizer.json
udca-service-account-name The name of the udca service account key file that you generated with the create-service-account tool. For example:
serviceAccountPath:
  udca: ./service-accounts/hybrid-project-apigee-udca.json
mart-service-account-name The name of the mart service account key JSON file that you generated with the create-service-account tool.
metrics-service-account-name The name of the metrics service account JSON file you generated with the create-service-account tool. For example:
metrics:
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-metrics.json
mart-service-account-name The name of the mart service account (which has the Apigee Connect Agent role assigned to it) which you created in Step 3: Install apigeectl. MART and the Apigee Connect Agent use the same service account.
watcher-service-account-name The name of the watcher service account JSON file that you generated with the create-service-account tool. For example:
watcher:
  serviceAccountPath: ./service-accounts/hybrid-project-apigee-watcher.json

Summary

The configuration file tells Kubernetes how to deploy the hybrid components to a cluster. Next, you will apply this configuration to your cluster.

1 2 3 4 (NEXT) Step 5: Install hybrid runtime