Specify configuration overrides
The Apigee hybrid installer uses defaults for many settings; however, there are a few settings that do not have defaults. You must provide values for these settings, as explained next.
- Be sure you are in the
hybrid-base-directory/hybrid-filesdirectory. - Copy the
overrides-small.yamlfile from the$APIGEECTL_HOME/examplesoverridesdirectory:cp
$APIGEECTL_HOME/examples/overrides-small.yaml ./overrides/overrides.yamlThis example file provides a basic configuration for a small-footprint hybrid runtime installation, a configuration that is suitable for a your first installation.
cdinto theoverridesdirectory:- Open
overrides.yamland add the required property values, shown below. A detailed description of each property is also provided below:Syntax
The
overrides.yamlfile has the following structure and syntax. Values in red, bold italics are property values that you must provide. They are described in the table below.gcp:region:gcp-regionprojectID:gcp-project-idk8sCluster:name:cluster-nameregion:cluster-regionorg:org-namevirtualhosts:-name:virtual-host-namehostAliases:-"host-alias-1"-"host-alias-2"-"host-alias-n"sslCertPath:./certs/cert-name.pemsslKeyPath:./certs/key-name.keyroutingRules:-paths:-/path-1-/path-2-/path-nenv:environment-nameenvs:-name:environment-name#ThesamenameoftheenvyoucreatedintheUIserviceAccountPaths:synchronizer:./service-accounts/synchronizer-service-account-name.jsonudca:./service-accounts/udca-service-account-name.jsonmart:hostAlias:mart-host-aliasserviceAccountPath:./service-accounts/mart-service-account-name.jsonsslCertPath:./certs/mart-cert-name.pemsslKeyPath:./certs/mart-key-name.keymetrics:serviceAccountPath:./service-accounts/metrics-service-account-name.jsonlogger:enabled:false
Example
The following example shows a completed overrides file with example property values added:
gcp:region:us-central1projectID:my-gcp-projectk8sCluster:name:apigee-hybridregion:us-central1org:hybrid-orgvirtualhosts:-name:defaulthostAliases:-"*.acme.com"sslCertPath:./certs/keystore.pemsslKeyPath:./certs/keystore.keyroutingRules:#-paths:-env:my-environmentenvs:-name:testserviceAccountPaths:synchronizer:./service-accounts/hybrid-project-apigee-synchronizer.jsonudca:./service-accounts/hybrid-project-apigee-udca.jsonmart:hostAlias:"mart.apigee-hybrid-docs.net"serviceAccountPath:./service-accounts/hybrid-project-apigee-mart.jsonsslCertPath:./certs/fullchain.pemsslKeyPath:./certs/privkey.keymetrics:serviceAccountPath:./service-accounts/hybrid-project-apigee-metrics.jsonlogger:enabled:false
- When you are finished, save the file.
cd overrides
The following table describes each of the property values that you must provide in the overrides file. For more information, see Configuration property reference.
| Variable | Description |
|---|---|
| gcp-region | Identifies the GCP region where the apigee-logger and the apigee-metrics push their data. |
| gcp-project-id | Identifies the Google Cloud project where the apigee-logger and the apigee-metrics push their data. |
| cluster-name | Your Kubernetes cluster name. |
| cluster-region | The region in which the cluster was created. |
| org-name | The name of your Apigee hybrid organization. |
| virtual-host-name | A name to identify the virtual host. |
| host-alias (1 - n) | (Required) A qualified DNS name for the environment. You can use a partial wildcard like |
| cert-name key-name | Enter the name of the self-signed TLS key and certificate files that you generated previously in the step Create TLS credentials for the runtime gateway. These files must be located in the base_directory/hybrid-files/certs directory. For example: sslCertPath: ./certs/keystore.pem sslKeyPath: ./certs/keystore.key |
| path (1 - n) | Routing rules direct API calls to the provided paths to the environment mentioned. path-1 through path-n are the base paths to API proxies deployed in the environment named in environment-name. paths: is optional. The default path is /. See also Configure virtual hosts. paths: is not required at this time. Delete or comment out paths: and any path entries. |
| environment-name (under routingRules) | This is the environment API calls will be routed to. Use the same name that you used when you created an environment in the UI, as explained in Step 5: Add a new environment in the hybrid UI. . |
| environment-name | Use the same name that you used when you created an environment in the UI, as explained in Step 5: Add a new environment in the hybrid UI. |
| synchronizer-service-account-name | The name of the synchronizer service account key file that you generated with the create-service-account tool. For example: synchronizer: ./service-accounts/hybrid-project-apigee-synchronizer.json |
| udca-service-account-name | The name of the udca service account key file that you generated with the create-service-account tool. For example: udca: ./service-accounts/hybrid-project-apigee-udca.json |
| mart-host-alias | A qualified DNS name for the MART server endpoint. This name must match the common name (CN) used in the authorized TLS certificate required for this configuration. For example, mart.mydomain.com |
| mart-service-account-name | The name of the mart service account key file that you generated with the create-service-account tool. |
| mart-cert-name mart-key-name | Enter the name of the authorized TLS key and certificate files that you generated previously in the step Create TLS credentials for the MART gateway. These files must be located in the base_directory/hybrid-files/certs directory. For example: sslCertPath: ./certs/fullchain.pem sslKeyPath: ./certs/privkey.key |
| metrics-service-account-name | The name of the metrics service account key file that you generated with the create-service-account tool. For example: serviceAccountPath: ./service-accounts/hybrid-project-apigee-metrics.json |
Summary
The configuration file tells Kubernetes how to deploy the hybrid components to a cluster. Next, you will apply this configuration to your cluster.
123(NEXT) Step 4: Install hybrid runtime