Configuration property reference

This section lists all of the configuration properties that you can use to customize the runtime plane of your Apigee hybrid deployment.

About configuration properties

You can override many configuration properties, if needed, by adding them to hybrid_root_dir/overrides.yaml.

For example, to change the replica count minimum and maximum for the MART service, you could add this stanza to overrides.yaml:

mart:
    replicaCountMin: 3
    replicaCountMax: 6

You can also find these config properties and their default settings in hybrid_root_install/1.0.0/values.yaml

For more information, see Manage runtime plane components.

Additionally, if you are configuring an Anthos-based deployment see Step 3: Configure the GKE on-prem user cluster for information on setting these properties for Anthos.

Top-level properties

The following table describes the top-level properties in the overrides.yaml file. These are properties that do not belong to another object, and apply at the org or environment level:

Property	Description
`contractProvider`	Version: 1.0.0 Default value: https://apigee.googleapis.com Defines the API path for all APIs in your installation.
`gcpProjectID`	`Deprecated:` For v1.2.0 and later, use `gcp.projectID` instead. Version: 1.0.0 Default value: none Required ID of your Google Cloud project. Works with `k8sClusterName` (deprecated) and `gcpRegion` (deprecated) to identify the project and determine where the `apigee-logger` and the `apigee-metrics` push their data.
`gcpRegion`	`Deprecated:` For v1.2.0 and later, use `gcp.region` instead. Version: 1.0.0 Default value: `us-central1` Required The closet GCP region or zone of your Kubernetes cluster. Works with `gcpProjectID` (deprecated) and `k8sClusterName` (deprecated) to identify the project and determine where the `apigee-logger` and the `apigee-metrics` push their data.
`imagePullSecrets.name`	Version: 1.0.0 Default value: None Kubernetes secret name configured as docker-registry type; used to pull images from private repo.
`k8sClusterName`	`Deprecated:` For v1.2.0 and later, use `k8sCluster.name` and `k8sCluster.region` instead. Version: 1.0.0 Default value: None Name of the Kubernetes (K8S) procluster where your hybrid project is running. Works with `gcpProjectID` (deprecated) and `gcpRegion` (deprecated) to identify the project and determine where the `apigee-logger` and the `apigee-metrics` push their data.
`kmsEncryptionKey`	Version: 1.0.0 Default value: `defaults.org.kmsEncryptionKey` Optional. Use only one of kmsEncryptionKey or kmsEncryptionPath or kmsEncryptionSecret. Local file system path for the Apigee KMS data's encryption key.
`kmsEncryptionPath`	Version: 1.2.0 Default value: None Optional. Use only one of kmsEncryptionKey or kmsEncryptionPath or kmsEncryptionSecret. The path to a file containing a base64-encoded encryption key. See Data encryption.
`kmsEncryptionSecret.key`	Version: 1.2.0 Default value: None Optional. Use only one of kmsEncryptionKey or kmsEncryptionPath or kmsEncryptionSecret. The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.
`kmsEncryptionSecret.name`	Version: 1.2.0 Default value: None Optional. Use only one of kmsEncryptionKey or kmsEncryptionPath or kmsEncryptionSecret. The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.
`kvmEncryptionKey`	Version: 1.0.0 Default value: `defaults.org.kmsEncryptionKey` Optional. Use only one of kvmEncryptionKey or kvmEncryptionPath or kvmEncryptionSecret. Local file system path for the Apigee KVM data's encryption key.
`kvmEncryptionPath`	Version: 1.2.0 Default value: None Optional. Use only one of kvmEncryptionKey or kvmEncryptionPath or kvmEncryptionSecret. The path to a file containing a base64-encoded encryption key. See Data encryption.
`kvmEncryptionSecret.key`	Version: 1.2.0 Default value: None Optional. Use only one of kvmEncryptionKey or kvmEncryptionPath or kvmEncryptionSecret. The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.
`kvmEncryptionSecret.name`	Version: 1.2.0 Default value: None Optional. Use only one of kvmEncryptionKey or kvmEncryptionPath or kvmEncryptionSecret. The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.
`namespace`	Version: 1.0.0 Default value: `apigee` The namespace of your Kubernetes cluster where the Apigee components will be installed.
`org`	Version: 1.0.0 Default value: None Required The hybrid-enabled organization that was provisioned for you by Apigee during the hybrid installation. An organization is the top-level container in Apigee. It contains all your API proxies and related resources. If the value is empty, you must update it with your org name once you have created it.
`revision`	Version: 1.0.0 Default value: `v120` Apigee hybrid supports rolling Kubernetes updates, which allow deployment updates to take place with zero downtime by incrementally updating Pod instances with new ones. When updating certain YAML overrides that result in underlying Kubernetes PodTemplateSpec change, the `revision` override property must also be changed in the customer's override.yaml. This is required for the underlying Kubernetes ApigeeDeployment (AD) controller to conduct a safe rolling update of from the previous version to the new version. You can use any lowercase text value, eg: "blue", "a", "1.0.0" Note: `revision` can only accept lowercase alpha characters, numbers, and punctuation. When the `revision` property is changed and applied, a rolling update will occur for all components Changes to properties of the following objects require an update to `revision`: nodeSelector envs imagePullSecrets gcpProjectID k8sClusterName contractProvider org For more information, see Rolling updates.
`validateServiceAccounts`	Version: 1.0.0 Default value: true Enables strict validation of service account permissions. This uses Cloud Resource Manager API method "testIamPermissions" to verify that the provided service account has the required permissions. In the case of service accounts for an Apigee Org, the project ID check is the one mapped to the Organization. For Metrics and Logger, the project checked is based on the "gcpProjectID" overrides.yaml configuration. See also `gcpProjectID`

`ao`

Apigee Operators (AO) creates and updates low level Kubernetes and Istio resources that are required to deploy and maintain the ApigeeDeployment (AD). For example, the controller carries out the release of message processors. Also validates the ApigeeDeployment configuration before persisting it in Kubernetes cluster.

The following table describes the properties of the apigee-operators ao object:

Property	Description
`ao.image.pullPolicy`	Version: 1.2.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`ao.image.tag`	Version: 1.2.0 Default value: `1.2.0` The version label for this service's Docker image.
`ao.image.url`	Version: 1.2.0 Default value: `"google/apigee-deployment-controller"` The location of the Docker image for this service.
`ao.resources.limits.cpu`	Version: 1.2.0 Default value: `250m` The CPU limit for the resource in a Kubernetes container, in millicores.
`ao.resources.limits.memory`	Version: 1.2.0 Default value: `256Mi` The memory limit for the resource in a Kubernetes container, in mebibytes.
`ao.resources.requests.cpu`	Version: 1.2.0 Default value: `250m` The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
`ao.resources.requests.memory`	Version: 1.2.0 Default value: `256Mi` The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.

`authz`

The following table describes the properties of the authz object:

Property	Description
`authz.image.pullPolicy`	Version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`authz.image.tag`	Version: 1.0.0 Default value: `1.2.0` The version label for this service's Docker image.
`authz.image.url`	Version: 1.0.0 Default value: `"google/apigee-authn-authz"` The location of the Docker image for this service.
`authz.livenessProbe.failureThreshold`	Version: 1.0.0 Default value: `2` The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
`authz.livenessProbe.initialDelaySeconds`	Version: 1.0.0 Default value: `0` The number of seconds after a container is started before a liveness probe is initiated.
`authz.livenessProbe.periodSeconds`	Version: 1.0.0 Default value: `5` Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
`authz.livenessProbe.timeoutSeconds`	Version: 1.0.0 Default value: `1` The number of seconds after which a liveness probe times out. The minimum value is 1.
`authz.readinessProbe.failureThreshold`	Version: Beta2 Default value: `2` The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready. The minimum value is 1.
`authz.readinessProbe.initialDelaySeconds`	Version: 1.0.0 Default value: `0` The number of seconds after a container is started before a readiness probe is initiated.
`authz.readinessProbe.periodSeconds`	Version: 1.0.0 Default value: `5` Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
`authz.readinessProbe.successThreshold`	Version: 1.0.0 Default value: `1` The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
`authz.readinessProbe.timeoutSeconds`	Version: 1.0.0 Default value: `1` The number of seconds after which a liveness probe times out. The minimum value is 1.
`authz.resources.requests.cpu`	Version: 1.0.0 Default value: `50m` The ammount of CPU resources to allocate for authentication requests.
`authz.resources.requests.memory`	Version: 1.0.0 Default value: `128Mi` The ammount of memory resources to allocate for authentication requests.

`busyBoxInit` (Deprecated)

The following table describes the properties of the busyBoxInit object:

Property Description

Property	Description
`busyBoxInit.image.pullPolicy`	`Deprecated.` Version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`busyBoxInit.image.tag`	`Deprecated.` Version: 1.0.0 Default value: `"1.0.0"` The version label for this service's Docker image.
`busyBoxInit.image.url`	`Deprecated.` Version: 1.0.0 Default value: `"busybox"` The location of the Docker image for this service.

busyBoxInit.image.pullPolicy

Deprecated.

Version: 1.0.0

Default value: IfNotPresent

Determines when kubelet pulls the pod's Docker image. Possible values include:

IfNotPresent: Do not pull a new image if it already exists.
Always: Always pull the image, regardless of whether it exists already.

For more information, see Updating images.

busyBoxInit.image.tag

Deprecated.

Version: 1.0.0

Default value: "1.0.0"

The version label for this service's Docker image.

busyBoxInit.image.url

Deprecated.

Version: 1.0.0

Default value: "busybox"

The location of the Docker image for this service.

`cassandra`

Defines the hybrid service that manages the runtime data repository. This repository stores application configurations, distributed quota counters, API keys, and OAuth tokens for applications running on the gateway.

For more information, see Configure Cassandra.

The following table describes the properties of the cassandra object:

Property	Description
`cassandra.auth.admin.password`	Version: 1.0.0 Default value: "iloveapis123" Required Password for the Cassandra administrator. The admin user is used for any administrative activities performed on the Cassandra cluster.
`cassandra.auth.ddl.password`	Version: 1.0.0 Default value: "iloveapis123" Required Password for the Cassandra Data Definition Language (DDL) user. Used by MART for any of the data definition tasks like keyspace creation, update, and deletion.
`cassandra.auth.default.password`	Version: 1.0.0 Default value: `"iloveapis123"` Required The password for the default Cassandra user created when Authentication is enabled. This password must be reset when configuring Cassandra authentication. See Configuring TLS for Cassandra.
`cassandra.auth.dml.password`	Version: 1.0.0 Default value: "iloveapis123" Required Password for the Cassandra Data Manipulation Language (DML) user. The DML user is used by the client communication to read and write data to Cassandra.
`cassandra.auth.image.pullPolicy`	Version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`cassandra.auth.image.tag`	Version: 1.0.0 Default value: `1.2.0` The version label for this service's Docker image.
`cassandra.auth.image.url`	Version: 1.0.0 Default value: `"google/apigee-hybrid-cassandra-client"` The location of the Docker image for this service.
`cassandra.backup.cloudProvider`	Version: 1.0.0 Default value: `"GCP"` Required if backup is enabled. Cloud provider for backup storage.
`cassandra.backup.dbStorageBucket`	Version: 1.0.0 Default value: None Required if backup is enabled. Cloud storage bucket for the backup data.
`cassandra.backup.enabled`	Version: 1.0.0 Default value: `false` Data backup is not enabled by default. To enable, set to `true`. See Cassandra backup and recovery.
`cassandra.backup.image.pullPolicy`	Version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`cassandra.backup.image.tag`	Version: 1.0.0 Default value: `1.2.0` The version label for this service's Docker image.
`cassandra.backup.image.url`	Version: 1.0.0 Default value: `"google/apigee-cassandra-backup-utility"` The location of the Docker image for this service.
`cassandra.backup.schedule`	Version: 1.0.0 Default value: `"0 2 * * *"` The schedule for the chron job. See Cassandra backup and recovery.
`cassandra.backup.serviceAccountPath`	Version: 1.0.0 Default value: None One of either backup.serviceAccountPath or backup.serviceAccountSecretRef is required if backup is enabled. Path to Google Service Account key file with Storage Object Admin role.
`cassandra.backup.serviceAccountSecretRef`	Version: 1.2.0 Default value: None One of either backup.serviceAccountPath or backup.serviceAccountSecretRef is required if backup is enabled. The name of a Kubernetes secret. You must create the secret using a Google Service Account key with the Storage Object Admin role as its input.
`cassandra.clusterName`	Version: 1.0.0 Default value: `"apigeecluster"` Specifies the name of the Cassandra cluster.
`cassandra.datacenter`	Version: 1.0.0 Default value: `"dc-1"` Specifies the datacenter of the Cassandra node.
`cassandra.dnsPolicy`	Version: 1.1.1 Default value: `ClusterFirstWithHostNet` When `cassandra.hostNetwork` is set to `true`, this determines which DNS policy Cassandra uses. For Anthos based deployments it should be set to `ClusterFirstWithHostNet`. If `cassandra.hostNetwork` is set to `false`, `cassandra.dnsPolicy` is ignored. See Pod's DNS Policy in the Kubernetes documentation for more values for `cassandra.dnsPolicy`.
`cassandra.externalSeedHost`	Version: 1.0.0 Default value: None Hostname or IP of a Cassandra cluster node. If not set, the Kubernetes local service is used.
`cassandra.heapNewSize`	Version: 1.0.0 Default value: `100M` The amount of JVM system memory allocated to newer objects, in megabytes.
`cassandra.hostNetwork`	Version: 1.1.1 Default value: `true` for Anthos deployments. `false` for non-Anthos deployments. Set to true for Anthos based deployments. When `cassandra.hostNetwork` is `true`, make sure `cassandra.dnsPolicy` is set to `ClusterFirstWithHostNet`.
`cassandra.image.pullPolicy`	Version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`cassandra.image.tag`	Version: 1.0.0 Default value: `1.2.0` The version label for this service's Docker image.
`cassandra.image.url`	Version: 1.0.0 Default value: `"google/apigee-hybrid-cassandra"` The location of the Docker image for this service.
`cassandra.maxHeapSize`	Version: 1.0.0 Default value: `512M` The upper limit of JVM system memory available fo Cassandra operations, in megabytes.
`cassandra.multiRegionSeedHost`	Version: 1.0.0 Default value: None IP address of an existing Cassandra cluster used to expand the existing cluster to a new region. See Configure the multi-region seed host.
`cassandra.nodeSelector.key`	Version: 1.0.0 Default value: None Required Node selector label key used to target dedicated Kubernetes nodes for `cassandra` data services. See Add node selectors.
`cassandra.nodeSelector.value`	Version: 1.0.0 Default value: None Optional ode selector label value used to target dedicated Kubernetes nodes for `cassandra` data services and override the nodeSelector.apigeeData settings. See nodeSelector.
`cassandra.port`	Version: 1.0.0 Default value: `9042` Port number used to connect to cassandra.
`cassandra.rack`	Version: 1.0.0 Default value: `"ra-1"` Specifies the rack of the Cassandra node.
`cassandra.readinessProbe.failureThreshold`	Version: 1.0.0 Default value: `2` The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready. The minimum value is 1.
`cassandra.readinessProbe.initialDelaySeconds`	Version: 1.0.0 Default value: `0` The number of seconds after a container is started before a readiness probe is initiated.
`cassandra.readinessProbe.periodSeconds`	Version: 1.0.0 Default value: `10` Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
`cassandra.readinessProbe.successThreshold`	Version: 1.0.0 Default value: `1` The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
`cassandra.readinessProbe.timeoutSeconds`	Version: 1.0.0 Default value: `5` The number of seconds after which a liveness probe times out. The minimum value is 1.
`cassandra.replicaCount`	Version: 1.0.0 Default value: `1` Cassandra is a replicated database. This property specifies the number of Cassandra nodes employed as a StatefulSet.
`cassandra.resources.requests.cpu`	Version: 1.0.0 Default value: `500m` The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
`cassandra.resources.requests.memory`	Version: 1.0.0 Default value: `1Gi` The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
`cassandra.restore.cloudProvider`	Version: 1.0.0 Default value: `"GCP"` Required if restore is enabled. Cloud provider for backup storage.
`cassandra.restore.dbStorageBucket`	Version: 1.0.0 Default value: None Required if restore is enabled. Cloud storage bucket for the backup data to restore.
`cassandra.restore.enabled`	Version: 1.0.0 Default value: `false`
`cassandra.restore.image.pullPolicy`	Version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`cassandra.restore.image.tag`	Version: 1.0.0 Default value: `1.2.0` The version label for this service's Docker image.
`cassandra.restore.image.url`	Version: 1.0.0 Default value: `"google/apigee-cassandra-backup-utility"` The location of the Docker image for this service.
`cassandra.restore.serviceAccountPath`	Version: 1.0.0 Default value: None One of either restore.serviceAccountPath or restore.serviceAccountSecretRef is required if restore is enabled. Path to Google Service Account key file with Storage Object Admin role.
`cassandra.restore.serviceAccountSecretRef`	Version: 1.2.0 Default value: None One of either restore.serviceAccountPath or restore.serviceAccountSecretRef is required if restore is enabled. The name of a Kubernetes secret. You must create the secret using a Google Service Account key with the Storage Object Admin role as its input.
`cassandra.restore.snapshotTimestamp`	Version: 1.0.0 Default value: None Required if restore is enabled. Timestamp of the backup that should be restored.
`cassandra.restore.user`	Version: 1.0.0 Default value: admin account Cassandra username used for schema backup restoration. If not specified, the admin user will be used.
`cassandra.sslCertPath`	Version: 1.2.0 Default value: None The path on your system to a TLS certificate file. Note: For each configured environment, the Common Name (CN) in the cert must match the domain in the `hostAliases[]` property. For example, if the CN is `*.example.com`, the `hostAliases[]` could be `foo.example.com` or `bar.example.com`.
`cassandra.sslKeyPath`	Version: 1.2.0 Default value: None The path on your system to the TLS private key file.
`cassandra.sslRootCAPath`	Version: 1.2.0 Default value: None The certificate chain to the root CA (certificate authority).
`cassandra.storage.capacity`	Version: 1.0.0 Default value: `50Gi` Required if storage.storageClass is specified Specifies the disk size required, in mebibytes.
`cassandra.storage.storageClass`	Version: 1.0.0 Default value: None Specifies the class of on-prem storage being used.
`cassandra.terminationGracePeriodSeconds`	Version: 1.0.0 Default value: `300` The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.

`certmanager`

cert-manager is a certificate manager for Kubernetes implementations used by Apigee. See Welcome to cert-manager.

The following table describes the properties of the certmanager object:

Property Description

Property	Description
`certmanager.image.tag`	Version: 1.2.0 Default value: `"v0.12.0"` The version label for this service's Docker image.
`certmanager.image.url`	Version: 1.2.0 Default value: `"apigee-cert-manager-controller"` The location of the Docker image for this service.

certmanager.image.tag

Version: 1.2.0

Default value: "v0.12.0"

The version label for this service's Docker image.

certmanager.image.url

Version: 1.2.0

Default value: "apigee-cert-manager-controller"

The location of the Docker image for this service.

`certmanagercainjector`

The cert-manager CA injector is a cert-manager process responsible for injecting the CA bundle into the cert-manager Webhook process. See CA injector in the cert-manager documentation.

The following table describes the properties of the certmanagercainjector object:

Property Description

Property	Description
`certmanagercainjector.image.tag`	Version: 1.2.0 Default value: `"v0.12.0"` The version label for this service's Docker image.
`certmanagercainjector.image.url`	Version: 1.2.0 Default value: `"google/apigee-cert-manager-cainjector"` The location of the Docker image for this service.

certmanagercainjector.image.tag

Version: 1.2.0

Default value: "v0.12.0"

The version label for this service's Docker image.

certmanagercainjector.image.url

Version: 1.2.0

Default value: "google/apigee-cert-manager-cainjector"

The location of the Docker image for this service.

`certmanagerwebhook`

The cert-manager Webhook is a process that provides dynamic admission control over cert-manager resources. See Webhook in the cert-manager documentation.

The following table describes the properties of the certmanagerwebhook object:

Property Description

Property	Description
`certmanagerwebhook.image.tag`	Version: 1.2.0 Default value: `"v0.12.0"` The version label for this service's Docker image.
`certmanagerwebhook.image.url`	Version: 1.2.0 Default value: `"google/apigee-cert-manager-webhook"` The location of the Docker image for this service.

certmanagerwebhook.image.tag

Version: 1.2.0

Default value: "v0.12.0"

The version label for this service's Docker image.

certmanagerwebhook.image.url

Version: 1.2.0

Default value: "google/apigee-cert-manager-webhook"

The location of the Docker image for this service.

`connectAgent`

Apigee Connect allows the Apigee hybrid management plane to connect securely to the MART service in the runtime plane without requiring you to expose the MART endpoint on the internet. If you use Apigee Connect, you do not need to configure the MART ingress gateway with a host alias and an authorized DNS certificate.

The following table describes the properties of the connectAgent object:

Property	Description
`connectAgent.enabled`	Version: 1.2.0 Default value: `false` Is this installation using Apigee Connect instead of Istio ingress for mart? True or False. See Using Apigee Connect.
`connectAgent.server`	Version: 1.2.0 Default value: `"apigeeconnect.googleapis.com:443"` The location of the server and port for this service.
`connectAgent.logLevel`	Version: 1.2.0 Default value: `"INFO"` The level of log reporting. Values can be: `INFO`: Informational messages in addition to warning, error, and fatal messages. Most useful for debugging. `WARNING`: Non-fatal warnings in addition to error and fatal messages. `ERROR`: Internal errors and errors that are not returned to the user in addition to fatal messages. `FATAL`: Unrecoverable errors and events that cause Apigee connect to crash.
`connectAgent.image.pullPolicy`	Version: 1.2.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`connectAgent.image.tag`	Version: 1.2.0 Default value: `"1.2.0"` The version label for this service's Docker image.
`connectAgent.image.url`	Version: 1.2.0 Default value: `"google/apigee-connect-agent"` The location of the Docker image for this service. Check the values.yaml file for the specific URL.
`connectAgent.replicaCountMax`	Version: 1.2.0 Default value: `5` Maximum number of replicas available for autoscaling.
`connectAgent.replicaCountMin`	Version: 1.2.0 Default value: `1` Minimum number of replicas available for autoscaling. In production, you may want to increase replicaCountMin to 3, to have a greater number of connections to the control plane for reliability and scalability.
`connectAgent.resources.requests.cpu`	Version: 1.0.0 Default value: `100m` The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
`connectAgent.resources.requests.memory`	Version: 1.0.0 Default value: `30Mi` The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
`connectAgent.targetCPUUtilizationPercentage`	Version: 1.2.0 Default value: `75` Target CPU utilization for the Apigee connect agent on the pod. The value of this field enables Apigee connect to auto-scale when CPU utilization reaches this value, up to `replicaCountMax`.
`connectAgent.terminationGracePeriodSeconds`	Version: 1.2.0 Default value: `600` The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.

`defaults`

The Default encryption keys for the Apigee hybrid installation.

The following table describes the properties of the defaults object:

Property	Description
`defaults.org.kmsEncryptionKey`	Version: 1.0.0 Default value: `"aWxvdmVhcGlzMTIzNDU2Nw=="` Default encryption key for the org in KMS.
`defaults.org.kvmEncryptionKey`	Version: 1.0.0 Default value: `"aWxvdmVhcGlzMTIzNDU2Nw=="` Default encryption key for the org in KVM.
`defaults.env.kmsEncryptionKey`	Version: 1.0.0 Default value: `"aWxvdmVhcGlzMTIzNDU2Nw=="` Default encryption key for the environment (env) in KMS.
`defaults.env.kvmEncryptionKey`	Version: 1.0.0 Default value: `"aWxvdmVhcGlzMTIzNDU2Nw=="` Default encryption key for the environment (env) in KVM.
`defaults.env.cacheEncryptionKey`	Version: 1.0.0 Default value: `"aWxvdmVhcGlzMTIzNDU2Nw=="` Default cache encryption key for the environment (env).

`envs`

Defines an array of environments to which you can deploy your API proxies. Each environment provides an isolated context or "sandbox" for running API proxies.

Your hybrid-enabled organization must have at least one environment.

For more information, see Configure environments.

The following table describes the properties of the envs object:

Property	Description
`envs[].cacheEncryptionKey`	Version: 1.0.0 Default value: None One of either cacheEncryptionKey, cacheEncryptionPath, or cacheEncryptionSecret is required. A base64-encoded encryption key. See Data encryption.
`envs[].cacheEncryptionPath`	Version: 1.2.0 Default value: None One of either cacheEncryptionKey, cacheEncryptionPath, or cacheEncryptionSecret is required. The path to a file containing a base64-encoded encryption key. See Data encryption.
`envs[].cacheEncryptionSecret.key`	Version: 1.2.0 Default value: None One of either cacheEncryptionKey, cacheEncryptionPath, or cacheEncryptionSecret is required. The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.
`envs[].cacheEncryptionSecret.name`	Version: 1.2.0 Default value: None One of either cacheEncryptionKey, or cacheEncryptionPath, or cacheEncryptionSecret is required. The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.
`envs[].hostAlias`	Version: 1.0.0 Default value: None Deprecated: use hostAliases[] instead.
`envs[].hostAliases[]`	Version: 1.2.0 Default value: None The host aliases pointing to the environment. Each host alias must be a fully-qualified domain name.
`envs[].httpProxy.host`	Version: 1.2.0 Default value: None Specifies the host name or IP address where the HTTP proxy is running. List `httpProxy` properties in the order `scheme`, `host`, `port`. For example: envs: - name: test httpProxy: scheme: HTTP host: 10.12.0.47 port: 3128 ... See also: Configure forward proxying for API proxies.
`envs[].httpProxy.port`	Version: 1.2.0 Default value: None Specifies the port on which the HTTP proxy is running. If this property is omitted, by default it uses port 80 for HTTP and port 443 for HTTPS.
`envs[].httpProxy.scheme`	Version: 1.2.0 Default value: None Specifies the type of the HTTP proxy as HTTP or HTTPS. By default, it uses "HTTP".
`envs[].httpProxy.username`	Version: 1.2.0 Default value: None If the HTTP proxy requires basic authentication, then use this property to provide a username.
`envs[].httpProxy.password`	Version: 1.2.0 Default value: None If the HTTP proxy requires basic authentication, then use this property to provide a password.
`envs[].kmsEncryptionKey`	Version: 1.0.0 Default value: None One of either kmsEncryptionKey, kmsEncryptionPath, or kmsEncryptionSecret is required. Local file system path for the Apigee KMS data's encryption key.
`envs[].kmsEncryptionPath`	Version: 1.2.0 Default value: None One of either kmsEncryptionKey, kmsEncryptionPath, or kmsEncryptionSecret is required. The path to a file containing a base64-encoded encryption key. See Data encryption.
`envs[].kmsEncryptionSecret.key`	Version: 1.2.0 Default value: None kmsEncryptionKey, kmsEncryptionPath, or kmsEncryptionSecret is required. The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.
`envs[].kmsEncryptionSecret.name`	Version: 1.2.0 Default value: None One of either kmsEncryptionKey, kmsEncryptionPath, or kmsEncryptionSecret is required. The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.
`envs[].name`	Version: 1.0.0 Default value: None Required Apigee environment name to be synchronized.
`envs[].pollInterval`	Version: 1.0.0 Default value: None Interval used for polling organization and environment synchronization changes, in seconds.
`envs[].port`	Version: 1.0.0 Default value: None TCP port number for HTTPS traffic.
`envs[].serviceAccountPaths.synchronizer`	Version: GA Default value: None Path to file on local system to a Google Service Account key with the Apigee Synchronizer Manager role.
`envs[].serviceAccountPaths.udca`	Version: GA Default value: None Path to file on local system to a Google Service Account key with the Apigee Analytic Agent role.
`envs[].serviceAccountSecretRefs.synchronizer`	Version: 1.2.0 Default value: None The name of a Kubernetes secret. You must create the secret using a Google Service Account key with the Apigee Synchronizer Manager role as its input.
`envs[].serviceAccountSecretRefs.udca`	Version: 1.2.0 Default value: None The name of a Kubernetes secret. You must create the secret using a Google Service Account key with the Apigee Analytic Agent role as its input.
`envs[].sslCertPath`	Version: 1.2.0 Default value: None Either `sslCertPath`/`sslKeyPath` or `sslSecret` is required. The path on your system to a TLS certificate file. Note: For each configured environment, the Common Name (CN) in the cert must match the domain in the `hostAliases[]` property. For example, if the CN is `*.example.com`, the `hostAliases[]` could be `foo.example.com` or `bar.example.com`.
`envs[].sslKeyPath`	Version: 1.2.0 Default value: None Either `sslCertPath`/`sslKeyPath` or `sslSecret` is required. The path on your system to the TLS private key file.
`envs[].sslSecret`	Version: 1.2.0 Default value: None Either `sslCertPath`/`sslKeyPath` or `sslSecret` is required. The name of a file stored in a Kubernetes secret that contains the TLS certificate and private key. You must create the secret using the TLS certificate and key data as its input. See also: Storing data in a Kubernetes secret Secrets in the Kubernetes documentation Creating a Secret Using kubectl in the Kubernetes documentation

`gcp`

Identifies the GCP project ID and region where the apigee-logger and the apigee-metrics push their data.

The following table describes the properties of the gcp object:

Property Description

Property	Description
`gcp.region`	Version: 1.2.0 Default value: None Required Identifies the GCP region where the `apigee-logger` and the `apigee-metrics` push their data.
`gcp.projectID`	Version: 1.2.0 Default value: None Required Identifies the Google Cloud project where `apigee-logger` and the `apigee-metrics` push their data.
`gcp.projectIDRuntime`	Version: 1.2.0 Default value: None Identifies the runtime Kubernetes cluster project. The `projectIDRuntime` property is optional. If not used, it is assumed that the `projectID` value is used for both the Apigee organization's GCP project and the runtime K8S cluster's project.

gcp.region

Version: 1.2.0

Default value: None

Required

Identifies the GCP region where the apigee-logger and the apigee-metrics push their data.

gcp.projectID

Version: 1.2.0

Default value: None

Required

Identifies the Google Cloud project where apigee-logger and the apigee-metrics push their data.

gcp.projectIDRuntime

Version: 1.2.0

Default value: None

Identifies the runtime Kubernetes cluster project.

The projectIDRuntime property is optional. If not used, it is assumed that the projectID value is used for both the Apigee organization's GCP project and the runtime K8S cluster's project.

`httpProxy`

httpProxy provides configuration parameters for an HTTP forward proxy server. When configured in overrides.yaml, all internet communication for the MART, Synchronizer, and UDCA components pass through the proxy server.

Property	Description
`httpProxy.host`	Version: 1.1.1 Default value: None The hostname of the HTTP Proxy.
`httpProxy.port`	Version: 1.1.1 Default value: None The port of the HTTP Proxy.
`httpProxy.scheme`	Version: 1.1.1 Default value: `HTTPS` The scheme used by the proxy. Values can be `HTTP` or `HTTPS`. Values must be uppercase only.

`ingress`

Ingress is the instantiation of the Istio Ingress Gateway. The ingress is used to specify services that should be exposed outside the cluster. The hybrid runtime installation creates Ingress objects for these two runtime components:

Runtime
MART

`istio`

Google Cloud Platform's (GCP's) implemention of Istio is a service mesh that layers onto your existing Apigee instance helping it integrate with the logging platform, telemetry and policy system.

The following table describes the properties of the istio object:

Property	Description
`istio.citadel.image.url`	Version: 1.2.0 Default value: `"google/apigee-istio-citadel"` The location of the Docker image for this service.
`istio.galley.image.url`	Version: 1.2.0 Default value: `"google/apigee-istio-galley"` The location of the Docker image for this service.
`istio.ingressgateway.replicaCountMax`	Version: 1.0.0 Default value: 5 Required Maximum number of Istio ingress gateway replicas allowed. See: ingress object Ingress Gateways in the Istio documentation Adding gateways about adding Istio ingress gatewawys in the GCP documentation.
`istio.ingressgateway.replicaCountMin`	Version: 1.0.0 Default value: 1 Required Minimum number of Istio ingress gateway replicas required. See: ingress object Ingress Gateways in the Istio documentation Adding gateways about adding Istio ingress gatewawys in the GCP documentation.
`istio.ingressgateway.resources.requests.cpu`	Version: 1.0.0 Default value: 100m Required CPU resources allocated to the ingress controller, needed for the gateway to operate optimally. See: ingress object Ingress Gateways in the Istio documentation Ingress Controllers in the Kubernetes documentation.
`istio.ingressgateway.resources.requests.memory`	Version: 1.0.0 Default value: 128Mi Memory resources allocated to the ingress controller, needed for the gateway to operate optimally. ingress object Ingress Gateways in the Istio documentation Ingress Controllers in the Kubernetes documentation.
`istio.kubectl.image.url`	Version: 1.2.0 Default value: `"google/apigee-istio-kubectl"` The location of the Docker image for this service.
`istio.mixer.image.url`	Version: 1.2.0 Default value: `"google/apigee-istio-mixer"` The location of the Docker image for this service.
`istio.node_agent_k8s.image.url`	Version: 1.2.0 Default value: `"google/apigee-istio-node-agent-k8s"` The location of the Docker image for this service.
`istio.nodeSelector.key`	Version: 1.0.0 Default value: None Optional node selector label key for targeting Kubernetes nodes for `istio` services. If you do not specify a key for mart.nodeselector, the `istio` services use the node specified in the nodeSelectorobject.
`istio.nodeSelector.value`	Version: 1.0.0 Default value: None Optional node selector label value for targeting Kubernetes nodes for `istio` services. See also the nodeSelectorobject.
`istio.pilot.image.url`	Version: 1.2.0 Default value: `"google/apigee-istio-pilot"` The location of the Docker image for this service.
`istio.pilot.replicaCountMax`	Version: 1.0.0 Default value: 5 Required The `pilot` core traffic management within the cluster, communicating with the `envoy` sidecar proxy. `replicaCountMax` is the maximium number of Istio pilot replicas allowed. See Pilot: Core traffic management in the Istio documentation
`istio.pilot.replicaCountMin`	Version: 1.0.0 Default value: 1 Required The `pilot` core traffic management within the cluster, communicating with the `envoy` sidecar proxy. `replicaCountMax` is the maximium number of Istio pilot replicas required. See Pilot: Core traffic management in the Istio documentation
`istio.pilot.resources.requests.cpu`	Version: 1.0.0 Default value: 500m Required CPU resources allocated to the pilot process, needed for the gateway to operate optimally. See: Pilot: Core traffic management in the Istio documentation pilot-agent in the Istio documentation.
`istio.pilot.resources.requests.memory`	Version: 1.0.0 Default value: 2048Mi Memory resources allocated to the pilot process, needed for the gateway to operate optimally. See: Pilot: Core traffic management in the Istio documentation pilot-agent in the Istio documentation.
`istio.proxyv2.image.url`	Version: 1.2.0 Default value: `"google/apigee-istio-proxyv2"` The location of the Docker image for this service.
`istio.sidecar_injector.image.url`	Version: 1.2.0 Default value: `"google/apigee-istio-sidecar-injector"` The location of the Docker image for this service.
`istio.version`	Version: 1.2.0 Default value: `1.4.6` Version of Istio to use for this implementation of Apigee. See: Istio releases on GitHub

`k8sCluster`

Identifies Kubernetes cluster where the hybrid runtime is installed.

The following table describes the properties of the k8sCluster object:

Property Description

Property	Description
`k8sCluster.name`	Version: 1.2.0 Default value: None The name of the Kubernetes cluster where the hybrid runtime is installed.
`k8sCluster.region`	Version: 1.2.0 Default value: None Identifies the GCP region in which your Kubernetes cluster was created.

k8sCluster.name

Version: 1.2.0

Default value: None

The name of the Kubernetes cluster where the hybrid runtime is installed.

k8sCluster.region

Version: 1.2.0

Default value: None

Identifies the GCP region in which your Kubernetes cluster was created.

`kubeRBACProxy`

Identifies where Apigee should look for Kubernetes role-based access controls.

The following table describes the properties of the kubeRBACProxy object:

Property Description

Property	Description
`kubeRBACProxy.image.pullPolicy`	Version: 1.2.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`kubeRBACProxy.image.tag`	Version: `"v0.4.1"` Default value: `1.2.0` The version label for this service's Docker image.
`kubeRBACProxy.image.url`	Version: 1.2.0 Default value: `"google/apigee-kube-rbac-proxy"` The location of the Docker image for this service. If you do not want to use the Google Docker Hub, download the images and use the address where your docker images are hosted internally.

kubeRBACProxy.image.pullPolicy

Version: 1.2.0

Default value: IfNotPresent

Determines when kubelet pulls the pod's Docker image. Possible values include:

IfNotPresent: Do not pull a new image if it already exists.
Always: Always pull the image, regardless of whether it exists already.

For more information, see Updating images.

kubeRBACProxy.image.tag

Version: "v0.4.1"

Default value: 1.2.0

The version label for this service's Docker image.

kubeRBACProxy.image.url

Version: 1.2.0

Default value: "google/apigee-kube-rbac-proxy"

The location of the Docker image for this service.

If you do not want to use the Google Docker Hub, download the images and use the address where your docker images are hosted internally.

`logger`

Defines the service that manages operational logs. All of the Apigee hybrid services that run in your Kubernetes cluster output this information.

For more information, see Logging.

The following table describes the properties of the logger object:

Property	Description
`logger.enabled`	Version: 1.0.0 Default value: `true` Enables or disables logging on the cluster. For non-GKE set to `true`, for Anthos or GKE set to `false`.
`logger.fluentd.buffer_chunk_limit`	Version: 1.0.0 Default value: `512k` The maximum size of a buffer chunk allowed, in kilobytes. Chunks exceeding the limit will be flushed to the output queue automatically.
`logger.fluentd.buffer_queue_limit`	Version: 1.0.0 Default value: `6` The maximum length of the output queue. The default limit is 256 chunks.
`logger.fluentd.flush_interval`	Version: 1.0.0 Default value: `5s` The interval to wait before invoking the next buffer flush, in seconds.
`logger.fluentd.max_retry_wait`	Version: 1.0.0 Default value: `30` The maximum interval between write retries, in seconds.
`logger.fluentd.num_threads`	Version: 1.0.0 Default value: `2` The number of threads used to flush the buffer. The default is 1.
`logger.image.pullPolicy`	Version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`logger.image.tag`	Version: 1.0.0 Default value: `"1.6.8"` The version label for this service's Docker image.
`logger.image.url`	Version: 1.0.0 Default value: `"google/apigee-stackdriver-logging-agent"` The location of the Docker image for this service.
`logger.livenessProbe.failureThreshold`	Version: 1.0.0 Default value: `3` The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
`logger.livenessProbe.initialDelaySeconds`	Version: 1.0.0 Default value: `0` The number of seconds after a container is started before a liveness probe is initiated.
`logger.livenessProbe.periodSeconds`	Version: 1.0.0 Default value: `60` Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
`logger.livenessProbe.successThreshold`	Version: 1.0.0 Default value: `1` The minimum consecutive successes needed for a liveness probe to be considered successful after a failure. The minimum value is 1.
`logger.livenessProbe.timeoutSeconds`	Version: 1.0.0 Default value: `1` The number of seconds after which a liveness probe times out. The minimum value is 1.
`logger.nodeSelector.key`	Version: 1.0.0 Default value: `"apigee.com/apigee-logger-enabled"` Required Node selector label key used to target dedicated Kubernetes nodes for `logger` runtime services. See Add node selectors.
`logger.nodeSelector.value`	Version: 1.0.0 Default value: `"true"` Required Node selector label value used to target dedicated Kubernetes nodes for `logger` runtime services. See Add node selectors.
`logger.proxyURL`	Version: 1.0.0 Default value: None URL of the customer's proxy server.
`logger.resources.limits.memory`	Version: 1.0.0 Default value: `500Mi` The memory limit for the resource in a Kubernetes container, in mebibytes.
`logger.resources.limits.cpu`	Version: 1.0.0 Default value: `200m` The CPU limit for the resource in a Kubernetes container, in millicores.
`logger.resources.requests.cpu`	Version: 1.0.0 Default value: `100m` The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
`logger.resources.requests.memory`	Version: 1.0.0 Default value: `250Mi` The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
`logger.serviceAccountPath`	Version: 1.0.0 Default value: None One of either serviceAccountPath or serviceAccountSecretRef is required. Path to Google Service Account key file with Logs Writer role.
`logger.serviceAccountSecretRef`	Version: 1.2.0 Default value: None One of either serviceAccountPath or serviceAccountSecretRef is required. The name of a Kubernetes secret. You must create the secret using a Google Service Account key with the Logs Writer role as its input.
`logger.terminationGracePeriodSeconds`	Version: 1.0.0 Default value: `30` The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.

`mart`

Defines the MART (Management API for RunTime data) service, which acts as an API provider for public Apigee APIs so that you can access and manage runtime data entities such as KMS (API Keys and OAuth tokens), KVM, Quota, and API products.

The following table describes the properties of the mart object:

Property	Description
`mart.hostAlias`	Version: 1.0.0 Default value: None The host alias pointing to the MART object. You can set this property to `*` or a fully-qualified domain name.
`mart.image.pullPolicy`	Version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`mart.image.tag`	Version: 1.0.0 Default value: `1.2.0` The version label for this service's Docker image.
`mart.image.url`	Version: 1.0.0 Default value: `"google/apigee-mart-server"` The location of the Docker image for this service. Check the values.yaml file for the specific URL.You can override this.
`mart.initCheckCF.resources.requests.cpu`	Version: 1.0.0 Default value: `10m` The amount of CPU resourced allocated to the initialization check of the Cloud Foundry process.
`mart.livenessProbe.failureThreshold`	Version: 1.0.0 Default value: `12` The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
`mart.livenessProbe.initialDelaySeconds`	Version: 1.0.0 Default value: `15` The number of seconds after a container is started before a liveness probe is initiated.
`mart.livenessProbe.periodSeconds`	Version: 1.0.0 Default value: `5` Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
`mart.livenessProbe.timeoutSeconds`	Version: 1.0.0 Default value: `1` The number of seconds after which a liveness probe times out. The minimum value is 1.
`mart.metricsURL`	Version: 1.0.0 Default value: `"/v1/server/metrics"`
`mart.nodeSelector.key`	Version: 1.0.0 Default value: None Optional node selector label key for targeting Kubernetes nodes for `mart` runtime services. If you do not specify a key for mart.nodeselector, then your runtime uses the node specified in the nodeSelectorobject. See Add node selectors.
`mart.nodeSelector.value`	Version: 1.0.0 Default value: None Optional node selector label value for targeting Kubernetes nodes for `mart` runtime services. See also the nodeSelectorobject. See Add node selectors.
`mart.readinessProbe.failureThreshold`	Version: 1.0.0 Default value: `2` The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready. The minimum value is 1.
`mart.readinessProbe.initialDelaySeconds`	Version: 1.0.0 Default value: `15` The number of seconds after a container is started before a readiness probe is initiated.
`mart.readinessProbe.periodSeconds`	Version: 1.0.0 Default value: `5` Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
`mart.readinessProbe.successThreshold`	Version: 1.0.0 Default value: `1` The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
`mart.readinessProbe.timeoutSeconds`	Version: 1.0.0 Default value: `1` The number of seconds after which a liveness probe times out. The minimum value is 1.
`mart.replicaCountMax`	Version: 1.0.0 Default value: `5` Maximum number of replicas available for autoscaling.
`mart.replicaCountMin`	Version: 1.0.0 Default value: `1` Minimum number of replicas available for autoscaling.
`mart.resources.requests.cpu`	Version: 1.0.0 Default value: `500m` The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
`mart.resources.requests.memory`	Version: 1.0.0 Default value: `512Mi` The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
`mart.serviceAccountPath`	Version: 1.1.1 Default value: None One of either `serviceAccountPath` or `serviceAccountSecretRef` is required. Path to Google Service Account key file with no role.
`mart.serviceAccountSecretRef`	Version: 1.2.0 Default value: None One of either `serviceAccountPath` or `serviceAccountSecretRef` is required. The name of a Kubernetes secret. You must create the secret using a Google Service Account key with no role as its input.
`mart.sslCertPath`	Version: 1.0.0 Default value: None Either `sslCertPath`/`sslKeyPath` or `sslSecret` is required. Local file system path for loading and encoding the SSL cert to a Secret.
`mart.sslKeyPath`	Version: 1.0.0 Default value: None Either `sslCertPath`/`sslKeyPath` or `sslSecret` is required. Local file system path for loading and encoding the SSL key to a Secret.
`mart.sslSecret`	Version: 1.2.0 Default value: None Either `sslCertPath`/`sslKeyPath` or `sslSecret` is required. The name of a file stored in a Kubernetes secret that contains the TLS certificate and private key. You must create the secret using the TLS certificate and key data as its input. See also: Storing data in a Kubernetes secret Secrets in the Kubernetes documentation Creating a Secret Using kubectl in the Kubernetes documentation
`mart.targetCPUUtilizationPercentage`	Version: 1.0.0 Default value: `75` Target CPU utilization for the MART process on the pod. The value of this field enables MART to auto-scale when CPU utilization reaches this value, up to `replicaCountMax`.
`mart.terminationGracePeriodSeconds`	Version: 1.0.0 Default value: `30` The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.

`metrics`

Defines the service that collects operations metrics. You can use metrics data to monitor the health of Hybrid services, to set up alerts, and so on.

For more information, see Metrics collection overview.

The following table describes the properties of the metrics object:

Property	Description
`metrics.enabled`	Version: 1.0.0 Default value: `false` Enables Apigee metrics. Set to `true` to enable metrics. Set to `false` to disable metrics.
`metrics.nodeSelector.key`	Version: 1.0.0 Default value: None Required Node selector label key used to target dedicated Kubernetes nodes for `metrics` runtime services. See Add node selectors.
`metrics.nodeSelector.value`	Version: 1.0.0 Default value: None Required Node selector label value used to target dedicated Kubernetes nodes for `metrics` runtime services. See Add node selectors.
`metrics.prometheus.args.storage_tsdb_retention`	Version: 1.0.0 Default value: `48h` The amount of time Prometheus waits before removing old data from local storage, in hours.
`metrics.prometheus.containerPort`	Version: 1.0.0 Default value: `9090` The port to connect to the Prometheus metrics service.
`metrics.prometheus.image.pullPolicy`	Version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`metrics.prometheus.image.tag`	Version: 1.0.0 Default value: `"v2.9.2"` The version label for this service's Docker image.
`metrics.prometheus.image.url`	Version: 1.0.0 Default value: `"google/apigee-prom-prometheus"` The location of the Docker image for this service.
`metrics.prometheus.livenessProbe.failureThreshold`	Version: 1.0.0 Default value: `6` The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
`metrics.prometheus.livenessProbe.periodSeconds`	Version: 1.0.0 Default value: `5` Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
`metrics.prometheus.livenessProbe.timeoutSeconds`	Version: 1.0.0 Default value: `3` The number of seconds after which a liveness probe times out. The minimum value is 1.
`metrics.prometheus.readinessProbe.failureThreshold`	Version: 1.0.0 Default value: `120` The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready. The minimum value is 1.
`metrics.prometheus.readinessProbe.periodSeconds`	Version: 1.0.0 Default value: `5` Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
`metrics.prometheus.readinessProbe.timeoutSeconds`	Version: 1.0.0 Default value: `3` The number of seconds after which a liveness probe times out. The minimum value is 1.
`prometheus.sslCertPath`	Version: 1.0.0 Default value: None Required Path to the SSL cert for the Prometheus metrics collection process. Prometheus is a tool Apigee can use for collecting and processing metrics. See: metrics For background information, the Prometheus website
`prometheus.sslKeyPath`	Version: 1.0.0 Default value: None Required Path to the SSL Key for the Prometheus metrics collection process. Prometheus is a tool Apigee can use for collecting and processing metrics. See: metrics For background information, the Prometheus website
`metrics.proxyURL`	Version: 1.0.0 Default value: None URL for the metrics process sidecar proxy in the Kubernetes cluster.
`metrics.resources.limits.cpu`	Version: 1.0.0 Default value: `250m` The CPU limit for the resource in a Kubernetes container, in millicores.
`metrics.resources.limits.memory`	Version: 1.0.0 Default value: `256Mi` The memory limit for the resource in a Kubernetes container, in mebibytes.
`metrics.resources.requests.cpu`	Version: 1.0.0 Default value: `250m` The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
`metrics.resources.requests.memory`	Version: 1.0.0 Default value: `256Mi` The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
`metrics.sdSidecar.containerPort`	Version: 1.0.0 Default value: `9091` The port for connecting to the StackDriver metrics service.
`metrics.sdSidecar.image.pullPolicy`	Version: 1.0.0 Default value: `IfNotPresent` Determines when Kubelet pulls this service's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists `Always`: Always pull the policy, even if it already exists For more information, see Updating images.
`metrics.sdSidecar.image.tag`	Version: 1.0.0 Default value: `"release-0.4.0"` The version label for this service's Docker image.
`metrics.sdSidecar.image.url`	Version: 1.0.0 Default value: `"google/apigee-stackdriver-prometheus-sidecar"` The location of the Docker image for this service.
`metrics.serviceAccountPath`	Version: 1.0.0 Default value: None One of either serviceAccountPath or serviceAccountSecretRef is required. Path to Google Service Account key file with Monitoring Metric Writer role.
`metrics.serviceAccountSecretRef`	Version: 1.2.0 Default value: None One of either serviceAccountPath or serviceAccountSecretRef is required. The name of a Kubernetes secret. You must create the secret using a Google Service Account key with the Monitoring Metric Writer role as its input.
`metrics.terminationGracePeriodSeconds`	Version: 1.0.0 Default value: `300` The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.

`nodeSelector`

The nodeSelector object defines the node for your Apigee instance. Behind the scenes when apigeectl runs, it is taking care to map the label key/value for apigeeRuntime and apigeeData to the individual Istio and MART components. You can override this for individual objects in the istio:nodeSelector and mart:nodeSelector properties.

The following table describes the properties of the nodeSelector object:

Property	Description
`nodeSelector.apigeeData.key`	Version: 1.0.0 Default value: "cloud.google.com/gke-nodepool" ApigeeData is the node for the Cassandra database. Node selector label key for targeting Kubernetes nodes for working with Apigee services data. See Add node selectors.
`nodeSelector.apigeeData.value`	Version: 1.0.0 Default value: "apigee-data" apigee-data is the node for the Cassandra database. Node selector label value for targeting Kubernetes nodes for working with Apigee services data. See Add node selectors.
`nodeSelector.apigeeRuntime.key`	Version: 1.0.0 Default value: "cloud.google.com/gke-nodepool" Apigee Runtime is the node for the runtime environment for the project. Node selector label key for targeting Kubernetes nodes for Apigee runtime services. See Add node selectors.
`nodeSelector.apigeeRuntime.value`	Version: 1.0.0 Default value: "apigee-runtime" apigee-runtime is the node for the runtime environment for the project. Node selector label value for targeting Kubernetes nodes for Apigee runtime services. See Add node selectors.
`nodeSelector.requiredForScheduling`	Version: 1.0.0 Default value: false The `requiredForScheduling` property defaults to false. If this value is overridden to true, it means that if Kubernetes cannot find nodes with the label key/value that is configured then the underlying Pods will not get scheduled on VM worker nodes. For production, `nodeSelector.requiredForScheduling` should be set to true. See Add node selectors.

`runtime`

The following table describes the properties of the runtime object:

Property	Description
`runtime.image.pullPolicy`	Version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`runtime.image.tag`	Version: 1.0.0 Default value: `1.2.0` The version label for this service's Docker image.
`runtime.image.url`	Version: 1.0.0 Default value: URL to your installation's image resource, like: `"google/apigee-runtime"` The location of the Docker image for this service.
`runtime.livenessProbe.failureThreshold`	Version: 1.0.0 Default value: `2` The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
`runtime.livenessProbe.initialDelaySeconds`	Version: 1.0.0 Default value: `60` The number of seconds after a container is started before a liveness probe is initiated.
`runtime.livenessProbe.periodSeconds`	Version: 1.0.0 Default value: `5` Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
`runtime.livenessProbe.timeoutSeconds`	Version: 1.0.0 Default value: `1` The number of seconds after which a liveness probe times out. The minimum value is 1.
`runtime.nodeSelector.key`	Version: 1.0.0 Default value: None Optional Node selector label key for targeting Kubernetes nodes for `runtime` services. See nodeSelector property.
`runtime.nodeSelector.value`	Version: 1.0.0 Default value: None Node selector label value for targeting Kubernetes nodes for `runtime` services. See Add node selectors.
`runtime.readinessProbe.failureThreshold`	Version: 1.0.0 Default value: `2` The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready. The minimum value is 1.
`runtime.readinessProbe.initialDelaySeconds`	Version: 1.0.0 Default value: `60` The number of seconds after a container is started before a readiness probe is initiated.
`runtime.readinessProbe.periodSeconds`	Version: 1.0.0 Default value: `5` Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
`runtime.readinessProbe.successThreshold`	Version: 1.0.0 Default value: `1` The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
`runtime.readinessProbe.timeoutSeconds`	Version: 1.0.0 Default value: `1` The number of seconds after which a liveness probe times out. The minimum value is 1.
`runtime.replicaCountMax`	Version: 1.0.0 Default value: `4` Maximum number of replicas available for autoscaling.
`runtime.replicaCountMin`	Version: 1.0.0 Default value: `1` Minimum number of replicas available for autoscaling.
`runtime.resources.requests.cpu`	Version: 1.0.0 Default value: `500m` The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
`runtime.resources.requests.memory`	Version: 1.0.0 Default value: `512Mi` (see note below) The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes (`Mi`) or Gibibytes (`Gi`). Note: Reset the value of `runtime.resources.requests.memory` to at least `1Gi` in your overrides.yaml. The default of `512Mi` is enough for initial operation and configuration, but should be raised for production.
`runtime.service.type`	Version: 1.0.0 Default value: `ClusterIP` The type of service. You can set this to a service other than ClusterIP; for example, `LoadBalancer`.
`runtime.targetCPUUtilizationPercentage`	Version: 1.0.0 Default value: `75` Target CPU utilization for the runtime process on the pod. The value of this field enables the runtime to auto-scale when CPU utilization reaches this value, up to `replicaCountMax`.
`runtime.terminationGracePeriodSeconds`	Version: 1.0.0 Default value: `180` The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.

`synchronizer`

Ensures that the Message Processors are kept up to date with the latest deployed API proxy bundles. To do this, the Synchronizer polls the management plane; when a new contract is detected, the Synchronizer sends it to the runtime plane.

For more information, see Synchronizer.

The following table describes the properties of the synchronizer object:

Property	Description
`synchronizer.image.pullPolicy`	Version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`synchronizer.image.tag`	Version: 1.0.0 Default value: `1.2.0` The version label for this service's Docker image.
`synchronizer.image.url`	Version: 1.0.0 Default value: `"google/apigee-synchronizer"` The location of the Docker image for this service.
`synchronizer.livenessProbe.failureThreshold`	Version: 1.0.0 Default value: `2` The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
`synchronizer.livenessProbe.initialDelaySeconds`	Version: 1.0.0 Default value: `0` The number of seconds after a container is started before a liveness probe is initiated.
`synchronizer.livenessProbe.periodSeconds`	Version: 1.0.0 Default value: `5` Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
`synchronizer.livenessProbe.timeoutSeconds`	Version: 1.0.0 Default value: `1` The number of seconds after which a liveness probe times out. The minimum value is 1.
`synchronizer.nodeSelector.key`	Version: 1.0.0 Default value: None Required Optional node selector label key for targeting Kubernetes nodes for `synchronizer` runtime services. See nodeSelector.
`synchronizer.nodeSelector.value`	Version: 1.0.0 Default value: None Optional node selector label value used for targeting Kubernetes nodes for `synchronizer` runtime services. See nodeSelector.
`synchronizer.pollInterval`	Version: 1.0.0 Default value: `60` The length of time that Synchronizer waits between polling operations. Synchronizer polls Apigee control plane services to detect and pull new runtime contracts.
`synchronizer.readinessProbe.failureThreshold`	Version: 1.0.0 Default value: `2` The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready. The minimum value is 1.
`synchronizer.readinessProbe.initialDelaySeconds`	Version: 1.0.0 Default value: `0` The number of seconds after a container is started before a readiness probe is initiated.
`synchronizer.readinessProbe.periodSeconds`	Version: 1.0.0 Default value: `5` Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
`synchronizer.readinessProbe.successThreshold`	Version: 1.0.0 Default value: `1` The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
`synchronizer.readinessProbe.timeoutSeconds`	Version: 1.0.0 Default value: `1` The number of seconds after which a liveness probe times out. The minimum value is 1.
`synchronizer.replicaCount`	Version: 1.0.0 Default value: `2` Number of replicas for autoscaling.
`synchronizer.replicaCountMax`	Version: 1.2.0 Default value: `4` Maximum number of replicas for autoscaling.
`synchronizer.replicaCountMin`	Version: 1.2.0 Default value: `1` Minimum number of replicas for autoscaling.
`synchronizer.resources.requests.cpu`	Version: 1.0.0 Default value: `100m` The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
`synchronizer.resources.requests.memory`	Version: 1.0.0 Default value: `1Gi` The memory needed for normal operation of the resource in a Kubernetes container, in gigabytes.
`synchronizer.serviceAccountPath`	Version: 1.0.0 Default value: None One of either serviceAccountPath or serviceAccountSecretRef is required. Path to Google Service Account key file with Apigee Synchronizer Manager role.
`synchronizer.serviceAccountSecretRef`	Version: 1.2.0 Default value: None One of either serviceAccountPath or serviceAccountSecretRef is required. The name of a Kubernetes secret. You must create the secret using a Google Service Account key with the Apigee Synchronizer Manager role as its input.
`synchronizer.targetCPUUtilizationPercentage`	Version: 1.0.0 Default value: `75` Target CPU utilization for the Synchronizer process on the pod. The value of this field enables Synchronizer to auto-scale when CPU utilization reaches this value, up to `replicaCountMax`.
`synchronizer.terminationGracePeriodSeconds`	Version: 1.0.0 Default value: `30` The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.

`udca`

(Universal Data Collection Agent) Defines the service that runs within the data collection pod in the runtime plane. This service extracts analytics and deployment status data and sends it to the Unified Analytics Platform (UAP).

For more information, see Analytics and deployment status data collection.

The following table describes the properties of the udca object:

Property	Description
`udca.fluentd.image.pullPolicy`	Version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`udca.fluentd.image.tag`	Version: 1.0.0 Default value: `1.2.0` The version label for this service's Docker image.
`udca.fluentd.image.url`	Version: 1.0.0 Default value: `"google/apigee-stackdriver-logging-agent"` The location of the Docker image for this service.
`udca.fluentd.resource.limits.memory`	Version: 1.0.0 Default value: `500Mi` The memory limit for the resource in a Kubernetes container, in mebibytes.
`udca.fluentd.resource.requests.cpu`	Version: 1.0.0 Default value: `500m` The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
`udca.fluentd.resource.requests.memory`	Version: 1.0.0 Default value: `250Mi` The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
`udca.image.pullPolicy`	Version: 1.0.0 Default value: IfNotPresent Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`udca.image.tag`	Version: 1.0.0 Default value: `"1.2.0"` The version label for this service's Docker image.
`udca.image.url`	Version: 1.0.0 Default value: `"google/apigee-udca"` The location of the Docker image for this service.
`udca.jvmXms`	Version: 1.0.0 Default value: `256m` The starting amount of memory for the data collection pod's JVM.
`udca.jvmXmx`	Version: 1.0.0 Default value: `256m` The maximum allocation of memory for the data collection pod's JVM.
`udca.livenessProbe.failureThreshold`	Version: 1.0.0 Default value: `2` The number of times Kubernetes will verify that liveness probes have failed before restarting the container. The minimum value is 1.
`udca.livenessProbe.initialDelaySeconds`	Version: 1.0.0 Default value: `0` The number of seconds after a container is started before a liveness probe is initiated.
`udca.livenessProbe.periodSeconds`	Version: 1.0.0 Default value: `5` Determines how often to perform a liveness probe, in seconds. The minimum value is 1.
`udca.livenessProbe.timeoutSeconds`	Version: 1.0.0 Default value: `1` The number of seconds after which a liveness probe times out. The minimum value is 1.
`udca.nodeSelector.key`	Version: 1.0.0 Default value: None Required Node selector label key used to target dedicated Kubernetes nodes for `udca` runtime services. See Add node selectors.
`udca.nodeSelector.value`	Version: 1.0.0 Default value: None Required Node selector label value used to target dedicated Kubernetes nodes for `udca` runtime services. See Add node selectors.
`udca.pollingIntervalInSec`	Version: 1.0.0 Default value: `1` The length of time, in seconds, that UDCA waits between polling operations. UDCA polls the data directory on the data collection pod's file system to detect new files to be uploaded.
`udca.replicaCountMax`	Version: 1.0.0 Default value: `4` The maximum number of pods that hybrid can automatically add for the UDCA deployment. Because UDCA is implemented as a ReplicaSet, the pods are replicas.
`udca.replicaCountMin`	Version: 1.0.0 Default value: `1` The minimum number of pods for the UDCA deployment. Because UDCA is implemented as a ReplicaSet, the pods are replicas. If the CPU usage goes above udca.targetCPUUtilizationPercentage, then hybrid will gradually increase the number of pods, up to `udca.replicaCountMax`.
`udca.resource.requests.cpu`	Version: 1.0.0 Default value: `250m` The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
`udca.revision`	Version: 1 Default value: `"v1"` A static value that is populated in a label to enable canary deployments.
`udca.serviceAccountPath`	Version: 1.0.0 Default value: None One of either serviceAccountPath or serviceAccountSecretRef is required. Path to Google Service Account key file with Apigee Analytics Agent role.
`udca.serviceAccountSecretRef`	Version: 1.2.0 Default value: None One of either serviceAccountPath or serviceAccountSecretRef is required. The name of a Kubernetes secret. You must create the secret using a Google Service Account key with the Apigee Analytics Agent role as its input.
`udca.targetCPUUtilizationPercentage`	Version: 1.0.0 Default value: `75` The threshold of CPU usage for scaling the number of pods in the ReplicaSet, as a percentage of total available CPU resources. Hybrid uses the combined utilization of all containers in the data collection pod (both fluentd and UDCA) to calculate the current utilization. When CPU usage goes above this value, then hybrid will gradually increase the number of pods in the ReplicaSet, up to `udca.replicaCountMax`.
`udca.terminationGracePeriodSeconds`	Version: 1.0.0 Default value: `600` The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.

`virtualhosts`

The virtualhosts property is a required configuration property. Virtual hosts allow Apigee hybrid to handle API requests to multiple domain names and route proxy basepaths to specific environments.

For more information, see Configure virtual hosts.

The following table describes the properties of the virtualhosts object:

Property	Description
`virtualhosts[].additionalGateways`	Version: 1.2.0 Default value: None A list of Istio Gateways to route traffic to.
`virtualhosts[].name`	Version: 1.2.0 Default value: None Required The name of the virtualhost.
`virtualhosts[].hostAliases[]`	Version: 1.2.0 Default value: None Required One or more DNS names for your server. For example, `foo-test.mydomain.com`. If you employ multiple host aliases in a virtual host, each host alias must be unique. For example, `foo-test.mydomain.com` and `foo-prod.mydomain.com`. If you create multiple virtual host definitions, you must have unique host aliases in each one. In other words, two virtual host definitions cannot include the same host alias domain name. Note: You can use a subdomain wildcard in the host alias. For example: `.mydomain.com`. However, the single wildcard character configuration `hostAliases['']` is not supported.
`virtualhosts[].routingRules[].connectTimeout`	Version: 1.2.0 Default value: `300`. Connection timeout, in seconds, for the set of defined paths. `connectTimeout` is optional.
`virtualhosts[].routingRules[].env`	Version: 1.2.0 Default value: None. Required The environment (or environments) to which API calls will be routed. You must specify at least one environment. If you include `paths` entries, the `env` entry must be below the paths that are mapped to this environment. See also Configure virtual hosts.
`virtualhosts[].routingRules[].paths[]`	Version: 1.2.0 Default value: The default path is `/`. Supports prefix base path routing. Routing rules direct API calls to specific paths to resolve to the environment specified with `env`. `paths[]` is optional. The default path is /. The routing rules configuration follows this pattern: org: hybrid virtualhosts: - name: default routingRules: - paths: - path-1 - path-2 - path-n env: test - paths: - /v1/customers env: prod See also Configure virtual hosts.
`virtualhosts[].selector`	Version: 1.2.0 Default value: `app: istio-ingressgateway` Required A key-value selector-value pair for pointing to different ingress selectors.
`virtualhosts[].sslCertPath`	Version: 1.2.0 Default value: None Either `sslCertPath`/`sslKeyPath` or `sslSecret` is required. The path on your system to a TLS certificate file. Note: For each configured environment, the Common Name (CN) in the cert must match the domain in the `hostAliases[]` property. For example, if the CN is `*.example.com`, the `hostAliases[]` could be `foo.example.com` or `bar.example.com`.
`virtualhosts[].sslKeyPath`	Version: 1.2.0 Default value: None Either `sslCertPath`/`sslKeyPath` or `sslSecret` is required. The path on your system to the TLS private key file.
`virtualhosts[].sslSecret`	Version: 1.2.0 Default value: None Either `sslCertPath`/`sslKeyPath` or `sslSecret` is required. The name of a file stored in a Kubernetes secret that contains the TLS certificate and private key. You must create the secret using the TLS certificate and key data as its input. See also: Storing data in a Kubernetes secret Secrets in the Kubernetes documentation Creating a Secret Using kubectl in the Kubernetes documentation

Configuration property reference

About configuration properties

Top-level properties

ao

authz

busyBoxInit (Deprecated)

cassandra

certmanager

certmanagercainjector

certmanagerwebhook

connectAgent

defaults

envs

gcp

httpProxy

ingress

istio

k8sCluster

kubeRBACProxy

logger

mart

metrics

nodeSelector

runtime

synchronizer

udca

virtualhosts

`ao`

`authz`

`busyBoxInit` (Deprecated)

`cassandra`

`certmanager`

`certmanagercainjector`

`certmanagerwebhook`

`connectAgent`

`defaults`

`envs`

`gcp`

`httpProxy`

`ingress`

`istio`

`k8sCluster`

`kubeRBACProxy`

`logger`

`mart`

`metrics`

`nodeSelector`

`runtime`

`synchronizer`

`udca`

`virtualhosts`