Each supported platform has its own permission requirements for creating a cluster. As cluster
owner, you can proceed to install the Apigee-specific components (including cert-manager and the
Apigee runtime) into the cluster. However, if you want to delegate to another user the
installation of the runtime components into the cluster, you can manage the necessary permissions
through Kubernetes
authn-authz.
To install the hybrid runtime components into the cluster, a non-cluster-owner user should
have CRUD permission on these resources:
ClusterRole
Webhooks (ValidatingWebhookConfiguration and MutatingWebhookConfiguration)
PriorityClass
ClusterIssuer
CustomerResourceDefinitions
StorageClass (Optional, if the default StorageClass is not used. For information on
changing the default and creating a custom storage class, see StorageClass configuration.)
IAM Roles
IAM Roles
You need to have the following IAM roles assigned to your user account in order to perform
these steps. If your account does not have these roles, have a user with the roles perform the
steps. For more information on IAM roles, see
IAM basic and predefined roles reference.
To create service accounts and grant them access to your project:
Create Service Accounts (roles/iam.serviceAccountCreator)
Project IAM Admin (roles/resourcemanager.projectIamAdmin)
To grant synchronizer access to your project.
Apigee Organization Admin (roles/apigee.admin)
Prerequisites
This section describes tasks you must accomplish before you begin the runtime plane quickstart
install.
Complete the following tasks to ensure that you can successfully begin the runtime installation (as described in
this section):
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-10 UTC."],[[["Version 1.8 of the Apigee hybrid documentation is end-of-life, and users are advised to upgrade to a newer version for continued support and functionality."],["Clusters must meet minimum configuration requirements, which are detailed in the \"Minimum cluster configurations\" section."],["Installing the hybrid runtime components requires a user with CRUD permissions on specific resources like ClusterRole, Webhooks, PriorityClass, ClusterIssuer, CustomerResourceDefinitions, and StorageClass."],["Specific IAM roles, such as Create Service Accounts, Project IAM Admin, and Apigee Organization Admin, are necessary for performing project setup and granting access to the project."],["Before starting the runtime installation, users need to complete organization and environment setup and have a domain name for their Apigee hybrid installation."]]],[]]
