Configuration property reference

This section lists all of the configuration properties that you can use to customize the runtime plane of your Apigee hybrid deployment.

About configuration properties

You can override many configuration properties, if needed, by adding them to HYBRID_ROOT_DIR/overrides.yaml.

For example, to change the replica count minimum and maximum for the MART service, you could add this stanza to overrides.yaml:

mart:
    replicaCountMin: 3
    replicaCountMax: 6

You can also find these config properties and their default settings in HYBRID_ROOT_INSTALL/1.0.0/values.yaml

For more information, see Manage runtime plane components.

Additionally, if you are configuring an Anthos-based deployment see Step 6: Configure the cluster for information on setting these properties for Anthos.

Filter this page

To filter the properties displayed on this page, select Basic (most common properties) or Advanced (properties that rarely need changing):

^{filter_list_alt} Display

configuration properties on this page.

Top-level properties

The following table describes the top-level properties in the overrides.yaml file. These are properties that do not belong to another object, and apply at the org or environment level:

Property	Type	Description
`axHashSalt`	Advanced	Introduced in version: 1.3.0 Default value: Your organization name Optional The name of a Kubernetes secret that contains a salt used when computing hashes to obfuscate user data before it is sent to Apigee analytics. If you do not specify a salt value, `iloveapis123` is used by default. Create the secret with the salt value as its input. You can use the same salt across multiple clusters to ensure consistent hashing results between the clusters. Apigee uses SHA512 to hash the original value before sending data from the runtime plane to the control plane. See: Obfuscate user data for analytics.
`contractProvider`	Advanced	Introduced in version: 1.0.0 Default value: `https://apigee.googleapis.com` Defines the API path for all APIs in your installation.
`gcpProjectID`	Advanced	`Deprecated:` For v1.2.0 and later, use `gcp.projectID` instead. Introduced in version: 1.0.0 Default value: none Required ID of your Google Cloud project. Works with `k8sClusterName` (deprecated) and `gcpRegion` (deprecated) to identify the project and determine where the `apigee-logger` and the `apigee-metrics` push their data.
`gcpRegion`	Advanced	`Deprecated:` For v1.2.0 and later, use `gcp.region` instead. Introduced in version: 1.0.0 Default value: `us-central1` Required The closet Google Cloud region or zone of your Kubernetes cluster. Works with `gcpProjectID` (deprecated) and `k8sClusterName` (deprecated) to identify the project and determine where the `apigee-logger` and the `apigee-metrics` push their data.
`imagePullSecrets.name`	Advanced	Introduced in version: 1.0.0 Default value: None Kubernetes secret name configured as docker-registry type; used to pull images from private repo.
`instanceID`	Basic	Introduced in version: 1.3.0 Default value: None Required A unique identifier for this installation. A unique string to identify this instance. This can be any combination of letters and numbers up to 63 characters in length. You can create multiple organizations in the same cluster, but the `instanceID` must be the same for all orgs in the same Kubernetes cluster. For multi-region installations, each region requires its own cluster (individual clusters do not span regions).
`k8sClusterName`	Advanced	`Deprecated:` For v1.2.0 and later, use `k8sCluster.name` and `k8sCluster.region` instead. Introduced in version: 1.0.0 Default value: None Name of the Kubernetes (K8S) procluster where your hybrid project is running. Works with `gcpProjectID` (deprecated) and `gcpRegion` (deprecated) to identify the project and determine where the `apigee-logger` and the `apigee-metrics` push their data.
`kmsEncryptionKey`	Advanced	Introduced in version: 1.0.0 Default value: `defaults.org.kmsEncryptionKey` Optional. Use only one of kmsEncryptionKey or kmsEncryptionPath or kmsEncryptionSecret. Local file system path for the Apigee KMS data's encryption key.
`kmsEncryptionPath`	Advanced	Introduced in version: 1.2.0 Default value: None Optional. Use only one of kmsEncryptionKey or kmsEncryptionPath or kmsEncryptionSecret. The path to a file containing a base64-encoded encryption key. See Data encryption.
`kmsEncryptionSecret.key`	Advanced	Introduced in version: 1.2.0 Default value: None Optional. Use only one of kmsEncryptionKey or kmsEncryptionPath or kmsEncryptionSecret. The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.
`kmsEncryptionSecret.name`	Advanced	Introduced in version: 1.2.0 Default value: None Optional. Use only one of kmsEncryptionKey or kmsEncryptionPath or kmsEncryptionSecret. The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.
`kvmEncryptionKey`	Advanced	Introduced in version: 1.0.0 Default value: `defaults.org.kmsEncryptionKey` Optional. Use only one of kvmEncryptionKey or kvmEncryptionPath or kvmEncryptionSecret. Local file system path for the Apigee KVM data's encryption key.
`kvmEncryptionPath`	Advanced	Introduced in version: 1.2.0 Default value: None Optional. Use only one of kvmEncryptionKey or kvmEncryptionPath or kvmEncryptionSecret. The path to a file containing a base64-encoded encryption key. See Data encryption.
`kvmEncryptionSecret.key`	Advanced	Introduced in version: 1.2.0 Default value: None Optional. Use only one of kvmEncryptionKey or kvmEncryptionPath or kvmEncryptionSecret. The key of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.
`kvmEncryptionSecret.name`	Advanced	Introduced in version: 1.2.0 Default value: None Optional. Use only one of kvmEncryptionKey or kvmEncryptionPath or kvmEncryptionSecret. The name of a Kubernetes secret containing a base64-encoded encryption key. See Data encryption.
`multiOrgCluster`	Advanced	Introduced in version: 1.10.0 Default value: `false` For multi-org clusters, this property enables the organization's metrics to be exported to the project listed in the `gcp.projectID` property. Apply this setting in the overrides file for each organization in a multi-org cluster. For more information, see Adding multiple hybrid orgs to a cluster.
`namespace`	Basic	Introduced in version: 1.0.0 Default value: `apigee` The namespace of your Kubernetes cluster where the Apigee components will be installed.
`org`	Basic	Introduced in version: 1.0.0 Default value: None Required The hybrid-enabled organization that was provisioned for you by Apigee during the hybrid installation. An organization is the top-level container in Apigee. It contains all your API proxies and related resources. If the value is empty, you must update it with your org name once you have created it.
`orgScopedUDCA`	Advanced	Introduced in version: 1.8.0 Default value: `true` Enables the Universal Data Collection Agent service (UDCA) at the org level, that extracts analytics, monetization and debug (trace) and sends it to the Unified Analytics Platform (UAP) which resides in the Control Plane. The Org-scoped UDCA uses a single service account for all the Apigee Environments. The service account needs to be set through `udca:serviceAccountPath` property in the `overrides.yaml` configuration (the property should set the path to Google Service Account key file with `Apigee Analytics Agent` role). If you prefer to use a separate UDCA agent for each environment, set `orgScopedUDCA: false` and set the values for `envs[].serviceAccountPaths.udca` and `envs[].serviceAccountSecretRefs.udca`. See also: udca.
`revision`	Advanced	Introduced in version: 1.0.0 Default value: `"1105"` (Your Apigee hybrid version without periods. For example for version 1.10.0, the default value is `"1100"`.) Apigee hybrid supports rolling Kubernetes updates, which allow deployment updates to take place with zero downtime by incrementally updating Pod instances with new ones. When updating certain YAML overrides that result in underlying Kubernetes `PodTemplateSpec` change, the `revision` override property must also be changed in the customer's `override.yaml`. This is required for the underlying Kubernetes ApigeeDeployment (AD) controller to conduct a safe rolling update of from the previous version to the new version. You can use any lowercase text value, eg: `blue`, `a`, `1.0.0` Note: `revision` can accept only lowercase alpha characters, numbers, and punctuation. When the `revision` property is changed and applied, a rolling update will occur for all components Changes to properties of the following objects require an update to `revision`: nodeSelector envs imagePullSecrets gcpProjectID k8sClusterName contractProvider org For more information, see Rolling updates.
`validateOrg`	Advanced	Introduced in version: 1.8.0 Default value: `true` Enables strict validation of the link between the Apigee Org and Google Cloud project and checks for the existence of environment groups. See also `org`
`validateServiceAccounts`	Advanced	Introduced in version: 1.0.0 Default value: `true` Enables strict validation of service account permissions. This uses Cloud Resource Manager API method `testIamPermissions` to verify that the provided service account has the required permissions. In the case of service accounts for an Apigee Org, the project ID check is the one mapped to the Organization. For Metrics and Logger, the project checked is based on the `gcpProjectID` `overrides.yaml` configuration. See also `gcpProjectID`

`ao`

Apigee Operators (AO) creates and updates low level Kubernetes and Istio resources that are required to deploy and maintain a component. For example, the controller carries out the release of message processors.

The following table describes the properties of the apigee-operators ao object:

Property	Type	Description
`ao.args.disableIstioConfigInAPIServer`	Advanced	Introduced in version: 1.8.0 Default value: `true` Stops Apigee from supplying configuration to customer-installed ASM. Set to `true` for hybrid installations using Apigee ingress gateway. Set to `false` for hybrid installations using Anthos Service Mesh (Apigee hybrid versions 1.8 and earlier).
`ao.args.disableManagedClusterRoles`	Advanced	Introduced in version: 1.10.0 Default value: `true` When `true` (the default), Apigee hybrid does not manage Kubernetes `ClusterRole` and `ClursterRoleBinding` directly. If you have a process that requires managing these resources, the process must be performed by a user with the correct permissions to do so.
`ao.image.pullPolicy`	Advanced	Introduced in version: 1.2.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`ao.image.tag`	Advanced	Introduced in version: 1.2.0 Default value: `1.10.5` The version label for this service's Docker image.
`ao.image.url`	Advanced	Introduced in version: 1.2.0 Default value: `gcr.io/apigee-release/hybrid/apigee-operators` The location of the Docker image for this service.
`ao.installer.pullPolicy`	Advanced	Introduced in version: 1.3.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`ao.installer.tag`	Advanced	Introduced in version: 1.3.0 Default value: `1.10.5` The version label for this service's Docker image.
`ao.installer.url`	Advanced	Introduced in version: 1.3.0 Default value: `gcr.io/apigee-release/hybrid/apigee-installer` The location of the Docker image for this service.
`ao.resources.limits.cpu`	Advanced	Introduced in version: 1.2.0 Default value: `250m` The CPU limit for the resource in a Kubernetes container, in millicores.
`ao.resources.limits.memory`	Advanced	Introduced in version: 1.2.0 Default value: `256Mi` The memory limit for the resource in a Kubernetes container, in mebibytes.
`ao.resources.requests.cpu`	Advanced	Introduced in version: 1.2.0 Default value: `250m` The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
`ao.resources.requests.memory`	Advanced	Introduced in version: 1.2.0 Default value: `256Mi` The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
`ao[].tolerations.effect`	Advanced	Introduced in version: 1.10.1 Default value: None Required to use the Taints and Tolerations feature of Kubernetes. `effect` specifies the effect that matching a toleration with a taint will have. Values for `effect` can be: `NoExecute` `NoSchedule` `PreferNoSchedule` See Taints and Tolerations: Concepts for details.
`ao[].tolerations.key`	Advanced	Introduced in version: 1.10.1 Default value: None Required to use the Taints and Tolerations feature of Kubernetes. `key` identifies pods to which the toleration can be applied. See Taints and Tolerations: Concepts for details.
`ao[].tolerations.operator`	Advanced	Introduced in version: 1.10.1 Default value: `"Equal"` Required to use the Taints and Tolerations feature of Kubernetes. `operator` specifies the operation used to trigger the `effect`. Values for `operator` can be: `Equal` matches the value set in `value`. `Exists` ignores the value set in `value`. See Taints and Tolerations: Concepts for details.
`ao[].tolerations.tolerationSeconds`	Advanced	Introduced in version: 1.10.1 Default value: None Used by the Taints and Tolerations feature of Kubernetes. `tolerationSeconds` defines in seconds how long a pod stays bound to a failing or unresponsive node. See Taints and Tolerations: Concepts for details.
`ao[].tolerations.value`	Advanced	Introduced in version: 1.10.1 Default value: None Used by the Taints and Tolerations feature of Kubernetes. `value` is the value that triggers the `effect` when `operator` is set to `Equal`. See Taints and Tolerations: Concepts for details.

`cassandra`

Defines the hybrid service that manages the runtime data repository. This repository stores application configurations, distributed quota counters, API keys, and OAuth tokens for applications running on the gateway.

For more information, see StorageClass configuration.

The following table describes the properties of the cassandra object:

Property	Type	Description
`cassandra.annotations`	Advanced	Introduced in version: 1.5.0 Default value: None Optional key/value map used to annotate pods. For more information, see Custom annotations.
`cassandra.auth.admin.password`	Basic	Introduced in version: 1.0.0 Default value: `iloveapis123` Required Password for the Cassandra administrator. The admin user is used for any administrative activities performed on the Cassandra cluster.
`cassandra.auth.ddl.password`	Basic	Introduced in version: 1.0.0 Default value: `iloveapis123` Required Password for the Cassandra Data Definition Language (DDL) user. Used by MART for any of the data definition tasks like keyspace creation, update, and deletion.
`cassandra.auth.default.password`	Basic	Introduced in version: 1.0.0 Default value: `iloveapis123` Required The password for the default Cassandra user created when Authentication is enabled. This password must be reset when configuring Cassandra authentication. See Configuring TLS for Cassandra.
`cassandra.auth.dml.password`	Basic	Introduced in version: 1.0.0 Default value: `iloveapis123` Required Password for the Cassandra Data Manipulation Language (DML) user. The DML user is used by the client communication to read and write data to Cassandra.
`cassandra.auth.image.pullPolicy`	Advanced	Introduced in version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`cassandra.auth.image.tag`	Advanced	Introduced in version: 1.0.0 Default value: `1.10.5` The version label for this service's Docker image.
`cassandra.auth.image.url`	Advanced	Introduced in version: 1.0.0 Default value: `gcr.io/apigee-release/hybrid/apigee-hybrid-cassandra-client` The location of the Docker image for this service.
`cassandra.auth.jmx.password`	Basic	Introduced in version: 1.4.0 Default value: `iloveapis123` Required Password for the Cassandra JMX operations user. Used to authenticate and communicate with the Cassandra JMX interface.
`cassandra.auth.jmx.username`	Basic	Introduced in version: 1.4.0 Default value: `jmxuser` Required Username for the Cassandra JMX operations user. Used to authenticate and communicate with the Cassandra JMX interface.
`cassandra.auth.jolokia.password`	Basic	Introduced in version: 1.4.0 Default value: `iloveapis123` Required Password for the Cassandra Jolokia JMX operations user. Used to authenticate and communicate with the Cassandra JMX API.
`cassandra.auth.jolokia.username`	Basic	Introduced in version: 1.4.0 Default value: `apigee` Required Username for the Cassandra Jolokia JMX operations user. Used to authenticate and communicate with the Cassandra JMX API.
`cassandra.auth.secret`	Basic	Introduced in version: 1.3.3 Default value: None The name of the file stored in a Kubernetes secret that contains the Cassandra users and passwords. You can create the secret using following the following instructions: Create the Secret. See also: Storing data in a Kubernetes secret Secrets in the Kubernetes documentation Creating a Secret Using kubectl in the Kubernetes documentation
`cassandra.backup.cloudProvider`	Advanced	Introduced in version: 1.0.0 Default value: `GCP` Required if backup is enabled. Cloud provider for backup storage. You can set the value to either `GCP` or `HYBRID`. Set the value to `GCP` if you want to store the backup on Google Cloud Storage, and `HYBRID` if you want to store the backup on a remote server. For information on CSI backup and restore for cloud platforms such as Google Cloud, AWS, and Azure, see CSI backup and restore.
`cassandra.backup.dbStorageBucket`	Advanced	Introduced in version: 1.0.0 Default value: None Required if backup is enabled. Cloud storage bucket for the backup data. The Cloud Storage bucket path should be in the format gs://BUCKET_NAME. The gs:// is required in the cassandra.backup.dbStorageBucket bucket name.
`cassandra.backup.enabled`	Advanced	Introduced in version: 1.0.0 Default value: `false` Data backup is not enabled by default. To enable, set to `true`. See Cassandra backup and recovery.
`cassandra.backup.image.pullPolicy`	Advanced	Introduced in version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`cassandra.backup.image.tag`	Advanced	Introduced in version: 1.0.0 Default value: `1.10.5` The version label for this service's Docker image.
`cassandra.backup.image.url`	Advanced	Introduced in version: 1.0.0 Default value: `gcr.io/apigee-release/hybrid/apigee-cassandra-backup-utility` The location of the Docker image for this service.
`cassandra.backup.schedule`	Advanced	Introduced in version: 1.0.0 Default value: `0 2 * * *` The schedule for the cron job. See Cassandra backup and recovery.
`cassandra.backup.serviceAccountPath`	Advanced	Introduced in version: 1.0.0 Default value: None One of either `backup.serviceAccountPath` or `backup.serviceAccountRef` is required if backup is enabled. Path to Google Service Account key file with Storage Object Admin role.
`cassandra.backup.serviceAccountRef`	Advanced	Introduced in version: 1.2.0 Default value: None One of either `backup.serviceAccountPath` or `backup.serviceAccountRef` is required if backup is enabled.
`cassandra.clusterName`	Basic	Introduced in version: 1.0.0 Default value: `apigeecluster` Specifies the name of the Cassandra cluster. Note: For multi-region installs the value of `clusterName` needs to match for all regions.
`cassandra.datacenter`	Basic	Introduced in version: 1.0.0 Default value: `dc-1` Specifies the datacenter of the Cassandra node.
`cassandra.dnsPolicy`	Basic	Introduced in version: 1.1.1 Default value: None Note: In Apigee hybrid v1.3, this property is no longer supported. When you set `hostNetwork` to true, the DNS policy is set to `ClusterFirstWithHostNet` for you.
`cassandra.externalSeedHost`	Basic	Introduced in version: 1.0.0 Default value: None Hostname or IP of a Cassandra cluster node. If not set, the Kubernetes local service is used.
`cassandra.heapNewSize`	Basic	Introduced in version: 1.0.0 Default value: `100M` The amount of JVM system memory allocated to newer objects, in megabytes.
`cassandra.hostNetwork`	Basic	Introduced in version: 1.1.1 Default value: `false` Enables the Kubernetes `hostNetwork` feature. Apigee uses this feature in multi-region installations to communicate between pods if the pod network namespace does not have connectivity between clusters (the clusters are running in "island network mode"), which is the default case in non-GKE installations, including GKE on-prem, GKE on AWS, Anthos on bare metal, AKS, EKS, and OpenShift. Set `cassandra.hostNetwork` to `false` for single region installations and multi-region installations with connectivity between pods in different clusters, for example GKE installations. Set `cassandra.hostNetwork` to `true` for multi-region installations with no communication between between pods in different clusters, for example GKE On-prem, GKE on AWS, Anthos on bare metal, AKS, EKS, and OpenShift installations. See Multi-region deployment: Prerequisites. When `true`, DNS policy is automatically set to `ClusterFirstWithHostNet`.
`cassandra.image.pullPolicy`	Advanced	Introduced in version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`cassandra.image.tag`	Advanced	Introduced in version: 1.0.0 Default value: `1.10.5` The version label for this service's Docker image.
`cassandra.image.url`	Advanced	Introduced in version: 1.0.0 Default value: `gcr.io/apigee-release/hybrid/apigee-hybrid-cassandra` The location of the Docker image for this service.
`cassandra.maxHeapSize`	Advanced	Introduced in version: 1.0.0 Default value: `512M` The upper limit of JVM system memory available for Cassandra operations, in megabytes.
`cassandra.multiRegionSeedHost`	Basic	Introduced in version: 1.0.0 Default value: None IP address of an existing Cassandra cluster used to expand the existing cluster to a new region. See Configure the multi-region seed host.
`cassandra.nodeSelector.key`	Advanced	Introduced in version: 1.0.0 Default value: None Required Node selector label key used to target dedicated Kubernetes nodes for `cassandra` data services. See Configuring dedicated node pools.
`cassandra.nodeSelector.value`	Advanced	Introduced in version: 1.0.0 Default value: None Optional node selector label value used to target dedicated Kubernetes nodes for `cassandra` data services and override the `nodeSelector.apigeeData` settings. See nodeSelector.
`cassandra.port`	Advanced	Introduced in version: 1.0.0 Default value: `9042` Port number used to connect to cassandra.
`cassandra.rack`	Basic	Introduced in version: 1.0.0 Default value: `ra-1` Specifies the rack of the Cassandra node.
`cassandra.readinessProbe.failureThreshold`	Advanced	Introduced in version: 1.0.0 Default value: `2` The number of times Kubernetes will verify that readiness probes have failed before marking the pod unready. The minimum value is 1.
`cassandra.readinessProbe.initialDelaySeconds`	Advanced	Introduced in version: 1.0.0 Default value: `0` The number of seconds after a container is started before a readiness probe is initiated.
`cassandra.readinessProbe.periodSeconds`	Advanced	Introduced in version: 1.0.0 Default value: `10` Determines how often to perform a readiness probe, in seconds. The minimum value is 1.
`cassandra.readinessProbe.successThreshold`	Advanced	Introduced in version: 1.0.0 Default value: `1` The minimum consecutive successes needed for a readiness probe to be considered successful after a failure. The minimum value is 1.
`cassandra.readinessProbe.timeoutSeconds`	Advanced	Introduced in version: 1.0.0 Default value: `5` The number of seconds after which a liveness probe times out. The minimum value is 1.
`cassandra.replicaCount`	Basic	Introduced in version: 1.0.0 Default value: `1` Cassandra is a replicated database. This property specifies the number of Cassandra nodes employed as a StatefulSet. Note: The default value of `1` is only acceptable for demo or test installations. For production installations, the value of `replicaCount` must be a multiple of `3`. To determine your desired `replicaCount` value, consider the following: Estimate the traffic demands for your proxies. Load test and make reasonable predictions of your CPU utilization. You can specify different `replicaCount` values in different regions. You can expand the `replicaCount` in the future in your overrides file.
`cassandra.resources.requests.cpu`	Advanced	Introduced in version: 1.0.0 Default value: `500m` The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
`cassandra.resources.requests.memory`	Advanced	Introduced in version: 1.0.0 Default value: `1Gi` The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
`cassandra.restore.cloudProvider`	Advanced	Introduced in version: 1.0.0 Default value: `GCP` Required if restore is enabled. Cloud provider for backup storage. For information on CSI backup and restore for cloud platforms such as Google Cloud, AWS, and Azure, see CSI backup and restore.
`cassandra.restore.dbStorageBucket`	Advanced	Introduced in version: 1.0.0 Default value: None Required if restore is enabled. Cloud storage bucket for the backup data to restore.
`cassandra.restore.enabled`	Advanced	Introduced in version: 1.0.0 Default value: `false`
`cassandra.restore.image.pullPolicy`	Advanced	Introduced in version: 1.0.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`cassandra.restore.image.tag`	Advanced	Introduced in version: 1.0.0 Default value: `1.10.5` The version label for this service's Docker image.
`cassandra.restore.image.url`	Advanced	Introduced in version: 1.0.0 Default value: `gcr.io/apigee-release/hybrid/apigee-cassandra-backup-utility` The location of the Docker image for this service.
`cassandra.restore.serviceAccountPath`	Advanced	Introduced in version: 1.0.0 Default value: None One of either `restore.serviceAccountPath` or `restore.serviceAccountRef` is required if restore is enabled. Path to Google Service Account key file with Storage Object Admin role.
`cassandra.restore.serviceAccountRef`	Advanced	Introduced in version: 1.2.0 Default value: None One of either `restore.serviceAccountPath` or `restore.serviceAccountRef` is required if restore is enabled.
`cassandra.restore.snapshotTimestamp`	Advanced	Introduced in version: 1.0.0 Default value: None Required if restore is enabled. Timestamp of the backup that should be restored.
`cassandra.restore.user`	Advanced	Introduced in version: 1.0.0 Default value: admin account Cassandra username used for schema backup restoration. If not specified, the admin user will be used.
`cassandra.sslCertPath`	Basic	Introduced in version: 1.2.0 Default value: None The path on your system to a TLS certificate file. Note: For each configured environment, the Common Name (CN) in the cert must match the domain in the `hostAliases[]` property. For example, if the CN is `*.example.com`, the `hostAliases[]` could be `foo.example.com` or `bar.example.com`.
`cassandra.sslKeyPath`	Basic	Introduced in version: 1.2.0 Default value: None The path on your system to the TLS private key file.
`cassandra.sslRootCAPath`	Basic	Introduced in version: 1.2.0 Default value: None The certificate chain to the root CA (certificate authority).
`cassandra.storage.capacity`	Basic	Introduced in version: 1.0.0 Default value: `10Gi` Required if `storage.storageclass` is specified Specifies the disk size required, in mebibytes (Mi) or gibibytes (Gi).
`cassandra.storage.storageclass`	Basic	Introduced in version: 1.0.0 Default value: None Specifies the class of on-prem storage being used.
`cassandra.terminationGracePeriodSeconds`	Advanced	Introduced in version: 1.0.0 Default value: `300` The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
`cassandra[].tolerations.effect`	Advanced	Introduced in version: 1.10.1 Default value: None Required to use the Taints and Tolerations feature of Kubernetes. `effect` specifies the effect that matching a toleration with a taint will have. Values for `effect` can be: `NoExecute` `NoSchedule` `PreferNoSchedule` See Taints and Tolerations: Concepts for details.
`cassandra[].tolerations.key`	Advanced	Introduced in version: 1.10.1 Default value: None Required to use the Taints and Tolerations feature of Kubernetes. `key` identifies pods to which the toleration can be applied. See Taints and Tolerations: Concepts for details.
`cassandra[].tolerations.operator`	Advanced	Introduced in version: 1.10.1 Default value: `"Equal"` Required to use the Taints and Tolerations feature of Kubernetes. `operator` specifies the operation used to trigger the `effect`. Values for `operator` can be: `Equal` matches the value set in `value`. `Exists` ignores the value set in `value`. See Taints and Tolerations: Concepts for details.
`cassandra[].tolerations.tolerationSeconds`	Advanced	Introduced in version: 1.10.1 Default value: None Used by the Taints and Tolerations feature of Kubernetes. `tolerationSeconds` defines in seconds how long a pod stays bound to a failing or unresponsive node. See Taints and Tolerations: Concepts for details.
`cassandra[].tolerations.value`	Advanced	Introduced in version: 1.10.1 Default value: None Used by the Taints and Tolerations feature of Kubernetes. `value` is the value that triggers the `effect` when `operator` is set to `Equal`. See Taints and Tolerations: Concepts for details.

`certManager`

Apigee uses cert-manager for certificate validation.

The following table describes the properties of the certManager object:

Property Type Description

Property	Type	Description
`certManager.namespace`	Advanced	Introduced in version: 1.9.0 Default value: `cert-manager` The namespace for cert-manager. See Running cert-manager in a custom namespace.

certManager.namespace

Advanced

Introduced in version: 1.9.0

Default value: cert-manager

The namespace for cert-manager.

See Running cert-manager in a custom namespace.

`connectAgent`

Apigee Connect allows the Apigee hybrid management plane to connect securely to the MART service in the runtime plane without requiring you to expose the MART endpoint on the internet.

See Apigee Connect.

The following table describes the properties of the connectAgent object:

Property	Type	Description
`connectAgent.annotations`	Advanced	Introduced in version: 1.5.0 Default value: None Optional key/value map used to annotate pods. For more information, see Custom annotations.
`connectAgent.server`	Advanced	Introduced in version: 1.2.0 Default value: `apigeeconnect.googleapis.com:443` The location of the server and port for this service.
`connectAgent.logLevel`	Advanced	Introduced in version: 1.2.0 Default value: `INFO` The level of log reporting. Values can be: `INFO`: Informational messages in addition to warning, error, and fatal messages. Most useful for debugging. `WARNING`: Non-fatal warnings in addition to error and fatal messages. `ERROR`: Internal errors and errors that are not returned to the user in addition to fatal messages. `FATAL`: Unrecoverable errors and events that cause Apigee Connect to crash.
`connectAgent.image.pullPolicy`	Advanced	Introduced in version: 1.2.0 Default value: `IfNotPresent` Determines when kubelet pulls the pod's Docker image. Possible values include: `IfNotPresent`: Do not pull a new image if it already exists. `Always`: Always pull the image, regardless of whether it exists already. For more information, see Updating images.
`connectAgent.image.tag`	Advanced	Introduced in version: 1.2.0 Default value: `1.10.5` The version label for this service's Docker image.
`connectAgent.image.url`	Advanced	Introduced in version: 1.2.0 Default value: `gcr.io/apigee-release/hybrid/apigee-connect-agent` The location of the Docker image for this service. Check the `values.yaml` file for the specific URL.
`connectAgent.replicaCountMax`	Basic	Introduced in version: 1.2.0 Default value: `5` Maximum number of replicas available for autoscaling.
`connectAgent.replicaCountMin`	Basic	Introduced in version: 1.2.0 Default value: `1` Minimum number of replicas available for autoscaling. In production, you may want to increase `replicaCountMin` to 3, to have a greater number of connections to the control plane for reliability and scalability.
`connectAgent.resources.requests.cpu`	Advanced	Introduced in version: 1.0.0 Default value: `100m` The CPU needed for normal operation of the resource in a Kubernetes container, in millicores.
`connectAgent.resources.requests.memory`	Advanced	Introduced in version: 1.0.0 Default value: `30Mi` The memory needed for normal operation of the resource in a Kubernetes container, in mebibytes.
`connectAgent.serviceAccountPath`	Basic	Introduced in version: 1.1.1 Default value: None One of either `serviceAccountPath` or `serviceAccountRef` is required. Path to Google Service Account key file for the `apigee-mart` service account. In most installations, the value of `connectAgent.serviceAccountPath` must match the value of `mart.serviceAccountPath`.
`connectAgent.serviceAccountRef`	Basic	Introduced in version: 1.2.0 Default value: None One of either `serviceAccountPath` or `serviceAccountRef` is required. In most installations, the value of `connectAgent.serviceAccountRef` must match the value of `mart.serviceAccountRef`.
`connectAgent.targetCPUUtilizationPercentage`	Advanced	Introduced in version: 1.2.0 Default value: `75` Target CPU utilization for the Apigee Connect agent on the pod. The value of this field enables Apigee Connect to auto-scale when CPU utilization reaches this value, up to `replicaCountMax`.
`connectAgent.terminationGracePeriodSeconds`	Advanced	Introduced in version: 1.2.0 Default value: `600` The time between a request for pod deletion and when the pod is killed, in seconds. During this period, any prestop hooks will be executed and any running process should terminate gracefully.
`connectAgent[].tolerations.effect`	Advanced	Introduced in version: 1.10.1 Default value: None Required to use the Taints and Tolerations feature of Kubernetes. `effect` specifies the effect that matching a toleration with a taint will have. Values for `effect` can be: `NoExecute` `NoSchedule` `PreferNoSchedule` See Taints and Tolerations: Concepts for details.
`connectAgent[].tolerations.key`	Advanced	Introduced in version: 1.10.1 Default value: None Required to use the Taints and Tolerations feature of Kubernetes. `key` identifies pods to which the toleration can be applied. See Taints and Tolerations: Concepts for details.
`connectAgent[].tolerations.operator`	Advanced	Introduced in version: 1.10.1 Default value: `"Equal"` Required to use the Taints and Tolerations feature of Kubernetes. `operator` specifies the operation used to trigger the `effect`. Values for `operator` can be: `Equal` matches the value set in `value`. `Exists` ignores the value set in `value`. See Taints and Tolerations: Concepts for details.
`connectAgent[].tolerations.tolerationSeconds`	Advanced	Introduced in version: 1.10.1 Default value: None Used by the Taints and Tolerations feature of Kubernetes. `tolerationSeconds` defines in seconds how long a pod stays bound to a failing or unresponsive node. See Taints and Tolerations: Concepts for details.
`connectAgent[].tolerations.value`	Advanced	Introduced in version: 1.10.1 Default value: None Used by the Taints and Tolerations feature of Kubernetes. `value` is the value that triggers the `effect` when `operator` is set to `Equal`. See