The Apigee hybrid runtime plane is made up of a variety of services. Each service is deployed
on nodes within your Kubernetes cluster, and each one can be configured using the
overrides.yaml file.
Runtime architectural diagram
The following image shows how each of the runtime services interacts with other services in
hybrid:
The following table summarizes the runtime services:
Apigee Ingress is an edge load balancer that receives incoming connections and routes
them to the correct message processor. It includes two parts: the apigee-ingressgateway-manager and apigee-ingressgateways.
apigee-ingressgateway pod routes the traffic to the right Apigee environment
based on hostname and basepath and it orchestrates traffic flow during the canary releases.
apigee-ingressgateway-manager pod task is to create and update the routing configuration of the Apigee Ingress.
Apigee Operators (AO) creates and updates low level Kubernetes and Istio
resources that are required to deploy and maintain the ApigeeDeployment (AD) configuration. For example,
the controller carries out the release of message processors and validates
the AD configuration before making it persistent in Kubernetes cluster.
Acts as a runtime datastore that provides Apigee local persistent storage for KMS,
OAuth, KVMs, and caching for the runtime plane. You can have separate Cassandra rings for
KMS, OAuth, KVMs, and caching.
apigee-cassandra-default pods are the pods running the
hybrid Cassandra database on a Kubernetes cluster. One or more pods
together make a cluster that reads, writes, and stores persistent data
for Apigee hybrid.
apigee-cassandra-user-setup pod initializes and
configures the users and roles for the Cassandra database. These roles
are used by Cassandra and runtime components to read and write data to
the hybrid Cassandra database.
apigee-cassandra-schema-setup pod initializes and
configures the database schema of the hybrid Cassandra database. This
pod is for setting up Cassandra keyspace and table definitions with the
hybrid Cassandra database.
The Connect Agent allows the Apigee hybrid management plane to connect securely to the MART service in the
runtime plane without requiring you to expose the MART endpoint on the internet.
Exposes an endpoint to administer data entities on the runtime plane, such as KMS (API
keys and OAuth tokens), quotas, KVMs, and API products. MART services are scoped to a
single organization.
Consumes rolling updates from the management plane to provide API request processing and
policy execution on the runtime plane. Each Message Processor is scoped to a single
environment.
Apigee Redis is used to keep track of rate limit counts in Apigee and hybrid, which applies only when the SpikeArrest policy has the effectiveCount option enabled.
Fetches configuration data about an API environment from the management plane to the
runtime plane. A Synchronizer can poll one or more environments in the same or
different organizations.
Extracts analytics and deployment status data and sends it to the UAP service in the
management plane so that you can access it with the management UI.
The watcher is a process that watches for configuration changes and triggers their application to the runtime plane.
The watcher also sends Apigee Ingress and runtime deployment status back to the control plane.
The watcher fetches the deployment status from all apigee runtime pods, merges the status and sends the status to the ConfigStore on Management Plane
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eApigee hybrid's runtime plane consists of various services deployed on Kubernetes nodes, each configurable via the \u003ccode\u003eoverrides.yaml\u003c/code\u003e file.\u003c/p\u003e\n"],["\u003cp\u003eThe Apigee Ingress service acts as an edge load balancer, routing incoming connections to the correct message processor and environment.\u003c/p\u003e\n"],["\u003cp\u003eCassandra serves as the runtime datastore, providing persistent storage for KMS, OAuth, KVMs, and caching within the Apigee hybrid environment.\u003c/p\u003e\n"],["\u003cp\u003eServices such as the Message Processor, Synchronizer, and UDCA handle API processing, configuration updates, and analytics data collection respectively, each operating within specific scopes like environment or cluster.\u003c/p\u003e\n"],["\u003cp\u003eThe Apigee Connect Agent facilitates secure communication between the management and runtime planes, while the Logger and Metrics services provide logging and health monitoring capabilities, respectively.\u003c/p\u003e\n"]]],[],null,["# Runtime service configuration overview\n\n| You are currently viewing version 1.10 of the Apigee hybrid documentation. **This version is end of life.** You should upgrade to a newer version. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nThe Apigee hybrid runtime plane is made up of a variety of services. Each service is deployed\non nodes within your Kubernetes cluster, and each one can be configured using the\n[`overrides.yaml` file](/apigee/docs/hybrid/v1.10/customize-services).\n\n#### Runtime architectural diagram\n\nThe following image shows how each of the runtime services interacts with other services in\nhybrid:\n\nThe following table summarizes the runtime services:\n\nMost services make socket connections with other internal or external services that you should be\naware of. For more information, see [Hybrid ports](/apigee/docs/hybrid/v1.10/ports)."]]
