步驟 6:建立覆寫值

指定設定覆寫值

Apigee Hybrid 安裝程式會為許多設定使用預設值。不過,有些設定沒有預設值。您必須為這些設定提供值,如下文所述。

事前準備

建議您查看下列情境,判斷是否要為這些情境設定叢集。這些設定為選用設定。

設定叢集

依照慣例,設定覆寫值會寫入名為 overrides.yaml 的檔案中,通常會儲存在 $APIGEE_HELM_CHARTS_HOME 目錄中。

  1. $APIGEE_HELM_CHARTS_HOME 目錄中建立名為 overrides.yaml 的新檔案。

    overrides.yaml 會為您專屬的 Apigee Hybrid 安裝作業提供設定。這個步驟中的覆寫檔案會為小型混合型執行階段安裝作業提供基本設定,適合用於首次安裝作業。

  2. overrides.yaml 中,新增下列必要的屬性值。以下詳細說明各項屬性。

    根據您在步驟 4:建立服務帳戶中所做的選擇,選取安裝、正式版、正式版或非正式版 (概念驗證、評估或概念驗證安裝) 的非正式版分頁。

    如果是正式環境中的安裝作業,請參閱「為實際工作環境設定 Cassandra」一文,瞭解 Cassandra 資料庫的儲存空間需求。

    如果您要在 GKE 上安裝 Apigee hybrid,並打算使用 Workload Identity 驗證混合式元件,請選取「Prod:Workload Identity」或「Non-prod:Workload Identity」分頁,設定 overrides.yaml 檔案。

    生產

    請確認 overrides.yaml 檔案具有下列結構和語法。red, bold italics 中的值是您必須提供的屬性值。您可以在這個頁面編輯這些值。 請參閱下表的說明。

    不同平台的 Google Cloud 專案區域和 Kubernetes 叢集區域有所不同。選擇要安裝 Apigee Hybrid 的平台。

    instanceID: "UNIQUE_INSTANCE_IDENTIFIER"
namespace: APIGEE_NAMESPACE # Usually "apigee"

gcp:
  projectID: PROJECT_ID
  region: ANALYTICS_REGION

k8sCluster:
  name: CLUSTER_NAME
  region: CLUSTER_LOCATION # Must be the closest Google Cloud region to your cluster.
org: ORG_NAME

# Required if using Data residency:
contractProvider: https://CONTROL_PLANE_LOCATION-apigee.googleapis.com
  

envs:
- name: ENVIRONMENT_NAME
  serviceAccountPaths:
    # Provide the path relative to the apigee-env chart directory.
    synchronizer: SYNCHRONIZER_SERVICE_ACCOUNT_FILEPATH
    # For example: "PROJECT_ID-apigee-synchronizer.json"
    runtime: RUNTIME_SERVICE_ACCOUNT_FILEPATH
    # For example: "PROJECT_ID-apigee-runtime.json"
    udca: UDCA_SERVICE_ACCOUNT_FILEPATH
    # For example: "PROJECT_ID-apigee-udca.json"
components:
      runtime:
        replicaCountMin: 2 # minimum for Prod
        replicaCountMax: 4 # minimum for Prod

cassandra:
  hostNetwork: false
    # Set to false for single region installations and multi-region installations
    # with connectivity between pods in different clusters, for example GKE installations.
    # Set to true  for multi-region installations with no communication between
    # pods in different clusters, for example Google Distributed Cloud on VMware or bare metal, GKE on AWS,
    # AKS, EKS, and OpenShift installations.
    # See Multi-region deployment: Prerequisites
  replicaCount: 3
    # Use multiples of 3 for production.
    # See Configure Cassandra for production for guidelines.
  storage:
    capacity: 500Gi
  resources:
    requests:
      cpu: 7
      memory: 15Gi
  maxHeapSize: 8192M
  heapNewSize: 1200M
    # Minimum storage requirements for a production environment.
    # See Configure Cassandra for production.

ingressGateways:
- name: INGRESS_NAME # maximum 17 characters.
  replicaCountMin: 2
  replicaCountMax: 10
  svcAnnotations:  # optional. If you are on AKS, see Known issue #260772383
    SVC_ANNOTATIONS_KEY: SVC_ANNOTATIONS_VALUE

virtualhosts:
- name: ENVIRONMENT_GROUP_NAME
  selector:
    app: apigee-ingressgateway
    ingress_name: INGRESS_NAME
  sslCertPath: PATH_TO_CERT_FILE
  sslKeyPath: PATH_TO_KEY_FILE

mart:
  serviceAccountPath: MART_SERVICE_ACCOUNT_FILEPATH
    # Provide the path relative to the apigee-org chart directory.
    # For example: "PROJECT_ID-apigee-mart.json"

connectAgent:
  serviceAccountPath: MART_SERVICE_ACCOUNT_FILEPATH
    # Use the same service account for mart and connectAgent
    # Provide the path relative to the apigee-org chart directory.
    # For example: "PROJECT_ID-apigee-mart.json"

logger:
  enabled: true
    # enabled by default
    # See apigee-logger in Service accounts and roles used by hybrid components.
  serviceAccountPath: LOGGER_SERVICE_ACCOUNT_FILEPATH
    # Provide the path relative to the apigee-telemetry directory.
    # For example: "PROJECT_ID-apigee-logger.json"

metrics:
  serviceAccountPath: METRICS_SERVICE_ACCOUNT_FILEPATH
    # Provide the path relative to the apigee-telemetry chart directory.
    # For example: "PROJECT_ID-apigee-metrics.json"

udca:
  serviceAccountPath: UDCA_SERVICE_ACCOUNT_FILEPATH
    # Provide the path relative to the apigee-org chart directory.
    # For example: "PROJECT_ID-apigee-udca.json"

watcher:
  serviceAccountPath: WATCHER_SERVICE_ACCOUNT_FILEPATH
    # Provide the path relative to the apigee-org chart directory.
    # For example: "PROJECT_ID-apigee-watcher.json"

    非正式環境

    請確認 overrides.yaml 檔案具有下列結構和語法。red, bold italics 中的值是您必須提供的屬性值。您可以在這個頁面編輯這些值。 請參閱下表的說明。

    不同平台的 Google Cloud 專案區域和 Kubernetes 叢集區域有所不同。選擇要安裝 Apigee Hybrid 的平台。

    instanceID: "UNIQUE_INSTANCE_IDENTIFIER"
namespace: APIGEE_NAMESPACE # Usually "apigee"

gcp:
  projectID: PROJECT_ID
  region: ANALYTICS_REGION

k8sCluster:
  name: CLUSTER_NAME
  region: CLUSTER_LOCATION # Must be the closest Google Cloud region to your cluster.
org: ORG_NAME

# Required if using Data residency:
contractProvider: https://CONTROL_PLANE_LOCATION-apigee.googleapis.com
  

envs:
- name: ENVIRONMENT_NAME
  serviceAccountPaths:
    # Provide the path relative to the apigee-env chart directory.
    synchronizer: NON_PROD_SERVICE_ACCOUNT_FILEPATH
    # For example: "PROJECT_ID-apigee-non-prod.json"
    runtime: NON_PROD_SERVICE_ACCOUNT_FILEPATH
    # For example: "PROJECT_ID-apigee-non-prod.json"
    udca: NON_PROD_SERVICE_ACCOUNT_FILEPATH
    # For example: "PROJECT_ID-apigee-non-prod.json"

cassandra:
  hostNetwork: false
    # Set to false for single region installations and multi-region installations
    # with connectivity between pods in different clusters, for example GKE installations.
    # Set to true  for multi-region installations with no communication between
    # pods in different clusters, for example Google Distributed Cloud on VMware or bare metal, GKE on AWS,
    # AKS, EKS, and OpenShift installations.
    # See Multi-region deployment: Prerequisites
  replicaCount: 1
    # Use 1 for non-prod or "demo" installations and multiples of 3 for production.
    # See Configure Cassandra for production for guidelines.

ingressGateways:
- name: INGRESS_NAME # maximum 17 characters.
  replicaCountMin: 2
  replicaCountMax: 10
  svcAnnotations:  # optional. If you are on AKS, see Known issue #260772383
    SVC_ANNOTATIONS_KEY: SVC_ANNOTATIONS_VALUE

virtualhosts:
- name: ENVIRONMENT_GROUP_NAME
  selector:
    app: apigee-ingressgateway
    ingress_name: INGRESS_NAME
  sslCertPath: PATH_TO_CERT_FILE
  sslKeyPath: PATH_TO_KEY_FILE

mart:
  serviceAccountPath: NON_PROD_SERVICE_ACCOUNT_FILEPATH
  # Provide the path relative to the chart directory.
  # For example: "PROJECT_ID-apigee-non-prod.json"

connectAgent:
  serviceAccountPath: NON_PROD_SERVICE_ACCOUNT_FILEPATH
  # Provide the path relative to the apigee-org chart directory.
  # Use the same service account for mart and connectAgent
  # For example: "PROJECT_ID-apigee-non-prod.json"

logger:
  enabled: true
    # enabled by default
    # See apigee-logger in Service accounts and roles used by hybrid components.
  serviceAccountPath: NON_PROD_SERVICE_ACCOUNT_FILEPATH
    # Provide the path relative to the apigee-telemetry chart directory.
    # For example: "PROJECT_ID-apigee-non-prod.json"

metrics:
  serviceAccountPath: NON_PROD_SERVICE_ACCOUNT_FILEPATH
    # Provide the path relative to the apigee-telemetry chart directory.
    # For example: "PROJECT_ID-apigee-non-prod.json"

udca:
  serviceAccountPath: NON_PROD_SERVICE_ACCOUNT_FILEPATH
    # Provide the path relative to the apigee-org chart directory.
    # For example: "PROJECT_ID-apigee-non-prod.json"

watcher:
  serviceAccountPath: NON_PROD_SERVICE_ACCOUNT_FILEPATH
    # Provide the path relative to the apigee-org chart directory.
    # For example: "PROJECT_ID-apigee-non-prod.json"

    正式版:Workload Identity

    這個範本適用於使用 Workload Identity 在 GKE 上安裝正式環境。請確認 overrides.yaml 檔案具有下列結構和語法。red, bold italics 中的值是您必須提供的屬性值。您可以在這個頁面編輯這些值。請參閱下表的說明。

    如果您要在 GKE 上安裝 Apigee hybrid,可以使用 Workload Identity 驗證身分,並向 Google API 提出要求。如要瞭解 Workload Identity 的總覽,請參閱:

    如要在 GKE 上使用 Workload Identity 與 Apigee hybrid,請使用這個範本,然後按照「步驟 11:使用 Helm 圖表安裝 Apigee hybrid」中的步驟建立 Kubernetes 服務帳戶,並將這些帳戶與您在「步驟 4:建立服務帳戶」中建立的 Google 服務帳戶建立關聯。

    instanceID: "UNIQUE_INSTANCE_IDENTIFIER"
namespace: APIGEE_NAMESPACE # Usually "apigee"

gcp:
  projectID: PROJECT_ID
  region: ANALYTICS_REGION
  workloadIdentity:
    enabled: true

k8sCluster:
  name: CLUSTER_NAME
  region: CLUSTER_LOCATION # Must be the closest Google Cloud region to your cluster.
org: ORG_NAME

# Required if using Data residency:
contractProvider: https://CONTROL_PLANE_LOCATION-apigee.googleapis.com
  

envs:
- name: ENVIRONMENT_NAME
  gsa:
    synchronizer: "SYNCHRONIZER_SERVICE_ACCOUNT_EMAIL"
    # For example: "apigee-synchronizer@PROJECT_ID.iam.gserviceaccount.com"
    runtime: "RUNTIME_SERVICE_ACCOUNT_EMAIL"
    # For example: "apigee-runtime@PROJECT_ID.iam.gserviceaccount.com"
    udca: "UDCA_SERVICE_ACCOUNT_EMAIL"
    # For example: "apigee-udca@PROJECT_ID.iam.gserviceaccount.com"
  components:
    runtime: 
      replicaCountMin: 2 # minimum for Prod 
      replicaCountMax: 4 # minimum for Prod
cassandra:
  hostNetwork: false
    # Set to false for single region installations and multi-region installations
    # with connectivity between pods in different clusters, for example GKE installations.
    # Set to true  for multi-region installations with no communication between
    # pods in different clusters, for example Google Distributed Cloud on VMware or bare metal, GKE on AWS,
    # AKS, EKS, and OpenShift installations.
    # See Multi-region deployment: Prerequisites
  replicaCount: 3
    # Use multiples of 3 for production.
    # See Configure Cassandra for production for guidelines.
  storage:
    capacity: 500Gi
  resources:
    requests:
      cpu: 7
      memory: 15Gi
  maxHeapSize: 8192M
  heapNewSize: 1200M
    # Minimum storage requirements for a production environment.
    # See Configure Cassandra for production.
  backup:
    enabled: true
    # Set to true for initial installation.
    # This triggers the chart to create the apigee-cassandra-backup Kubernetes service account when you install it.
    # See Cassandra backup overview for instructions on using cassandra.backup.

ingressGateways:
- name: INGRESS_NAME # maximum 17 characters.
  replicaCountMin: 2
  replicaCountMax: 10
  svcAnnotations:  # optional. If you are on AKS, see Known issue #260772383
    SVC_ANNOTATIONS_KEY: SVC_ANNOTATIONS_VALUE

virtualhosts:
- name: ENVIRONMENT_GROUP_NAME
  selector:
    app: apigee-ingressgateway
    ingress_name: INGRESS_NAME
  sslCertPath: PATH_TO_CERT_FILE
  sslKeyPath: PATH_TO_KEY_FILE

mart:
  gsa: "MART_SERVICE_ACCOUNT_EMAIL"
    # For example: "apigee-mart@PROJECT_ID.iam.gserviceaccount.com"

connectAgent:
  gsa: "MART_SERVICE_ACCOUNT_EMAIL"
    # Use the same service account for mart and connectAgent
    # For example: "apigee-mart@PROJECT_ID.iam.gserviceaccount.com"

logger:
  enabled: true
    # enabled by default
    # See apigee-logger in Service accounts and roles used by hybrid components.
  gsa: "LOGGER_SERVICE_ACCOUNT_EMAIL"
    # For example: "apigee-logger@PROJECT_ID.iam.gserviceaccount.com"
metrics:
  gsa: "METRICS_SERVICE_ACCOUNT_EMAIL"
    # For example: "apigee-metrics@PROJECT_ID.iam.gserviceaccount.com"

udca:
  gsa: "UDCA_SERVICE_ACCOUNT_EMAIL"
    # For example: "apigee-udca@PROJECT_ID.iam.gserviceaccount.com"

watcher:
  gsa: "WATCHER_SERVICE_ACCOUNT_EMAIL"
    # For example: "apigee-watcher@PROJECT_ID.iam.gserviceaccount.com"

    非生產環境:Workload Identity

    這個範本適用於使用 Workload Identity 在 GKE 上安裝非正式環境。請確認 overrides.yaml 檔案具有下列結構和語法。red, bold italics 中的值是您必須提供的屬性值。您可以在這個頁面編輯這些值。請參閱下表的說明。

    如果您要在 GKE 上安裝 Apigee hybrid,可以使用 Workload Identity 驗證身分,並向 Google API 提出要求。如要瞭解 Workload Identity 的總覽,請參閱:

    如要在 GKE 上使用 Workload Identity 與 Apigee hybrid,請使用這個範本,然後按照「步驟 11:使用 Helm 安裝 Apigee hybrid」中的步驟建立 Kubernetes 服務帳戶,並將這些帳戶與您在「步驟 4:建立服務帳戶」中建立的 Google 服務帳戶建立關聯。

    instanceID: "UNIQUE_INSTANCE_IDENTIFIER"
namespace: APIGEE_NAMESPACE # Usually "apigee"

gcp:
  projectID: PROJECT_ID
  region: ANALYTICS_REGION
  workloadIdentity:
    enabled: true
    gsa: "NON_PROD_SERVICE_ACCOUNT_EMAIL"
    # For example: "apigee-non-prod@PROJECT_ID.iam.gserviceaccount.com"

k8sCluster:
  name: CLUSTER_NAME
  region: CLUSTER_LOCATION # Must be the closest Google Cloud region to your cluster.
org: ORG_NAME

# Required if using Data residency:
contractProvider: https://CONTROL_PLANE_LOCATION-apigee.googleapis.com

instanceID: "UNIQUE_INSTANCE_IDENTIFIER"

cassandra:
  hostNetwork: false
    # false for all GKE installations.
    # See Multi-region deployment: Prerequisites
  replicaCount: 1
    # Use 1 for non-prod or "demo" installations and multiples of 3 for production.
    # See Configure Cassandra for production for guidelines.
  backup:
    enabled: true
    # Set to true for initial installation.
    # This triggers the chart to create the apigee-cassandra-backup Kubernetes service account when you install it.
    # See Cassandra backup overview for instructions on using cassandra.backup.

virtualhosts:
- name: ENVIRONMENT_GROUP_NAME
  selector:
    app: apigee-ingressgateway
    ingress_name: INGRESS_NAME
    sslCertPath: PATH_TO_CERT_FILE
    sslKeyPath: PATH_TO_KEY_FILE

ingressGateways:
- name: INGRESS_NAME # maximum 17 characters.
  replicaCountMin: 2
  replicaCountMax: 10
  svcAnnotations:  # optional. If you are on AKS, see Known issue #260772383
    SVC_ANNOTATIONS_KEY: SVC_ANNOTATIONS_VALUE
  svcLoadBalancerIP: SVC_LOAD_BALANCER_IP  # optional
  

envs:
- name: ENVIRONMENT_NAME

logger:
  enabled: false # Set to false for all GKE installations.

    範例

    以下範例顯示已完成的覆寫檔案,其中加入了屬性值範例:

    instanceID: "my_hybrid_example"
namespace: apigee

gcp:
  projectID: hybrid-example
  region: us-central1

k8sCluster:
  name: apigee-hybrid
  region: us-central1

org: hybrid-example

contractProvider: https://us-apigee.googleapis.com
  

envs:
- name: test
  serviceAccountPaths:
    synchronizer:my-hybrid-project-apigee-synchronizer.json
    runtime: my-hybrid-project-apigee-runtime.json
    udca: my-hybrid-project-apigee-udca.json
    components: 
      runtime: 
        replicaCountMin: 2 
        replicaCountMax: 4
cassandra:
  hostNetwork: false
  replicaCount: 3

ingressGateways:
- name: my-ingress-1
  replicaCountMin: 2
  replicaCountMax: 10

virtualhosts:
- name: example-env-group
  selector:
    app: apigee-ingressgateway
    ingress_name: my-ingress-1
  sslCertPath: certs/keystore.pem
  sslKeyPath: certs/keystore.key

logger:
  enabled: true # Set to "false" for GKE. Set to "true" for all other Kubernetes platforms.
  serviceAccountPath: my-hybrid-project-apigee-logger.json

mart:
  serviceAccountPath: my-hybrid-project-apigee-mart.json

connectAgent:
  serviceAccountPath: my-hybrid-project-apigee-mart.json

metrics:
  serviceAccountPath: my-hybrid-project-apigee-metrics.json

udca:
  serviceAccountPath: my-hybrid-project-apigee-udca.json

watcher:
  serviceAccountPath: my-hybrid-project-apigee-watcher.json
  3. 完成後,請儲存檔案。

下表說明您必須在覆寫檔案中提供的每個屬性值。詳情請參閱「設定屬性參考資料」。

變數 說明
UNIQUE_INSTANCE_IDENTIFIER

用於識別這個執行個體的專屬字串。可以是任何英文字母和數字的組合,最多 63 個半形字元。

您可以在同一個叢集中建立多個機構,但同一個 Kubernetes 叢集中的所有機構的 instanceID 必須相同。
APIGEE_NAMESPACE

Apigee Hybrid 元件的 Kubernetes 命名空間。

預設值為 apigee
ANALYTICS_REGION 在 GKE 中,您必須將這個值設為叢集執行所在的區域。在所有其他平台中,請選取與叢集最接近的 Analytics 支援區域 (請參閱第 1 部分,步驟 2:建立機構中的表格)。

這是您先前指派給環境變數 ANALYTICS_REGION 的值。
PROJECT_ID 指出 apigee-loggerapigee-metrics 推送資料的 Google Cloud 專案。這是指派給環境變數 PROJECT_ID 的值。
CLUSTER_NAME Kubernetes 叢集名稱。這是指派給環境變數 CLUSTER_NAME 的值。
CLUSTER_LOCATION 叢集執行的地區。這是您在 步驟 1:建立叢集中建立叢集的地區。

這是您先前指派給環境變數 CLUSTER_LOCATION 的值。
ORG_NAME Apigee Hybrid 機構的 ID。這是指派給環境變數 ORG_NAME 的值。
CONTROL_PLANE_LOCATION 如果您在 Apigee 混合式安裝作業中使用資料落地功能,就必須提供此值。這是用來儲存客戶核心內容 (例如 Proxy 套件) 的位置。如需清單,請參閱「可用的 Apigee API 控制層區域」。這是在步驟 2:建立機構中指派給 CONTROL_PLANE_LOCATION 環境變數的值。
ENVIRONMENT_GROUP_NAME 環境所屬環境群組的名稱。這是您在 「專案和組織設定」- 步驟 3:建立環境群組中建立的群組。這是指派給環境變數 ENV_GROUP 的值。
PATH_TO_CERT_FILE
PATH_TO_KEY_FILE		 輸入您先前在 步驟 5:建立 TLS 憑證中產生的自行簽署 TLS 金鑰和憑證檔案的路徑和檔案名稱。這些檔案必須位於 APIGEE_HELM_CHARTS_HOME/apigee-virtualhosts/certs 目錄中。例如:
sslCertPath: certs/keystore.crt
sslKeyPath: certs/keystore.key
INGRESS_NAME 部署作業的 Apigee 入口閘道名稱。這個名稱可以是符合下列規定的任何名稱:
  • 長度上限為 17 個半形字元
  • 只能包含小寫英數字元、連字號 (-) 或「.」。
  • 開頭必須是英數字元
  • 結尾須為英數字元

請參閱設定屬性參考資料中的 ingressGateways[].name
SVC_ANNOTATIONS_KEYSVC_ANNOTATIONS_VALUE (選用) 這是一個鍵/值組合,可為預設入口服務提供註解。您的雲端平台會使用註解協助設定混合式安裝作業,例如將負載平衡器類型設為內部或外部。

註解會因平台而異。請參閱平台說明文件,瞭解必要和建議的註解。

如果您未使用此區塊,請將其註解或刪除。
SVC_LOAD_BALANCER_IP (選用) 您為負載平衡器保留的 IP 位址。 在支援指定負載平衡器 IP 位址的平台上,負載平衡器會使用這個 IP 位址建立。如果平台不允許您指定負載平衡器 IP,系統會忽略這項屬性。

如果您未使用此區塊,請將其註解或刪除。

ENVIRONMENT_NAME 請使用您在 UI 中建立環境時使用的名稱,如「 專案和機構設定 - 步驟 3:建立環境群組」一文所述。
*_SERVICE_ACCOUNT_FILEPATH 對應圖表目錄中服務帳戶 JSON 檔案的路徑和檔案名稱。請提供相對於圖表目錄的路徑和名稱。舉例來說:
  • 如果 my-hybrid-project-apigee-synchronizer.json 檔案位於 apigee-env/ 圖表目錄中,您只需提供檔案名稱即可,例如:
    synchronizer:  "my-hybrid-project-apigee-synchronizer.json"
  • 如果檔案位於 apigee-env/service-accounts/ 目錄中,您需要指定相對路徑:
    synchronizer:  "service-accounts/my-hybrid-project-apigee-synchronizer.json"

在非正式環境中,單一服務帳戶的名稱預設為 PROJECT_ID-non-prod.json

如為實際環境,請輸入您在步驟 4:建立服務帳戶中使用 create-service-account 工具產生的服務帳戶金鑰檔案名稱。

您可以在各個對應的圖表目錄中查看服務帳戶檔案。

服務帳戶的預設名稱和對應的圖表目錄如下:

服務帳戶 檔案名稱 圖表目錄
Storage 物件管理員 PROJECT_ID-apigee-cassandra.json apigee-datastore/
記錄寫入者 PROJECT_ID-apigee-logger.json apigee-telemetry/
Apigee Connect 代理人 PROJECT_ID-apigee-mart.json apigee-org/
Monitoring 指標寫入者 PROJECT_ID-apigee-metrics.json apigee-telemetry/
不需要角色 PROJECT_ID-apigee-runtime.json apigee-env/
Apigee 同步處理工具管理員 PROJECT_ID-apigee-synchronizer.json apigee-env/
Apigee 數據分析代理人 PROJECT_ID-apigee-udca.json apigee-org/
Apigee 執行階段代理人 PROJECT_ID-apigee-watcher.json apigee-org/
*_SERVICE_ACCOUNT_EMAIL 如果您使用 GKE 上的 Workload Identity,則必須提供 Google 服務帳戶 (GSA) 的服務帳戶電子郵件地址。這些是您在步驟 4:建立服務帳戶中建立的服務帳戶。您可以使用下列指令找出服務帳戶的電子郵件地址: 
gcloud iam service-accounts list --project ${PROJECT_ID} --filter "apigee"

摘要

設定檔會告訴 Kubernetes 如何將混合式元件部署至叢集。接著,您將啟用同步器存取權,讓 Apigee 執行階段和管理計畫能夠進行通訊。

下一步

1 2 3 4 5 6 (NEXT) 步驟 7:啟用 Synchronizer 存取權 8 9 4 5 5 10 8 9 9 10 5 6 (NEXT) 步驟 7:啟用 Synchronizer 存取權 8 9 9 10 5 6 12