The Apigee hybrid installer uses defaults for many settings; however, there are a few settings
that do not have defaults. You must provide values for these settings, as explained next.
Be sure you are in the hybrid-base-directory/hybrid-files directory.
Copy the overrides-small.yaml file from the $APIGEECTL_HOME/examples directory to
your overrides directory:
This example file provides a basic configuration for a small-footprint hybrid
runtime installation, a configuration that is suitable for a your first installation.
cd into the overrides directory:
cd overrides
Open overrides.yaml and add the required property values, shown below. A detailed
description of each property is also provided below:
Syntax
The overrides.yaml file has the following structure and syntax.
Values in red, bold italics are
property values that you must provide. They are described in the table below.
The following table describes each of the property values that you must provide in the
overrides file. For more information, see
Configuration property reference.
Variable
Description
gcp-region
Identifies the GCP region
where the apigee-logger and the apigee-metrics push their data.
gcp-project-id
Identifies the Google Cloud project where the apigee-logger and the apigee-metrics push
their data.
(Required) A qualified DNS name for the environment. You can use a partial
wildcard like *.foo.com. The generic wildcard "*" is not
allowed.
cert-name key-name
Enter the name of the self-signed TLS key and certificate files that you generated previously in the step
Create TLS credentials for the runtime gateway. These files must be located in
the base_directory/hybrid-files/certs directory. For example:
Routing rules direct API calls to the provided paths to the environment mentioned.
path-1 through path-n are the base paths to API proxies deployed
in the environment named in environment-name. paths:
is optional. The default path is /. See also
Configure virtual hosts.
Note: paths: is not
required at this time. Delete or comment out paths: and any path entries.
environment-name (under routingRules)
This is the environment API calls will be routed to.
Use the same name that you used when you created an environment in the UI, as explained
in Step 5: Add a new environment in the hybrid UI.
.
A qualified DNS name for the MART server endpoint. This name must match
the common name (CN) used in the authorized TLS certificate required for
this configuration. For example,
mart.mydomain.com
mart-service-account-name
The name of the mart service account key file that you generated with the
create-service-account tool.
mart-cert-name mart-key-name
Enter the name of the authorized TLS key and certificate files that you generated previously in the step
Create TLS credentials for the MART gateway.
These files must be located in
the base_directory/hybrid-files/certs directory. For example:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-26 UTC."],[[["\u003cp\u003eThis documentation pertains to Apigee hybrid version 1.2, which is now end-of-life and requires an upgrade to a newer version.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eoverrides.yaml\u003c/code\u003e file is crucial for configuring the Apigee hybrid installation, and while many settings have defaults, certain values must be manually provided within it, such as \u003ccode\u003egcp-region\u003c/code\u003e, \u003ccode\u003egcp-project-id\u003c/code\u003e, \u003ccode\u003ecluster-name\u003c/code\u003e, \u003ccode\u003eorg-name\u003c/code\u003e and others.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eoverrides.yaml\u003c/code\u003e file should be copied from the example directory, modified with the required property values, and be sure to set \u003ccode\u003elogger:enabled:false\u003c/code\u003e to disable logging in the overrides file.\u003c/p\u003e\n"],["\u003cp\u003eVirtual host configurations within \u003ccode\u003eoverrides.yaml\u003c/code\u003e require a qualified DNS name as \u003ccode\u003ehostAliases\u003c/code\u003e and paths that direct API calls to the specified environments with the given \u003ccode\u003eenvironment-name\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThere is a detailed table outlining each required property value within the \u003ccode\u003eoverrides.yaml\u003c/code\u003e file, providing descriptions and context for each, to guide the user.\u003c/p\u003e\n"]]],[],null,["# Step 3: Configure the GKE cluster\n\n| You are currently viewing version 1.2 of the Apigee hybrid documentation. **This version is end of life.** You should upgrade to a newer version. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nSpecify configuration overrides\n-------------------------------\n\n\nThe Apigee hybrid installer uses defaults for many settings; however, there are a few settings\nthat do not have defaults. You must provide values for these settings, as explained next.\n| **UPGRADING:** If you are upgrading from v1.1.x to v1.2.0, see [Upgrading Apigee hybrid](/apigee/docs/hybrid/v1.2/upgrade) for instructions. If you are performing a new installation, continue with the configurations described below.\n\n1. Be sure you are in the \u003cvar translate=\"no\"\u003ehybrid-base-directory\u003c/var\u003e`/hybrid-files` directory.\n2. Copy the `overrides-small.yaml` file from the `$APIGEECTL_HOME``/examples` directory to your `overrides` directory: \n\n cp $APIGEECTL_HOME/examples/overrides-small.yaml ./overrides/overrides.yaml\n\n\n This example file provides a basic configuration for a small-footprint hybrid\n runtime installation, a configuration that is suitable for a your first installation.\n3. `cd` into the `overrides` directory: \n\n```\ncd overrides\n```\n 4. Open `overrides.yaml` and add the required property values, shown below. A detailed description of each property is also provided below: **NOTE:** Be sure to disable logging in the overrides file by setting `logger:enabled:false`. Logging is provided by default as part of GKE. \n\n ### Syntax\n\n The `overrides.yaml` file has the following structure and syntax.\n Values in \u003cvar translate=\"no\"\u003ered, bold italics\u003c/var\u003e are\n property values that you must provide. They are described in the [table below](#tablebelow). \n\n ```actionscript-3\n gcp:\n region: gcp-region\n projectID: gcp-project-id\n\n k8sCluster:\n name: cluster-name\n region: cluster-region\n\n org: org-name\n\n virtualhosts:\n - name: virtual-host-name\n hostAliases:\n - \"\u003cvar translate=\"no\"\u003ehost-alias-1\u003c/var\u003e\"\n - \"\u003cvar translate=\"no\"\u003ehost-alias-2\u003c/var\u003e\"\n - \"\u003cvar translate=\"no\"\u003ehost-alias-\u003cem\u003en\u003c/em\u003e\u003c/var\u003e\"\n sslCertPath: ./certs/cert-name.pem\n sslKeyPath: ./certs/key-name.key\n routingRules:\n - paths:\n - /path-1\n - /path-2\n - /path-n\n env: environment-name\n\n envs:\n - name: environment-name # The same name of the env you created in the UI\n serviceAccountPaths:\n synchronizer: ./service-accounts/synchronizer-service-account-name.json\n udca: ./service-accounts/udca-service-account-name.json\n\n mart:\n hostAlias: mart-host-alias\n serviceAccountPath: ./service-accounts/mart-service-account-name.json\n sslCertPath: ./certs/mart-cert-name.pem\n sslKeyPath: ./certs/mart-key-name.key\n\n metrics:\n serviceAccountPath: ./service-accounts/metrics-service-account-name.json\n\n logger:\n enabled: false\n ```\n\n ### Example\n\n The following example shows a completed overrides file with example property values\n added: \n\n ```actionscript-3\n gcp:\n region: us-central1\n projectID: my-gcp-project\n\n k8sCluster:\n name: apigee-hybrid\n region: us-central1\n\n org: hybrid-org\n\n virtualhosts:\n - name: default\n hostAliases:\n - \"*.acme.com\"\n sslCertPath: ./certs/keystore.pem\n sslKeyPath: ./certs/keystore.key\n routingRules:\n # - paths:\n - env: my-environment\n\n envs:\n - name: test\n serviceAccountPaths:\n synchronizer: ./service-accounts/hybrid-project-apigee-synchronizer.json\n udca: ./service-accounts/hybrid-project-apigee-udca.json\n\n mart:\n hostAlias: \"mart.apigee-hybrid-docs.net\"\n serviceAccountPath: ./service-accounts/hybrid-project-apigee-mart.json\n sslCertPath: ./certs/fullchain.pem\n sslKeyPath: ./certs/privkey.key\n\n metrics:\n serviceAccountPath: ./service-accounts/hybrid-project-apigee-metrics.json\n\n logger:\n enabled: false\n ```\n | Although not required for this quick start installation, it's a good practice to create static IP addresses for the two ingress gateways that are exposed outside the cluster. These ingress gateways are used for MART and for handling API proxy traffic. For configuration details, see [Configure static IP addresses](/apigee/docs/hybrid/v1.2/static-ip).\n5. When you are finished, save the file.\n\n\nThe following table describes each of the property values that you must provide in the\noverrides file. For more information, see\n[Configuration property reference](/apigee/docs/hybrid/v1.2/config-prop-ref).\n\nSummary\n-------\n\n\nThe configuration file tells Kubernetes how to deploy the hybrid components to\na cluster. Next, you will apply this configuration to your cluster.\n[1](/apigee/docs/hybrid/v1.2/install-create-cluster) [2](/apigee/docs/hybrid/v1.2/install-download-install) [3](/apigee/docs/hybrid/v1.2/install-copy-overrides) [(NEXT) Step 4: Install hybrid runtime](/apigee/docs/hybrid/v1.2/install-apply-hybrid)\n\n\u003cbr /\u003e"]]