Each supported platform has its own permission requirements for creating a cluster. After the cluster
is created. As cluster owner, you can proceed to install the Apigee-specific components
(including Apigee, ASM, and cert-manager) into
the cluster. However, if you want to delegate to another user the installation of the runtime
components into the cluster, you can manage the
necessary permissions through
Kubernetes authn-authz.
To install the hybrid runtime components into the cluster, a non-cluster-owner user should
have CRUD permission on these resources:
ClusterRole
Webhooks (ValidatingWebhookConfiguration and MutatingWebhookConfiguration)
PriorityClass
ClusterIssuer
CustomerResourceDefinitions
StorageClass (optional, if the default StorageClass is not used)
Prerequisites
This section describes tasks you must accomplish before you begin the runtime plane quickstart
install.
Complete the following tasks to ensure that you can successfully begin the runtime installation (as described in
this section):
After you have satisfied the above prerequisites, go to the quickstart for your platform:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-26 UTC."],[[["\u003cp\u003eThis documentation covers version 1.3 of Apigee hybrid, which is now end-of-life, and users should upgrade to a newer version for continued support.\u003c/p\u003e\n"],["\u003cp\u003eClusters used for Apigee hybrid must meet specific minimum configuration requirements, detailed in the documentation.\u003c/p\u003e\n"],["\u003cp\u003eInstalling Apigee hybrid runtime components into the cluster requires non-cluster-owner users to have CRUD permission on specified resources like ClusterRole and Webhooks.\u003c/p\u003e\n"],["\u003cp\u003eBefore beginning the runtime installation, users must complete the Google Cloud and UI setup, and have a registered domain name.\u003c/p\u003e\n"],["\u003cp\u003eApigee hybrid can be installed in either a shared cluster with other workloads or in a dedicated cluster, each option having different implications for management and potential version conflicts.\u003c/p\u003e\n"]]],[],null,["# Part 2: Runtime quickstart\n\n| You are currently viewing version 1.3 of the Apigee hybrid documentation. **This version is end of life.** You should upgrade to a newer version. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nSupported platforms\n-------------------\n\n\nSee [Apigee hybrid: supported platforms](/apigee/docs/hybrid/supported-platforms).\n\nMinimum cluster configurations\n------------------------------\n\n\nYour cluster must meet minimum configuration requirements. For details, see\n[Minimum cluster configurations](/apigee/docs/hybrid/v1.3/cluster-overview).\n\nCluster permissions\n-------------------\n\n\nEach supported platform has its own permission requirements for creating a cluster. After the cluster\nis created. As cluster owner, you can proceed to install the Apigee-specific components\n(including Apigee, ASM, and cert-manager) into\nthe cluster. However, if you want to delegate to another user the installation of the runtime\ncomponents into the cluster, you can manage the\nnecessary permissions through\nKubernetes [authn-authz](https://kubernetes.io/docs/reference/access-authn-authz/rbac/).\n\n\nTo install the hybrid runtime components into the cluster, a non-cluster-owner user should\nhave CRUD permission on these resources:\n\n- ClusterRole\n- Webhooks (ValidatingWebhookConfiguration and MutatingWebhookConfiguration)\n- PriorityClass\n- ClusterIssuer\n- CustomerResourceDefinitions\n- StorageClass (optional, if the default StorageClass is not used)\n\nPrerequisites\n-------------\n\nThis section describes tasks you must accomplish before you begin the runtime plane quickstart\ninstall.\n\n| **Note about clusters:** You can create a new separate cluster for Apigee hybrid or you can install it in a cluster that is running other workloads. \n|\n| - **Shared cluster:** If you install Apigee hybrid in a cluster running other workloads, you need to upgrade and maintain your GKE/AKS cluster at the versions and features required in common for Apigee hybrid and for your other workloads. You may want to develop a plan to migrate one or more workloads in case conflicts arise between supported versions and requirements.\n| - **Separate cluster:** Creating a dedicated cluster for Apigee hybrid adds isolation. It also adds the operational effort of maintaining the new cluster.\n| Both options are valid.\n| **Note about VPC Service Controls:** If you plan to enable Google Cloud [Virtual Private Cloud (VPC) Service\n| Controls](https://cloud.google.com/vpc-service-controls) with your Apigee hybrid installation, see [Using VPC Service Controls with Apigee and\n| Apigee hybrid](/apigee/docs/api-platform/security/vpc-sc) for instructions before you proceed.\n\nAfter you have satisfied the above prerequisites, go to the quickstart for your platform:"]]
