This section describes using Apigee Connect for communication between the hybrid management plane and the MART service in the runtime plane.

Introduction

Apigee Connect allows the Apigee hybrid management plane to connect securely to the MART service in the runtime plane without requiring you to expose the MART endpoint on the internet. If you use Apigee Connect, you do not need to configure the MART ingress gateway with a host alias and an authorized DNS certificate.

Configuring Apigee connect

Configure Apigee connect in your overrides with theconnectAgent configuration property.

Service account

Apigee connect uses theapigee-mart service account. This service account requires the Apigee Connect Agentroles/apigeeconnect.Agent role. SeeService accounts and roles used by hybrid components.

Use theconnectAgent.serviceAccountPath orconnectAgent.serviceAccountRef configuration properties to specify theapigee-mart service account key. Alternatively you canstore the service account key in Hashicorp Vault.

API

Apigee Connect requires theApigee Connect API in theGoogle Cloud API Library. For instructions on enabling APIs in the Google Cloud console, seeStep 3: Enable APIs.

Applying Apigee connect configuration

Apply changes to the Apigee connect configuration with theapigee-org chart with the following command:

helm upgradeORG_NAME apigee-org/ \  --namespaceapigee \  --atomic \  -fOVERRIDES_FILE.yaml

Apigee connect uses thegcr.io/apigee-release/hybrid/apigee-connect-agent:1.13.4 image. If you want to use a private image repository, seeUse a private image repository with Apigee hybrid.

Checking Apigee connect logs

Check the Apigee Connect Agent log.

kubectl logs -nnamespaceapigee-connect-agent-pod-name

You can set the level of logging with theconnectAgent.logLevel configuration property.