... rest of the overrides.yaml ...
gcp:
projectID: PROJECT_ID
region: ANALYTICS_REGION # Specifies the analytics region for the hybrid org. This attribute is
# the regional endpoint used to push analytics and debug data to the
# control plane. For example: us-central1
newDataPipeline:
debugSession: true # this flag enables debug session to use the new data pipeline
analytics: true # this flag enables analytics to use the new data pipeline
k8sCluster:
name: CLUSTER_NAME
region: CLUSTER_LOCATION # Must be the closest Google Cloud region to your cluster. For example, us-west1
org: ORG_NAME
... rest of the overrides.yaml ...
[[["わかりやすい","easyToUnderstand","thumb-up"],["問題の解決に役立った","solvedMyProblem","thumb-up"],["その他","otherUp","thumb-up"]],[["わかりにくい","hardToUnderstand","thumb-down"],["情報またはサンプルコードが不正確","incorrectInformationOrSampleCode","thumb-down"],["必要な情報 / サンプルがない","missingTheInformationSamplesINeed","thumb-down"],["翻訳に関する問題","translationIssue","thumb-down"],["その他","otherDown","thumb-down"]],["最終更新日 2025-08-30 UTC。"],[[["\u003cp\u003eApigee hybrid version 1.13.1 introduces a new data pipeline that allows runtime components to directly write data to the control plane, eliminating the need for the UDCA component.\u003c/p\u003e\n"],["\u003cp\u003eThe new data pipeline is exclusively available for new v1.13.1 hybrid organizations that have data residency enabled, requiring specific configuration parameters in the overrides file.\u003c/p\u003e\n"],["\u003cp\u003eTo utilize the new pipeline for Debug sessions and Analytics, you must set permissions for the runtime service account to interact with the new pipeline and push data to the control plane.\u003c/p\u003e\n"],["\u003cp\u003eSwitching to the new pipeline for debug and Analytics data residency involves setting the \u003ccode\u003enewDataPipeline.debugSession\u003c/code\u003e and \u003ccode\u003enewDataPipeline.analytics\u003c/code\u003e flags to \u003ccode\u003etrue\u003c/code\u003e in the \u003ccode\u003eoverrides.yaml\u003c/code\u003e file.\u003c/p\u003e\n"],["\u003cp\u003eUpgrading the environment to utilize the new pipeline is done one environment at a time via the \u003ccode\u003ehelm upgrade\u003c/code\u003e command, specifying the corresponding environment with the \u003ccode\u003e--set env=\u003c/code\u003e\u003cvar translate=no\u003eENV_NAME\u003c/var\u003e parameter.\u003c/p\u003e\n"]]],[],null,["# Configure hybrid to use the new data pipeline\n\n| You are currently viewing version 1.14 of the Apigee hybrid documentation. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nOverview\n--------\n\n\nStarting with version 1.13.1, newly created Apigee hybrid orgs use a new data pipeline that allows the\nruntime components to write data directly to the control plane. Previously, this was done via\nthe UDCA component which generated signed urls to write to Google Cloud Services. The new\npipeline eliminates the need for UDCA and other related components responsible for processing\ndata uploaded to Google Cloud Services.\n| **Note:** Starting with hybrid v1.14.0, this configuration is included in the regular installation and upgrades procedures.\n\nConfiguration\n-------------\n\nYou can configure hybrid to use the new data pipeline for individual components using the following instructions.\n\n### Setting Authorization Flow\n\nSet permissions for the runtime service account to interact with new pipeline to push data to the control plane. This step is\nrequired to allow Debug sessions and Analytics to operate with the new pipeline: \n\n```\ncurl -X PATCH -H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n -H \"Content-Type:application/json\" \\\n \"https://CONTROL_PLANE_LOCATION-apigee.googleapis.com/v1/organizations/ORG_NAME/controlPlaneAccess?update_mask=analytics_publisher_identities\" \\\n -d '{ \"analytics_publisher_identities\": [\"serviceAccount:apigee-runtime@ORG_NAME.iam.gserviceaccount.com\"]}'\n```\n\nThe response should look like the following: \n\n```\n{\n \"name\": \"organizations/newpipeline-hybrid-org/operations/8316aa78-c137-4733-92ec-cc0d2d92fd29\",\n \"metadata\": {\n \"@type\": \"type.googleapis.com/google.cloud.apigee.v1.OperationMetadata\",\n \"operationType\": \"UPDATE\",\n \"targetResourceName\": \"organizations/newpipeline-hybrid-org/controlPlaneAccess\",\n \"state\": \"IN_PROGRESS\"\n }\n}\n```\n\n\nVerify state of the operation using the name parameter from the update response:\n\n### No data residency\n\n```\ncurl -X GET -H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n -H \"Content-Type:application/json\" \\\n \"https://apigee.googleapis.com/v1/organizations/ORG_NAME/operations/8316aa78-c137-4733-92ec-cc0d2d92fd29\"\n```\n\n### Data residency\n\n```\ncurl -X GET -H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n -H \"Content-Type:application/json\" \\\n \"https://CONTROL_PLANE_LOCATION-apigee.googleapis.com/v1/organizations/ORG_NAME/operations/8316aa78-c137-4733-92ec-cc0d2d92fd29\"\n```\n\nThe response should look like the following: \n\n```\n{\n \"name\": \"organizations/newpipeline-hybrid-org/operations/8316aa78-c137-4733-92ec-cc0d2d92fd29\",\n \"metadata\": {\n \"@type\": \"type.googleapis.com/google.cloud.apigee.v1.OperationMetadata\",\n \"operationType\": \"UPDATE\",\n \"targetResourceName\": \"organizations/newpipeline-hybrid-org/controlPlaneAccess\",\n \"state\": \"FINISHED\"\n },\n \"done\": true,\n \"response\": {\n \"@type\": \"type.googleapis.com/google.cloud.apigee.v1.ControlPlaneAccess\",\n \"name\": \"organizations/newpipeline-hybrid-org/controlPlaneAccess\"\n }\n}\n```\n\nVerify the organization's ControlPlaneAccess configuration:\n\n### No data residency\n\n```\ncurl \"https://apigee.googleapis.com/v1/organizations/ORG_NAME/controlPlaneAccess\" \\\n-H \"Authorization: Bearer $(gcloud auth print-access-token)\"\n```\n\n### Data residency\n\n```\ncurl \"https://CONTROL_PLANE_LOCATION-apigee.googleapis.com/v1/organizations/ORG_NAME/controlPlaneAccess\" \\\n-H \"Authorization: Bearer $(gcloud auth print-access-token)\"\n```\n\nThe response should look like the following: \n\n```\n{\n \"synchronizerIdentities\": [\n \"serviceAccount:apigee-synchronizer@newpipeline-hybrid-org.iam.gserviceaccount.com\"\n ],\n \"analyticsPublisherIdentities\": [\n \"serviceAccount:apigee-runtime@newpipeline-hybrid-org.iam.gserviceaccount.com\"\n ]\n}\n```\n\nSwitching between new and old pipelines for debug and Analytics data residency\n------------------------------------------------------------------------------\n\nOnce the right authorization has been provided to the service accounts, users can switch their Apigee instance to use the new pipeline.\n\nTo switch to the new pipeline, set `newDataPipeline.debugSession: true` and `newDataPipeline.analytics: true` in your `overrides.yaml` file.\n\nTo stop using the new pipeline, set `newDataPipeline.debugSession: false` and `newDataPipeline.analytics: false` in your `overrides.yaml` file.\n\nFor example: \n\n```\n... rest of the overrides.yaml ...\ngcp:\n projectID: PROJECT_ID\n region: ANALYTICS_REGION # Specifies the analytics region for the hybrid org. This attribute is\n # the regional endpoint used to push analytics and debug data to the\n # control plane. For example: us-central1\n\nnewDataPipeline:\n debugSession: true # this flag enables debug session to use the new data pipeline\n analytics: true # this flag enables analytics to use the new data pipeline\n\nk8sCluster:\n name: CLUSTER_NAME\n region: CLUSTER_LOCATION # Must be the closest Google Cloud region to your cluster. For example, us-west1\norg: ORG_NAME\n\n... rest of the overrides.yaml ...\n```\n| **Note:** These values are set to `true` by default starting with hybrid v1.14.0. If you are using to hybrid v1.14.0 or newer, you do not need to add the `newDataPipeline` stanza to your `overrides.yaml` file unless you have previously explicitly set these values to `false`. See\n| - [`newDataPipeline.debugSession`](/apigee/docs/hybrid/v1.14/config-prop-ref#newdatapipeline-debugsession)\n| - [`newDataPipeline.analytics`](/apigee/docs/hybrid/v1.14/config-prop-ref#newdatapipeline-analytics)\n| in the Configuration property reference.\n|\nApply these changes with the `helm upgrade` command. Upgrade one environment at a time. Specify the environment with `--set env=`\u003cvar translate=\"no\"\u003eENV_NAME\u003c/var\u003e. \n\n```\nhelm upgrade ENV_RELEASE_NAME apigee-env/ \\\n --install \\\n --namespace APIGEE_NAMESPACE \\\n --set env=ENV_NAME \\\n -f OVERRIDES_FILE\n```\n\n- \u003cvar translate=\"no\"\u003eENV_RELEASE_NAME\u003c/var\u003e is the name with which you previously installed the `apigee-env` chart.\n- \u003cvar translate=\"no\"\u003eENV_NAME\u003c/var\u003e is the name of the environment you are upgrading."]]
