[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-03。"],[[["\u003cp\u003eThis documentation version (1.7) is end-of-life and users are urged to upgrade to a newer version for continued support.\u003c/p\u003e\n"],["\u003cp\u003eExposing the MART endpoint, typically accessed via Apigee Connect, is possible using the Istio ingress gateway service for external requests.\u003c/p\u003e\n"],["\u003cp\u003eSetting up the MART endpoint necessitates providing a trusted TLS key/certificate pair, a qualified domain name (host alias), and a GCP service account for authentication.\u003c/p\u003e\n"],["\u003cp\u003eThe certificate's Common Name (CN) must match the value specified in the \u003ccode\u003emart.hostAlias\u003c/code\u003e property, and self-signed certificates are not permitted.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003emart.serviceAccountPath\u003c/code\u003e property in the overrides file should contain the filepath of the downloaded key file.\u003c/p\u003e\n"]]],[],null,["# MART configuration\n\n| You are currently viewing version 1.7 of the Apigee hybrid documentation. **This version is end of life.** You should upgrade to a newer version. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nThe Apigee Hybrid management plane ordinarily communicates with the\n[MART service](/apigee/docs/hybrid/v1.7/what-is-hybrid#management-api-mart)\nin the runtime plane via [Apigee Connect](/apigee/docs/hybrid/v1.7/apigee-connect).\nThis is the recommended configuration. However, if you want to use the MART Istio\ningress gateway service instead of Apigee Connect, you will want to expose the MART\nendpoint to requests coming from outside of the cluster.\nThe MART endpoint is a secure TLS connection. Hybrid uses an\n[Istio\ningress gateway service](https://istio.io/docs/tasks/traffic-management/ingress/) to expose traffic to this endpoint.\n| This MART setup requires you to provide a trusted TLS key/certificate pair and a qualified domain name. Self-signed certificates are not permitted. For an example showing how to obtain a certificate signed by a CA, see [Obtain\n| TLS credentials](/apigee/docs/hybrid/v1.7/lets-encrypt).\n\n\nThis topic explains the steps to take to expose the MART endpoint.\n\nAdding the MART service account\n-------------------------------\n\n\nMART requires a GCP service account for authentication.\n\n1. In the GCP setup step, [Add service accounts](/apigee/docs/hybrid/v1.7/precog-serviceaccounts), you created a service account with no role for MART. Locate the key file you downloaded for that service account. The file should have a `.json` extension.\n2. Add the key file path to the `mart.serviceAccountPath` property: \n\n ```text\n ...\n mart:\n sslCertPath:\n sslKeyPath:\n hostAlias:\n serviceAccountPath: \"path to a file\"\n ...\n ```\n\n\n For example: \n\n ```scdoc\n ...\n mart:\n sslCertPath:\n sslKeyPath:\n hostAlias:\n serviceAccountPath: \"your_keypath/mart-service-account.json\n ...\n ```\n\nAdding TLS credentials and the host alias\n-----------------------------------------\n\n1. Open your overrides file.\n2. Add the `mart.sslCertPath`, `mart.sslKeyPath`, and `mart.hostAlias` properties. The following table describes these properties:\n\n\n For example, where the host alias is a qualified domain name: \n\n ```scdoc\n ...\n\n mart:\n sslCertPath: \u003cvar translate=\"no\"\u003epath-to-file\u003c/var\u003e/mart-server.crt\n sslKeyPath: \u003cvar translate=\"no\"\u003epath-to-file\u003c/var\u003e/mart-server.key\n hostAlias: foo-mart.mydomain.com\n serviceAccountPath: \"your_keypath/mart-service-account.json\n\n ...\n ```\n3. Save your changes."]]
