This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee hybrid service account

Posted on 03-08-2023 07:18 PM
aramkrishna6
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Per listed link, which list service account for Apigee hybrid.

Do we require separate service for Apigee Connect Agent  ? and also for mart service account..

listed table does not indicate about Connect Agent service account in the list 

About service accounts  |  Apigee X  |  Google Cloud

@dino 

0 3 125
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
ganadurai
Staff
Reply posted on --/--/---- --:-- AM

Apigee Connect enables a channel for communication from Mgmt plane to MART service in Runtime plane. So the Service Account attached to MART should have the permission "apigeeconnect.endpoints.connect".

Apigee Connect service is an enabler for MART, so there is no specific SA needed for Connect agent. You can find more info here.

Thanks

0 Likes

Posted on --/--/---- --:-- AM
aramkrishna6
Bronze 5
Bronze 5
In response to ganadurai
Reply posted on --/--/---- --:-- AM

@ganadurai  Does this means that if mart SA is with permission "apigeeconnect.endpoints.connect" access then we will not require Apigee Connect service account. Or not sure, in any other cases Apigee Connect service account is required if not for this ?

0 Likes

Posted on --/--/---- --:-- AM
kidiyoor
Staff
In response to ganadurai
Reply posted on --/--/---- --:-- AM

Currently connect and mart uses default k8s service account in. Since these application do not talk to apiserver, it doesn't special k8s roles. It not a good practice to use default k8s service account hence we will create dedicated k8s service account for both the components with no k8s roles in upcoming releases.

0 Likes
Top Solution Authors
View all