Installing the Developer Portal subsystem into a Kubernetes environment
Use the Install Assist utility program to install the Developer Portal subsystem into your Kubernetes runtime environment.
Before you begin
Before installing the Portal subsystem, complete the steps that are described in First steps for installing API Connect: Upload files to registry. For instructions on using the APICUP installer, see Tips and tricks for using APICUP.
Ensure that your kernel or Kubernetes node has the value of its inotify
watches
set high enough so that the Developer Portal can
monitor and maintain the files for each Developer Portal
site. If set too low, the Developer Portal
containers might fail to start or go into a non-ready
state when this limit is
reached. If you have many Developer Portal
sites, or if your sites contain a lot of content, for example, many custom modules and themes, then
a larger number of inotify
watches are required. You can start with a value of
65,000, but for large deployments, this value might need to go up as high as 1,000,000. The Developer Portal
containers take inotify
watches only when they need them. The full number is not
reserved or held, so it is acceptable to set this value high.
Procedure
-
The commands for installing the Portal subsystem are described in the following table. Sample
code is also provided.
Note:
- Although the
site-backup
parameters listed in the following table are optional, it's highly recommended that you include them in your installation, so that remote server backups of the portal database are also taken. If you don't want to configure these parameters at installation, you can configure them later, see Backing up and restoring the Developer Portal in a Kubernetes environment. - Host names and DNS entries may not be changed on a cluster after the initial installation.
-
The backup secret is a Kubernetes secret that contains your username and password for your backup database (sftp/s3). Only password-based authentication is supported for sftp and s3, not authentication based on public certificates and private keys. Password-based authentication for s3 requires that you generate an access key and secret. For example:
- IBM (Cloud Object Storage): Service credentials.
- AWS: Managing access keys.
Command Values/Definition apicup init
Initializes the apicup installation utility and creates the apiconnect-up.yml
configuration fileapicup subsys create ptl portal --k8s
Describes a Portal subsystem in the Kubernetes cluster. The identifier ptl
is the name that you have assigned to your Portal service. You can assign it any name, as long as the identifier consists of lower case alphanumeric characters or '-', with no spaces, starts with an alphabetic character, and ends with an alphanumeric character. The commandportal
indicates that you are creating a Portal subsystem.apicup subsys set ptl extra-values-file
<path/file name>
- Path to the extra values file. One extra values file is permitted. The extra values file requires a.yaml
format. It contains the ingress annotations and other settings for the subsystem. For an example of an extra values file for each subsystem, see Creating an extra values file in a Kubernetes environment.apicup subsys set ptl portal-admin
<padmin>.<hostname>.<domainname>
- The management endpoint for the Portal. All endpoints must be resolvable by DNS. Domain names that are used for endpoints cannot contain the underscore "_" character. See Pre-installation requirements. Refer to the deployment overview diagram for information about endpoints and certificates: Deployment overview for endpoints and certificates.apicup subsys set ptl portal-www
<portal>.<hostname>.<domain name>
- The endpoint for the public portal websites. All endpoints must be resolvable by DNS. Domain names that are used for endpoints cannot contain the underscore "_" character. See Pre-installation requirements. Multiple portal-www endpoints may be configured, as described here: Defining multiple portal endpoints for a Kubernetes environment.apicup subsys set ptl namespace
<namespaceName>
- Defines the namespace where the Portal service resides; every subsystem can be in a separate namespace. Valid namespaces are configured in Kubernetes prior to starting the API Connect installationapicup subsys set ptl storage-class
<storageClass>
- Refers to a valid StorageClass object in your Kubernetes cluster that supports dynamic PersistentVolume provisioning. Static or manual PersistentVolume provisioning can be used, but it requires additional steps that are not covered in this documentation. Block storage is required. Select a block storage format of your choosing in order for API Connect components to be supported. GlusterFS is not recommended as a storage option due to severe performance degradation. For AWS, the gp2 and io1 types of Elastic Block Storage (EBS) are supported. Note that NFS is not supported.apicup subsys set ptl registry
<registry-uri>
- The location where you are running the image registry (for example, Artifactory)apicup subsys set ptl registry-secret
<registrySecret>
- Kubernetes secret with Docker credentials to authenticate with the image registry. The value forregistry-secret
must match the name of the secret created by using thekubectl create secret
command. It contains the Docker credentials for accessing the registry.apicup subsys set ptl www-storage-size-gb
The default is 5GB. The recommended minimum is 5GB. The actual value depends on your environment. Used to store the php, html, and media files that comprise each Portal web site. Increase this size by at least 1GB for every 20 small sites that you want to host. Note that a single site with a lot of media can take many GB. If there is less than 128MB free, then the Portal will refuse to create new sites. apicup subsys set ptl backup-storage-size-gb
The default is 5GB. The recommended minimum is 5GB. The actual value depends on your environment. Stores 7 days worth of compressed backups of each Portal website. Increase this by at least 3GB for every 20 small sites that you want to host. Note that a single site with a lot of media can take many GB per backup. apicup subsys set ptl db-storage-size-gb
The default is 12GB. The recommended minimum is 12GB. The actual value might be higher than this but will depend upon your environment. Used for the database files. Increase this by at least 5GB for every 20 small sites that you want to host. Larger sites require more storage. If there is less than 2GB free, then the Portal refuses to create new sites. Note: For example, a Portal with 5 sites should set this value to 40 GB, or more. Using the default values is not recommended.apicup subsys set ptl db-logs-storage-size-gb
The default is 2GB, and this size should not be changed from 2 GB. Storage used for the database logs. Reducing this value could result in the volume filling up and the database hanging. Making it larger will have no effect on the number of logs kept. apicup subsys set ptl admin-storage-size-gb
The default is 1GB, and this size should not be changed from 1GB. Used for the internal state of the admin container. Reducing this value could result in the admin container failing. Making it larger will have no effect apicup subsys set ptl mode
Determines whether the installation is for development, testing, and demo purposes, or for production. If not explicitly set, the mode will default to dev
(development and testing) for versions 2018.4.1.4 and later. For versions 2018.4.1.3 and earlier, the default for mode isstandard
.dev
- (Default) Use dev mode for development, testing, and demonstration purposes. It allows one instance of each subsystem to be created.standard
- Use standard mode for production environments. It allows multiple instances of each subsystem to be created.
apicup subsys set ptl ingress-type
Must be explicitly set to route
for an OpenShift environment. For a standard K8s environment,ingress-type
defaults toingress
and there is no need to explicitly enter this parameter.apicup subsys set ptl site-backup-host
The fully qualified domain name of the backup server, in lowercase only. Ensure that the Kubernetes nodes can access this host. If using object storage, enter Endpoint/Region
. (The/
character between the endpoint and region is required for the object storage setting.)apicup subsys set ptl site-backup-port
The port for the protocol to connect to the site-backup-host
. Defaults to22
if not explicitly set. The backup port is not required for object storage.apicup subsys set ptl site-backup-auth-user
The user name for the server specified in site-backup-host
. If using object storage, the user name is the S3 Secret Key ID.apicup subsys set ptl site-backup-auth-pass
The password for the server specified in site-backup-host
. If using object storage, the password is the S3 Secret Access Key parameter. The password is stored in Base64 encoded format, and must not be edited directly in the apiconnect-up.yml file.apicup subsys set ptl site-backup-path
The full path to the directory where the backup files are stored. For object storage, the path can be set to the bucket value or the bucket/subfolder value. apicup subsys set ptl site-backup-protocol
The protocol that is used to communicate with your remote backup endpoint. Specify one of the following values: sftp
- for secure file transfer protocolobjstore
- for S3 compatible object storage
sftp
.Note: The public certificate on the S3 storage provider must be signed by a known certificate authority that is trusted by API Connect. Use of an untrusted authority can cause the following error during backup upload:x509: certificate signed by unknown authority
.apicup subsys set ptl site-backup-schedule
The schedule for how often automatic Portal backups are run. The format for the schedule is any valid cron string, as follows:
For example:* * * * * - - - - - | | | | | | | | | +----- day of week (0 - 6) (Sunday=0) | | | +------- month (1 - 12) | | +--------- day of month (1 - 31) | +----------- hour (0 - 23) +------------- min (0 - 59)
30 22 * * 1
performs backups at 10:30 pm on Mondays.The default backup schedule is
0 2 * * *
(runs every day at 2 am). The timezone for backups is UTC.apicup certs set ptl CERT_NAME
[CERT_FILE KEY_FILE CA_FILE] [flags]
- Set the required certificates for the subsystem. Custom certificates might be set, otherwise, default certificates are automatically configured. For information on what certificates are available and how to set them see: Working with certificates.apicup subsys set ptl license-version <license_type>
<license_type>
- Specify the type of license, eitherProduction
orNonproduction
. If not specified, the default value isNonproduction
.Note that the license type does not impact which Portal image to install. The API Connect Kubernetes Pod annotations
productID
andproductName
reflect the selected license.apicup subsys install ptl
Starts the installation of the Portal service. apicup subsys create ptl portal --k8s apicup subsys set ptl extra-values-file=<path/file name> apicup subsys set ptl portal-admin=<padmin>.<hostname>.<domainname> apicup subsys set ptl portal-www=<portal>.<hostname>.<domainname> apicup subsys set ptl registry=<registry-uri> apicup subsys set ptl namespace=<namespaceName> apicup subsys set ptl registry-secret=<registrySecret> apicup subsys set ptl storage-class=<storageClass> apicup subsys set ptl www-storage-size-gb=5 apicup subsys set ptl backup-storage-size-gb=5 apicup subsys set ptl db-storage-size-gb=12 apicup subsys set ptl db-logs-storage-size-gb=2 apicup subsys set ptl admin-storage-size-gb=1 apicup subsys set ptl mode=dev apicup subsys set ptl ingress-type=route <for OpenShift environments only> // OPTIONAL: Set the backup parameters apicup subsys set ptl site-backup-host=<hostname> apicup subsys set ptl site-backup-port=<22> apicup subsys set ptl site-backup-auth-user=<username> apicup subsys set ptl site-backup-auth-pass=<password> apicup subsys set ptl site-backup-path=</site-backups> apicup subsys set ptl site-backup-protocol=<sftp, objstore> apicup subsys set ptl site-backup-schedule=<"0 0 * * *"> // OPTIONAL: Set the certificates apicup certs set ptl CERT_NAME=[CERT_FILE KEY_FILE CA_FILE] [flags] // OPTIONAL: Write the plan to an output directory to inspect myProject/install-plan prior to installation apicup subsys install ptl --out=ptl-install-plan // Start the installation from the output directory. Enter the full path to the output directory. apicup subsys install ptl --plan-dir=./myProject/ptl-install-plan // If output file is not used, enter the following command to start the installation apicup subsys install ptl
The Portal endpoints correspond to the values entered when configuring a Portal service in the Cloud Manager. See Registering a Portal service.apicup subsys set ptl portal-admin
- This is the Management Endpoint that is defined in Cloud Manager, which is used for communicating with API Manager.apicup subsys set ptl portal-www
- This is the Portal Website URL defined in Cloud Manager. It determines the URL for the site that is created for each Catalog. It is used for public access to the Portal from a browser.
- Although the
-
After running the
apicup subsys install
command, run theapicup subsys get <portal_subsys_name> --validate
command to validate the installation. You must correct any errors that are indicated by the--validate
command before continuing. The following example output shows how an error in the installation is displayed:Kubernetes settings =================== Name Value ---- ----- extra-values-file ✔ ingress-type ingress ✔ mode dev ✔ namespace default ✔ registry apic-dev-docker-local.artifactory.devops.com ✔ registry-secret apiconnect-image-pull-secret ✔ storage-class - ✔ Subsystem settings ================== Name Value ---- ----- admin-storage-size-gb 2 ✔ backup-storage-size-gb 5 ✔ db-logs-storage-size-gb 2 ✔ db-storage-size-gb 1 ✘ db-storage-size-gb must be 12 or greater site-backup-auth-pass mypass ✔ site-backup-auth-user myuser ✔ site-backup-host 1.2.3.4 ✔ site-backup-path /home/fvtuser/site-backups ✔ site-backup-port 22 ✔ site-backup-schedule 0 2 * * * ✔ www-storage-size-gb 5 ✔ Endpoints ========= Name Value ---- ----- portal-admin api.portal.default.minikube ✔ portal-www portal.default.minikube ✔