Backing up your Cloud Pak for Integration API Connect deployment

How to backup your API Connect configuration and subsystem databases.

About this task

A full API Connect backup consists of:
  • Infrastructure configuration backup: The infrastructure configuration backup includes everything that you configure for API Connect in your deployment environment, such as:
    • Custom resource (CR) YAML files.
    • Custom certificates.
    • Encryption secrets.
    • Backup secrets.
  • Subsystem database backups: The management, portal, and analytics subsystems all have their own databases that must be backed up:
    • Management database contains everything users configure in the management UIs, REST API, toolkit CLI, and portal sites (excluding Drupal customizations).
    • Portal database contains all portal and site customizations.
    • Analytics database contains all API event data, and the settings of analytics features configured in the management UIs.
To backup your Cloud Pak for Integration or OpenShift top-level CR deployment, backup the infrastructure configuration and databases of each subsystem.
Important:

When you backup API Connect from a primary site to a disaster recovery (DR) site, API Connect that you deployed as part of CP4I uses Keycloak as an OIDC registry. The Keycloak endpoints are generated based on the *.apps.cluster.basedomain for a particular cluster. If API Connect backups from a primary site are restored on the DR site, the Keycloak endpoints at DR point to the ones at the primary site, since this configuration is a part of the management subsystem backup. This can cause login failures for you while using this registry, as now the OAuth call is redirected to the primary site endpoint.

To resolve this issue, after restoring API Connect, update the Keycloak configuration and verify the test user authentication to ensure that the Keycloak endpoints are correctly configured.

Procedure

  1. Save the CP4I credentials secret. 
    oc -n <namespace> get secret <instance_name>-cp4i-creds -o yaml > cp4i_credentials_secret_backup.yaml

    Edit the saved YAML file and remove both the ownerReferences subsection and the selfLink property, and then save the updated file.

  2. If you did not change the cloud administrator password after installation, backup the cloud admin password secret. 
    oc -n <namespace> get secret <instanceName>-mgmt-admin-pass -o jsonpath="{.data.password}" | base64 -d

  3. Backup the API Connect CR. 
    oc -n <namespace> get ApiconnectCluster -o yaml > apic_cr_backup.yaml
  4. Follow the backup steps for each subsystem.
    Important: Ensure that you backup all subsystem CRs, and not just the top-level CR. The subsystem CRs contain additional information about each subsystem, which is required for disaster recovery.