Installing the v10 target on Kubernetes

Prepare your Kubernetes environment, create your API Connect secrets, install v10.

About this task

Follow this task along with the Kubernetes installation instructions: Deploying on Kubernetes. The installation of v10 for v2018 form factor migration differs from a standard v10 installation as follows:
  • You must use the v2018 Management encryption secret from your v2018 source deployment (a new key will be generated for the Portal subsystem).
  • You must not use the same Management subsystem backup location and path as you use for your v2018 source deployment.
  • You can use the same Portal subsystem backup location and path as you use for your v2018 source deployment. Reuse the v2018 portal backup path if you want to restore your v2018 portal site backups - to migrate your site customizations.
  • Ensure that any network route between the target installation and the source system is disabled. The target system must not be able to communicate with the source system.
This task describes the steps of the standard v10 installation that must be followed, and at which points in the process to apply the v2018 extracted data.
Note: It is recommended that you keep the console output of all python scripts that are run. On most MacOS and Linux environments, appending the following to the end of the command saves the output to the specified file:
2>&1 | tee <output filename>


  1. Obtain the API Connect v10 product files: Obtaining product files.
  2. Create your v10 namespaces, deploy the API Connect v10 operators, and cert-manager. The steps differ depending on whether you use one namespace for all API Connect subsystems, or whether you want different namespaces for each subsystem. In both cases, complete all steps on these pages except for the last step of installing your API Connect subsystems:
  3. Create the secrets based on your v2018 extracted data.
    1. Create the secrets by running the script:
      • If both Management and Portal are in the same namespace, or if Portal is not installed:
        python3 -n <namespace>
      • If Management and Portal are in different namespaces:
        python3 -mgmt_ns <mgmt_namespace> -ptl_ns <portal_namespace>

      When the script detects more than one portal subsystem, it prompts you to select the portal subsystem name that you want to create the secrets for. For the remaining portal subsystems, specify the different portal namespace and name with the -ptl_ns and -ptl_subsys_name arguments:

      python3 -skip_mgmt -ptl_ns <portal_x_namespace> -ptl_subsys_name <portal subsystem name>
    2. Verify that the secrets were created.

      Run the kubectl get secrets command as in the following example:

      # kubectl get secrets -n <namespace>
      NAME                               TYPE                                  DATA   AGE
      <mgmt deployment name>-enc-key     Opaque                                1      2m47s
      <portal deployment name>-enc-key   Opaque                                1      2m47s
      management-backup-secret           Opaque                                2      2m47s
      portal-backup-secret               Opaque                                2      2m47s
    3. Delete the v2018 Portal database encryption secret <ptl_deployment_name>-enc-key.
      Run the following command to delete the secret:
      # kubectl -n <namespace> delete secret <portal deployment name>-enc-key
      Note: The v2018 Portal database encryption secret is not compatible with v10. After you delete the <ptl_deployment_name>-enc-key, a new secret will be generated when you apply the subsystem CR in a later step.
  4. Edit the subsystem YAML files as described in Installing the API Connect subsystems. You must update the following properties with the data that is extracted from your source v2018 deployment, which can be found in data/config.yaml for the Management subsystem, and data/config_portal.yaml for the Portal.
    Important: If you do not use the configuration from the source system, the migration fails.
    • Management subsystem properties:
          secretName: mgmt-enc-key
    • Portal database backup details,:
          credentials: portal-backup-secret
          host: <remote backup server IP>
          path: <example path>
          port: <remote backup server path>
          protocol: sftp
  5. Continue with the installation of the subsystems, as described in Installing the API Connect subsystems.
    Note: To migrate all your v2018 data, install at least as many Portal and Gateway subsystems as you have on your v2018 source deployment. If you want to do a staged migration, you can install any remaining subsystems later.

Postinstallation verification and v10 toolkit CLI download.

  1. Log in to the Cloud Manager UI: Login to Cloud Manager UI.
  2. Download the v10 toolkit CLI (CLI only) and credentials.json file, see Installing the v10 toolkit.
  3. Unpack the v10 toolkit CLI, and copy the apic-slim and credentials.json files to your apicv10install directory. Rename apic-slim to apic.
  4. Ensure that your v10 toolkit CLI apic command is in your PATH variable:
    EXPORT PATH=<apicv10install directory>:$PATH
  5. Set your toolkit CLI credentials with:
    apic client-creds:set <apicv10install directory>/credentials.json
  6. Verify you can log in to your Management subsystem with the toolkit CLI. Use the same password as you used to log in to the Cloud Manager UI.
    apic login --server <platform_api_endpoint> --username admin --realm admin/default-idp-1
    where <platform_api_endpoint> is the FQDN of the platform api endpoint that is defined for your v10 Management subsystem, as returned by this command:
    kubectl get ingress -n <namespace> | grep platform-api
    For more information, see v10 toolkit CLI login

What to do next

Restore your v2018 source data to your v10 target deployment: Restoring the v2018 data to the v10 target deployment.