Installing API Connect on the active data center

Follow the installation steps for API Connect described in the Cloud Pak for Integration documentation, adding the multiSiteHA configuration to the API Connect YAML.

Before you begin

Verify that all the secrets, certificates, and issuers are ready:
oc get secrets -n <namespace> | grep <apic-instance-name>
<apic-instance-name>-ingress-ca                kubernetes.io/tls                     3      3d21h
<apic-instance-name>-mgmt-replication-client   kubernetes.io/tls                     3      3d21h
<apic-instance-name>-ptl-replication-client    kubernetes.io/tls                     3      3d21h

oc get certs -n <namespace> | grep <apic-instance-name>
<apic-instance-name>-ingress-ca                True    <apic-instance-name>-ingress-ca                3d21h   2032-08-15T13:01:47Z
<apic-instance-name>-mgmt-replication-client   True    <apic-instance-name>-mgmt-replication-client   3d21h   2024-08-17T13:04:27Z
<apic-instance-name>-ptl-replication-client    True    <apic-instance-name>-ptl-replication-client    3d21h   2024-08-17T13:04:26Z

oc get issuer -n <namespace> | grep <apic-instance-name>
<apic-instance-name>-ingress-issuer   True    3d21h
<apic-instance-name>-self-signed      True    3d21h
Where <apic-instance-name> is the name you intend to use for your API Connect cluster CR, and <namespace> is the namespace you created for API Connect.

About this task

In the yaml files that are shown here, replace <apic-instance-name> with the name you intend to use for your API Connect Cluster CR. As decided in Planning and initial preparation. Set <active data center ingress domain> and <warm-standby data center ingress domain> to their appropriate values, which can be determined by running this command in each data center:
oc get ingresses.config/cluster -o jsonpath={.spec.domain}

Procedure

  1. Follow the API Connect installation steps using the Platform UI, as described in the Cloud Pak for Integration documentation https://www.ibm.com/docs/en/cloud-paks/cp-integration. At the point where you specify the configuration properties of your API Connect instance, switch to the YAML tab so you can edit the YAML directly.
    Remember: Use the same <apic-instance-name> value when you specify the API Connect instance name in the Cloud Pak for Integration Platform UI.
  2. Add the management.encryptionSecret.secretName property, and the management.multiSiteHA section to the YAML file inside the spec section.
      management:
        ...
        encryptionSecret:
          secretName: mgmt-encryption-key
        multiSiteHA:
          mode: active
          replicationEndpoint:
            annotations:
              cert-manager.io/issuer: <apic-instance-name>-ingress-issuer
            hosts:
            - name: mgmt-replication.<active data center ingress domain>
              secretName: <apic-instance-name>-mgmt-replication-server
          replicationPeerFQDN: mgmt-replication.<warm-standby data center ingress domain>
          tlsClient:
            secretName: <apic-instance-name>-mgmt-replication-client

    Also set the management.<endpoint>.hosts.name properties to the endpoint URLs you decided on in Planning and initial preparation.

  3. Add the portal.encryptionSecret.secretName property, and the portal.multiSiteHA section to the YAML file inside the spec section.
      portal:
        ...
        encryptionSecret:
          secretName: ptl-encryption-key
        multiSiteHA:
          mode: active
          replicationEndpoint:
            annotations:
              cert-manager.io/issuer: <apic-instance-name>-ingress-issuer
            hosts:
            - name: ptl-replication.<active data center ingress domain>
              secretName: <apic-instance-name>-ptl-replication-server
          replicationPeerFQDN: ptl-replication.<warm-standby data center ingress domain>
          tlsClient:
            secretName: <apic-instance-name>-ptl-replication-client

    Also set the portal.<endpoint>.hosts.name properties to the endpoint URLs you decided on in Planning and initial preparation.

  4. Continue the installation steps as described in Deploying on OpenShift and Cloud Pak for Integration.

Results

Confirm that the management subsystem is ready, but in Warning state with oc get mgmt:
oc get mgmt -n <namespace>


NAME         READY   STATUS    VERSION      RECONCILED VERSION   MESSAGE                                                                          AGE
management   n/n     Warning   10.0.8.0-0   10.0.8.0-0           Management is ready. HA Status Warning - see HAStatus in CR for details   8m59s
oc get mgmt -n <namespace> -o yaml

...
status:
  haStatus
    {
      "lastTransitionTime": "2023-12-31T19:47:08Z",
      "message": "Replication not working, install or upgrade in progress.",
      "reason": "na",
      "status": "True",
      "type": "Pending"
   }
The management CR is expected to report the status of Warning until the warm-standby management subsystem is deployed, and both management subsystems complete data replication. When you see the status message Management is ready. HA Status Warning - see HAStatus in CR for details, you can move on to Installing API Connect on the warm-standby data center.
Note: The portal, analytics, and gateway subsystems are not deployed until the management replication is complete and the management CRs in both data centers report the following:
oc get mgmt -n <namespace>

NAME         READY   STATUS    VERSION      RECONCILED VERSION   MESSAGE                                                                          AGE
management   n/n     Running   10.0.8.0-0   10.0.8.0-0           Management is ready. HA status Ready - see HAStatus in CR for details              8m59s
oc get mgmt -n <namespace> -o yaml

...
status:
  haStatus
  {
    "lastTransitionTime": "2023-03-31T19:47:08Z",
    "message": "Replication is working",
    "reason": "na",
    "status": "True",
    "type": "Ready"
  }

What to do next

Extract the Cloud Pak for Integration credentials, and copy them to your warm-standby data center:
  1. Identify the secret that contains the Cloud Pak for Integration credentials:
    oc -n <namespace> get secrets | grep cp4i-creds
  2. Extract the credentials to a file:
    oc get secret <secret name>  -o json | jq 'del(.metadata.creationTimestamp,.metadata.labels,.metadata.resourceVersion,.metadata.uid,.metadata.ownerReferences)' > cp4i-creds.json

    where <secret name> is the secret you identified in step 1.

  3. Copy the cp4i-creds.json file to the warm-standby data center.
Install API Connect on your warm-standby data center: Installing API Connect on the warm-standby data center.