Installing the analytics subsystem in a shared namespace
Install the analytics subsystem by creating and applying the analytics_cr.yaml file.
Before you begin
Complete the following tasks to prepare for deploying API Connect:
About this task
Use the OpenShift CLI to edit the custom resource template for the analytics subsystem, apply the resource, verify that the pods are up and running.
Procedure
- Create a file that is called
analytics_cr.yaml
and paste in these contents:# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # apiVersion: analytics.apiconnect.ibm.com/v1beta1 kind: AnalyticsCluster metadata: name: analytics labels: app.kubernetes.io/instance: analytics app.kubernetes.io/managed-by: ibm-apiconnect app.kubernetes.io/name: analytics annotations: apiconnect-operator/cp4i: "false" spec: version: $APP_PRODUCT_VERSION license: accept: $LICENSE_ACCEPTANCE use: $LICENSE_USE license: '$LICENSE_ID' profile: $PROFILE microServiceSecurity: certManager certManagerIssuer: name: selfsigning-issuer kind: Issuer ingestion: endpoint: annotations: cert-manager.io/issuer: ingress-issuer hosts: - name: ai.$STACK_HOST secretName: analytics-ai-endpoint clientSubjectDN: CN=analytics-ingestion-client,O=cert-manager storage: type: $STORAGE_TYPE shared: volumeClaimTemplate: storageClassName: $STORAGE_CLASS volumeSize: $DATA_VOLUME_SIZE #master: # uncomment this section if you set storage.type = dedicated. # volumeClaimTemplate: # storageClassName: $STORAGE_CLASS
- Edit the YAML file and set the variables:
$APP_PRODUCT_VERSION
- API Connect application version for the subsystems.
version: <version_number>
Example version number: 10.0.8.1
$PROFILE
-
Specify your analytics subsystem profile, where
n
indicates number of replicas,c
number of cores, andm
is the minimum memory allocation in GB. For more information on profiles, see Deployment and component profiles.Note: The profile that you select influences your storage type options. If you select ann1
profile then you must select theshared
storage type. For more information about storage types, see storage types. $STACK_HOST
- The desired ingress subdomain for the API Connect stack. Used when
specifying endpoints. Domain names that are used for endpoints cannot contain the underscore "_"
character. You can customize the subdomain or the complete hostname:
- Subdomain customization only
Accept the prefixes predefined for the ingress hostnames to use and replace all instances of
$STACK_HOST
with the desired ingress subdomain for the API Connect stack. For example, if your host ismyhost.subnet.example.com
:ingestion: endpoint: < ... > hosts: - name: ai.myhost.subnet.example.com secret: analytics-ai-endpoint < .... >
- Complete hostname customization
Change both the predefined prefixes and the
$STACK_HOST
subdomain to match your desired hostnames.For example, you can replace
$STACK_HOST
withmy.analytics.ingestion.myhost.subnet.example.com
, wheremy.analytics.ingestion
replacesai
, andmyhost.subnet.example.com
replacesSTACK_HOST
.ingestion: endpoint: < ... > hosts: - name: my.analytics.ingestion.myhost.subnet.example.com secret: analytics-ai-endpoint < ... >
- Subdomain customization only
$STORAGE_TYPE
- If you set
$PROFILE
to ann1
(one replica) profile, then set this toshared
. If you set$PROFILE
to ann3
(three replica) profile then set this todedicated
and uncomment thestorage.master
section, for example:storage: type: dedicated shared: volumeClaimTemplate: storageClassName: $STORAGE_CLASS volumeSize: $DATA_VOLUME_SIZE master: volumeClaimTemplate: storageClassName: $STORAGE_CLASS
For more information about storage types, see dedicated or shared storage.
$STORAGE_CLASS
- The Kubernetes storage class to be used for persistent volume claims. For more information, see
Analytics preinstallation planning. Find the available storage
classes in the target cluster by running the following command:
oc get sc
. Example:storage: type: shared shared: volumeClaimTemplate: storageClassName: ceph-block
- $DATA_VOLUME_SIZE
-
Size of storage allocated for data. To estimate the storage space you require, see Estimating storage requirements. If you are unable to estimate your storage requirement then set it to 500Gi.
storage: type: shared shared: volumeClaimTemplate: storageClassName: ceph-block volumeSize: 500Gi
$LICENSE_ACCEPTANCE
- Set
accept
totrue
. You must accept the license to successfully deploy API Connect. $LICENSE_USE
- Set
use
to eitherproduction
ornonproduction
to match the license that you purchased. - $LICENSE_ID
- Set
license:
to the license ID for the version of API Connect that you purchased. See API Connect licenses.
- Optional: If Cloud Pak for Integration is installed, and you want your
API Connect installation
to be integrated with it, then set
metadata.annotations.apiconnect-operator/cp4i
totrue
.This annotation enables integration with Cloud Pak for Integration.
- Optional: If you want to disable mTLS for
communications between the
management and analytics subsystem, and between the gateway and analytics subsystem, and enable
JWT instead, then add and set the properties
mtlsValidateClient
andjwksUrl
.
where <JWKS URL> is the URL of the JWKS endpoint that is hosted on the management subsystems. To find out thespec: ... mtlsValidateClient: false jwksUrl: <JWKS URL>
jwksUrl
, describe the management CR and check thestatus:
section:
For more information about JWT security, see Enable JWT security instead of mTLS.kubectl describe mgmt -n <namespace> ... status: - name: jwksUrl secretName: api-endpoint type: API uri: https://api.apic.acme.com/api/cloud/oauth2/certs
Note: It is not possible to use JWT on the V5 compatible gateway to analytics message flow. - Optional: If you plan to configure analytics database backups, then define the storage that is required
for backups: Define your backup PVC by adding the
backup.volumeClaimTemplate
property inspec.storage
. For example:spec: storage: backup: volumeClaimTemplate: storageClassName: <storage class> volumeSize: <size>
If you are not sure of the volume size that you need, then you can configure the
backup.volumeClaimTemplate
after installation. -
Install the analytics subsystem by applying the modified CR with the following command:
oc apply -f analytics_cr.yaml -n <namespace>
- Verify that the analytics subsystem is fully installed:
oc get AnalyticsCluster -n <namespace>
The installation is complete when
READY
shows all pods running (n/n
), and theSTATUS
reportsRunning
. Example:NAME READY STATUS VERSION RECONCILED VERSION AGE analytics n/n Running 10.0.8.0 10.0.8.0-1281 86m
It is not necessary to wait for analytics installation to complete before you move on to the next subsystem installation.
- Backup your analytics subsystem and configure scheduled analytics database backups: Backing up and restoring the analytics subsystem.
What to do next
If you are creating a new deployment of API Connect, install other subsystems as needed.
When you have completed the installation of all required API Connect subsystems, you can proceed to defining your API Connect configuration by using the API Connect Cloud Manager; refer to the Cloud Manager configuration checklist.