Installing API Connect
Use the top-level APIConnectCluster
CR to install all the API Connect
subsystems into a shared namespace on OpenShift while connected to the internet.
Before you begin
About this task
Procedure
-
Install the subsystems using the OpenShift web console.
API Connect uses a single top-level
APIConnectCluster
CR to quickly deploy all of the subsystems. With theAPIConnectCluster
CR, you provide values for a few properties, and then the installation logic chooses sensible defaults for the other properties during subsystem deployment.- Click Operators->Installed Operators.
- Select the IBM API Connect operator.
- Click Create Instance on the API Connect
cluster tile to install the top-level Custom Resource.
Selecting API Connect cluster installs all the API Connect subsystems with the default configuration. The API Connect subsystems are Management, Developer Portal, Gateway, and Analytics.
- Provide values for the fields shown in Table 1.
Table 1. Properties for the API Connect top-level CR Input Value Name The name to be used when deploying the APIConnectCluster
CR.License acceptance Required. Click to accept the license. You must accept the license to install API Connect. License use Required. Select production or nonproduction to match the type of license that you purchased. License metric Optional. Enter the unit of measurement that is used for your program license: - PROCESSOR_VALUE_UNIT - Default value. If you leave the field blank, this value is used.
- MONTHLY_API_CALL - Applies only to the IBM API Connect Hybrid Entitlement program.
License ID Required. Select the license ID for the API Connect program that you purchased. To view all license IDs, see API Connect licenses. Deployment profile The deployment profile defines the number of worker nodes, CPU, and memory that is available for API Connect. The available profiles are listed in API Connect deployment profiles for OpenShift and Cloud Pak for Integration. Product version Optional. The API Connect application version. Defaults to the latest version available. Default storage class name The name of the Storage class to be used. You can set a default to appear here with the command:oc patch storageclass <storage class name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
Database Backup settings Backup Certs The name of the Kubernetes secret containing your S3 access key and secret or your or SFTP username and password or SSH key. Default: (Generated Value)
Backup S3 URI style Indicates whether URIs to your S3 backup specify a host or a path value. Set to either host
orpath
.Credentials The name of the Kubernetes secret containing your S3 access key and secret or your or SFTP username and password or SSH key. Default: (Generated Value)
Server hostname Hostname of your remote SFTP backup server or object-store endpoint. If specifying an S3 object-store, use the format<S3endpoint>/<S3region>
. For example:s3.eu-gb.cloud-object-storage.appdomain.cloud/eu-standard
Default: none
Path The path to the location of for your backups on your remote server. If you are using a remote SFTP server, then this is a directory path.
If you are using an object-store, then this is the name of your S3 bucket. For example,
bucket-name/folder
. The use of subdirectories in the bucket name is not supported. Ensure thatbucket-name/folder
is empty.Default: none
Server port Not used for S3 object-store backups. RepoRetentionFull The number of days to retain backups for. For example, if
RepoRetentionFull
is set to 30, then any backups older than 30 days are deleted.Schedule Cron like schedule for performing automatic backups. The format for the schedule is: - * * * * * *
- - - - - - -
- | | | | | |
- | | | | | +----- day of week (0 - 6) (Sunday=0)
- | | | | +------- month (1 - 12)
- | | | +--------- day of month (1 - 31)
- | | +----------- hour (0 - 23)
- | +------------- min (0 - 59)
- +--------------- sec (0 - 59)
The backup schedule defaults to
0 0 * * * *
. This means a backup is run every day at midnight and minute zero UTC.When you configure a host, if you do not specify a value for
schedule
, the default backup schedule is automatically set. Note that the default backup schedule is not set, and scheduled backups not enabled, until host configuration is completed. - If you want to configure additional settings, click Advanced and see API Connect configuration settings for information on the advanced settings.
- Optional: If Cloud Pak for Integration is installed, and you want your
API Connect installation
to be integrated with it, then click the
YAML
tab and setmetadata.annotations.apiconnect-operator/cp4i
totrue
.This annotation enables integration with Cloud Pak for Integration.
- Optional: If you are installing API Connect as a Cloud
Pak for Integration component and you want to deploy with Cloud Pak endpoints, complete the
following steps. This step is not applicable if you already disabled API Connect integration with
Cloud Pak for Integration by setting
metadata.annotations.apiconnect-operator/cp4i
to false.Beginning with version 10.0.7.0, API Connect no longer uses the Cloud Pak cpd routes for endpoints when deployed as a component of Cloud Pak for Integration. Instead, the API Management component uses the typical default API Connect routes (or the custom endpoints configured in the CR).
- Click the YAML tab to manually edit the CR.
- Insert the
deprecatedCloudPakRoute
object into thespec.management
section as shown in the following example:apiVersion: apiconnect.ibm.com/v1beta1 kind: APIConnectCluster metadata: labels: app.kubernetes.io/instance: apiconnect app.kubernetes.io/managed-by: ibm-apiconnect app.kubernetes.io/name: apiconnect-minimum name: <name_of_your_instance> namespace: <APIC-namespace> spec: license: accept: true license: L-MMBZ-295QZQ metric: PROCESSOR_VALUE_UNIT use: nonproduction profile: n1xc17.m48 version: 10.0.8.0 storageClassName: <default-storage-class> management: deprecatedCloudPakRoute: enabled: true cloudPakEndpoint: hosts: - name: cpd-apic.apps.admin-<domain>.com
- Optional: If you want to add a custom certificate for the Cloud Pak route,
complete the following steps:
- Create a Cloud Pak certificate that was signed by a Cloud Pak CA as in the following
example:
--- apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: custom-cpd-ca namespace: apic spec: selfSigned: {} --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: custom-cpd namespace: apic spec: commonName: small-mgmt-cpd dnsNames: - cpd-apic.apps.admin-apickeycloak.cp.fyre.ibm.com duration: 17520h0m0s issuerRef: kind: Issuer name: custom-cpd-ca privateKey: algorithm: RSA rotationPolicy: Always size: 2048 renewBefore: 720h0m0s secretName: custom-cpd usages: - key encipherment - digital signature - server auth
- In the CR, provide the secret name within the
cloudPakEndpoint
property of the newdeprecatedCloudPakRoute
object; for example:spec: deprecatedCloudPakRoute: enabled: true cloudPakEndpoint: hosts: - name: cpd-apic.apps.admin-<domain>.com secretName: custom-cpd
- Create a Cloud Pak certificate that was signed by a Cloud Pak CA as in the following
example:
- Click Create to install API Connect.
-
To verify that your API Connect cluster is
successfully installed, run
oc get apic -n <APIC-namespace>.
-
Verify that you can log in to the API Connect Cloud Manager
UI:
- To determine the location for logging in, view all the
endpoints:
oc get routes -n <APIC-namespace>
- Locate the
mgmt-admin-apic
endpoint, and access the Cloud Manager UI. - Login as
admin
.When you install with the top-level CR, the password is auto-generated. To get the password, run the following commands:
oc get secret -n <APIC-namespace> | grep mgmt-admin-pass oc get secret -n <APIC-namespace> <secret_name_from_previous command> -o jsonpath="{.data.password}" | base64 -d && echo ""
- To determine the location for logging in, view all the
endpoints:
- Optional: Complete the following tasks:
- Increase the timeout settings for management endpoints, particularly for large deployments. See Configuring timeouts for management endpoints.
- Download the API Connect toolkit from the Cloud Manager UI or API Manager UI after installation is completed. See Installing the toolkit.
- Install a test environment. See Testing an API with the Local Test Environment.
Note: You can also install the Toolkit and Local Test Environment from IBM Fix Central. For a link to the latest files on Fix Central, see What's new in the latest release.
What to do next
Configure backups for all your API Connect subsystems: Backing up, restoring, and disaster recovery.