Installing API Connect on the active data center

Add the multiSiteHA configuration to the API Connect Management and Portal CR YAML files before they are applied.

Before you begin

Verify that all the secrets, certificates, and issuers are ready:
oc get secrets -n <namespace>
ingress-ca                kubernetes.io/tls                     3      3d21h
mgmt-replication-client   kubernetes.io/tls                     3      3d21h
ptl-replication-client    kubernetes.io/tls                     3      3d21h

oc get certs -n <namespace>
ingress-ca                True    ingress-ca                3d21h   2032-08-15T13:01:47Z
mgmt-replication-client   True    mgmt-replication-client   3d21h   2024-08-17T13:04:27Z
ptl-replication-client    True    ptl-replication-client    3d21h   2024-08-17T13:04:26Z

oc get issuer -n <namespace>
ingress-issuer   True    3d21h
self-signed      True    3d21h
Where <namespace> are the namespaces you created for API Connect.
Note: If you have separate namespaces for Management and Portal subsystems, then run the check in both namespaces. You should not see the mgmt-replication-client in the portal namespace, nor the ptl-replication-client in the management namespace.

Procedure

  1. Follow these steps for installing the Management subsystem on OpenShift Installing the management subsystem in a shared namespace, but add the encryptionSecret and multiSiteHA section to the mgmt_cr.yaml file:
      siteName: <dc1 site name>
      encryptionSecret:
        secretName: mgmt-encryption-key
      multiSiteHA:
        mode: active
        replicationEndpoint:
          annotations:
            cert-manager.io/issuer: ingress-issuer
          hosts:
          - name: mgmt-replication.<active data center ingress domain>
            secretName: mgmt-replication-server
        replicationPeerFQDN: mgmt-replication.<warm-standby data center ingress domain>
        tlsClient:
          secretName: mgmt-replication-client
    where
    • <dc1 site name> is the site name for this data center, as decided in Planning and initial preparation.
    • <active data center ingress domain> and <warm-standby data center ingress domain> can be determined by running the command oc get ingresses.config/cluster -o jsonpath={.spec.domain} in each data center.
    Note: If you are installing the Management subsystem in a separate namespace, these same steps apply.
  2. Apply the update mgmt_cr.yaml file as directed in Installing the management subsystem in a shared namespace. You can monitor the deployment with:
    oc get ManagementCluster -n <management namespace>
    NAME         READY   STATUS    VERSION    RECONCILED VERSION   MESSAGE AGE
    management   n/n   Running   10.0.8.0   10.0.8.0-1281        Management is ready. HA status Warning - see HAStatus in CR for details 74m
  3. Follow these steps for installing the Portal subsystem on OpenShift Installing the portal subsystem in a shared namespace, but add the encryptionSecret and multiSiteHA section to the portal_cr.yaml file.
      siteName: <dc1 site name>
      encryptionSecret:
        secretName: ptl-encryption-key
      multiSiteHA:
        mode: active
        replicationEndpoint:
          annotations:
            cert-manager.io/issuer: ingress-issuer
          hosts:
          - name: ptl-replication.<active data center ingress domain>
            secretName: ptl-replication-server
        replicationPeerFQDN: ptl-replication.<warm-standby data center ingress domain>
        tlsClient:
          secretName: ptl-replication-client
    where
    • <dc1 site name> is the site name for this data center, as decided in Planning and initial preparation.
    • <active data center ingress domain> and <warm-standby data center ingress domain> can be determined by running the command oc get ingresses.config/cluster -o jsonpath={.spec.domain} in each data center.
    Note: If you are installing the Portal subsystem in a separate namespace, these same steps apply.
  4. Apply the updated portal_cr.yaml file as directed in Installing the portal subsystem in a shared namespace.
    oc get PortalCluster -n <portal namespace>
    NAME     READY   STATUS    VERSION    RECONCILED VERSION   AGE
    portal   6/6     Running   10.0.8.0   10.0.8.0-1281        49m

Results

Confirm that the management subsystem is ready, but in Warning state with oc get mgmt:
oc get mgmt -n <namespace>


NAME         READY   STATUS    VERSION      RECONCILED VERSION   MESSAGE                                                                          AGE
management   n/n     Warning   10.0.8.0-0   10.0.8.0-0           Management is ready. HA Status Warning - see HAStatus in CR for details   8m59s
oc get mgmt -n <namespace> -o yaml

...
status:
  haStatus
    {
      "lastTransitionTime": "2023-12-31T19:47:08Z",
      "message": "Replication not working, install or upgrade in progress.",
      "reason": "na",
      "status": "True",
      "type": "Pending"
   }
The management CR is expected to report the status of Warning until the warm-standby management subsystem is deployed, and both management subsystems complete data replication. When you see the status message Management is ready. HA Status Warning - see HAStatus in CR for details, you can move on to Installing API Connect on the warm-standby data center.

What to do next

Install API Connect in your warm-standby data center Installing API Connect on the warm-standby data center.

Deploy your Gateway and Analytics subsystems in your active data center. For shared namespace: Installing API Connect in a single namespace on OpenShift or multiple namespaces: Installing API Connect subsystems in different namespaces or environments on OpenShift.