Installing the management subsystem in a shared namespace

Install the management subsystem by creating and applying the mgmt_cr.yaml file.

Before you begin

Complete the following tasks to prepare for deploying API Connect:

  1. Preparing for installation
  2. Installing operators
  3. Setting up a certificate issuer

About this task

Use the OpenShift CLI to edit the custom resource template for the management subsystem then apply the resource. Verify that the pods are up and running, and validate that you can connect to the API Connect Cloud Manager.

Procedure

  1. Create a file that is called mgmt_cr.yaml and paste in the following content:
    #
    # Licensed under the Apache License, Version 2.0 (the "License");
    # you may not use this file except in compliance with the License.
    # You may obtain a copy of the License at
    #
    #     http://www.apache.org/licenses/LICENSE-2.0
    #
    # Unless required by applicable law or agreed to in writing, software
    # distributed under the License is distributed on an "AS IS" BASIS,
    # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    # See the License for the specific language governing permissions and
    # limitations under the License.
    #
    
    
    apiVersion: management.apiconnect.ibm.com/v1beta1
    kind: ManagementCluster
    metadata:
      name: management
      labels:
        app.kubernetes.io/instance: management
        app.kubernetes.io/managed-by: ibm-apiconnect
        app.kubernetes.io/name: management
      annotations:
        apiconnect-operator/cp4i: "false"
    spec:
      version: $APP_PRODUCT_VERSION
      profile: $PROFILE
      portal:
        admin:
          secretName: portal-admin-client
      analytics:
        ingestion:
          secretName: analytics-ingestion-client
      gateway:
        client:
          secretName: gateway-client-client
      cloudManagerEndpoint:
        annotations:
          cert-manager.io/issuer: ingress-issuer
        hosts:
        - name: admin.$STACK_HOST
          secretName: cm-endpoint
      apiManagerEndpoint:
        annotations:
          cert-manager.io/issuer: ingress-issuer
        hosts:
        - name: manager.$STACK_HOST
          secretName: apim-endpoint
      platformAPIEndpoint:
        annotations:
          cert-manager.io/issuer: ingress-issuer
        hosts:
        - name: api.$STACK_HOST
          secretName: api-endpoint
      consumerAPIEndpoint:
        annotations:
          cert-manager.io/issuer: ingress-issuer
        hosts:
        - name: consumer.$STACK_HOST
          secretName: consumer-endpoint
      consumerCatalogEndpoint:
        annotations:
          cert-manager.io/issuer: ingress-issuer
        hosts: 
        - name: consumer-catalog.myhost.subnet.example.com
          secretName: consumer-catalog-endpoint
      databaseVolumeClaimTemplate:
        storageClassName: $STORAGE_CLASS
      microServiceSecurity: certManager
      certManagerIssuer:
        name: selfsigning-issuer
        kind: Issuer
      license:
        accept: $LICENSE_ACCEPTANCE
        use: $LICENSE_USE
        license: '$LICENSE_ID'
     
    
  2. Edit the YAML file and replace the variables:
    $APP_PRODUCT_VERSION
    API Connect application version for the subsystems.
    version: <version_number>

    Example version number: 10.0.8.1

    $PROFILE

    Specify your management subsystem profile, where n indicates number of replicas, c number of cores, and m is the minimum memory allocation in GB. For more information on profiles, see Deployment and component profiles.

    $STACK_HOST
    The desired ingress subdomain for the API Connect stack. Used when specifying endpoints. Domain names that are used for endpoints cannot contain the underscore "_" character. You can do one of the following:
    • Subdomain customization only

      Accept the prefixes predefined for the ingress host names to use and replace all instances of STACK_HOST to be the desired ingress subdomain for the API Connect stack. For example, if your host is myhost.subnet.example.com:

      cloudManagerEndpoint:
            < ... >
          hosts: 
          - name: admin.myhost.subnet.example.com
            secretName: cm-endpoint
        
        apiManagerEndpoint:
             < ... >
          hosts: 
          - name: manager.myhost.subnet.example.com
            secretName: apim-endpoint
        
        platformAPIEndpoint:
             < ... >
          hosts: 
          - name: api.myhost.subnet.example.com
            secretName: api-endpoint
        
        consumerAPIEndpoint:
             < ... >
          hosts: 
          - name: consumer.myhost.subnet.example.com
            secretName: consumer-endpoint
      
        consumerCatalogEndpoint:
             < ... >
          hosts: 
          - name: consumer-catalog.myhost.subnet.example.com
            secretName: consumer-catalog-endpoint
    • Complete hostname customization

      Change both the predefined prefixes and the STACK_HOST subdomain to match your desired hostnames.

      For example, for cloudManagerEndpoint, you can replace admin.$STACK_HOST with my.cloudmgr.myhost.subnet.example.com, where my.cloudmgr replaces admin, and myhost.subnet.example.com replaces STACK_HOST. For example:

      cloudManagerEndpoint:
             < ... >
          hosts: 
          - name: my.cloudmgr.myhost.subnet.example.com
            secretName: cm-endpoint

      You can do this for some or all of the host names, depending on your customization requirements.

    $STORAGE_CLASS
    The OCP storage class to be used for Persistent Volume Claims. Find the available storage classes in the target cluster by running the following command: oc get sc.
    storageClassName: local-storage
    $LICENSE_ACCEPTANCE
    Set accept to true. You must accept the license to successfully deploy API Connect.
    $LICENSE_USE
    Set use to either production or nonproduction to match the license that you purchased.
    $LICENSE_ID
    Set license: to the license ID for the version of API Connect that you purchased. See API Connect licenses.
  3. Optional: If Cloud Pak for Integration is installed, and you want your API Connect installation to be integrated with it, then set metadata.annotations.apiconnect-operator/cp4i to true.

    This annotation enables integration with Cloud Pak for Integration.

  4. Install the management subsystem by applying the modified CR with the following command:
    oc apply -f mgmt_cr.yaml -n <management_namespace>
  5. Verify that the management subsystem is fully installed by running the following command:
    oc get ManagementCluster -n <management_namespace>

    The installation is complete when the READY status is True, and the SUMMARY reports that all services are online:

    NAME         READY   SUMMARY   VERSION    RECONCILED VERSION   AGE
    management   True   16/16       <version>   <version-build>       7m17s
  6. Verify that you can log in to the API Connect Cloud Manager UI:
    1. Determine the URL for the Cloud Manager UI by running the following command to view the API Connect endpoints:
      oc get routes -n <management_namespace>
    2. Locate the management-admin endpoint, and note it down.
    3. Determine the Cloud Manager administrator password by running the following commands:
      oc get secret -n <management-namespace> | grep management-admin-secret
      
      oc get secret -n <management-namespace> <secret_name_from_previous command> -o jsonpath="{.data.password}" | base64 -d && echo ""
    4. Open a browser and go to the management-admin-apic endpoint.
    5. Log in to the Cloud Manager as admin with the administrator password.
  7. Store all secrets and passwords in a safe place.
  8. Backup your management subsystem database and infrastructure configuration: Backing up and restoring the management subsystem.

What to do next

If you are creating a new deployment of API Connect, install other subsystems as needed.

When you have completed the installation of all required API Connect subsystems, you can proceed to defining your API Connect configuration by using the API Connect Cloud Manager; refer to the Cloud Manager configuration checklist.