Installing the management subsystem

Install the management subsystem in your Kubernetes environment.

Before you begin

Before you start this task, you should have already:

About this task

Edit the custom resource template for the management system, apply the resource, verify that the pods are up and running, and verify that you can connect to the API Connect Cloud Manager.

Procedure

  1. Edit the management_cr template CR, to replace the placeholders with values for your deployment.
    $APP_PRODUCT_VERSION
    API Connect application version for the subsystems.
    version: <version_number>

    Example version number: 10.0.8.1

    $SECRET_NAME
    Use for image pull.
    imagePullSecrets:
      - apic-registry-secret
    $PROFILE

    Specify your management subsystem profile, where n indicates number of replicas, c number of cores, and m is the minimum memory allocation in GB. For more information on profiles, see Deployment and component profiles.

    $DOCKER_REGISTRY
    The host name of the Docker Registry to which you uploaded the installation images. For example:
    my.docker.registry.domain.example.com.
    $INGRESS_CLASS
    The ingress class that you want the endpoint to use. This property is optional and if not specified, the ingress class with annotation ingressclass.kubernetes.io/is-default-class: true is used. If such an ingress class does not exist in the Kubernetes environment, then nginx is used. If you do set this value, it must refer to a valid ingress class configured in your Kubernetes system.
    Note: This property is commented out in the template CR file. If you set this value, make sure to also uncomment it.
    $STACK_HOST
    The desired ingress subdomain for the API Connect stack. Used when specifying endpoints. Domain names that are used for endpoints cannot contain the underscore "_" character. You can do one of the following:
    • Subdomain customization only

      Accept the prefixes predefined for the ingress host names to use and just replace all instances of STACK_HOST to be the desired ingress subdomain for the API Connect stack. For example, if your host is myhost.subnet.example.com:

      cloudManagerEndpoint:
            < ... >
          hosts: 
          - name: admin.myhost.subnet.example.com
            secret: cm-endpoint
        
        apiManagerEndpoint:
             < ... >
          hosts: 
          - name: manager.myhost.subnet.example.com
            secret: apim-endpoint
        
        platformAPIEndpoint:
             < ... >
          hosts: 
          - name: api.myhost.subnet.example.com
            secret: api-endpoint
        
        consumerAPIEndpoint:
             < ... >
          hosts: 
          - name: consumer.myhost.subnet.example.com
            secret: consumer-endpoint
      
        consumerCatalogEndpoint:
             < ... >
          hosts: 
          - name: consumer-catalog.myhost.subnet.example.com
            secret: consumer-catalog-endpoint
    • Complete hostname customization

      Change both the predefined prefixes and the STACK_HOST subdomain to match your desired hostnames.

      For example, for cloudManagerEndpoint, you can replace admin.$STACK_HOST with my.cloudmgr.myhost.subnet.example.com, where my.cloudmgr replaces admin, and myhost.subnet.example.com replaces STACK_HOST. For example:

      cloudManagerEndpoint:
             < ... >
          hosts: 
          - name: my.cloudmgr.myhost.subnet.example.com
            secret: cm-endpoint

      You can do this for some or all of the host names, depending on your customization requirements.

    $STORAGE_CLASS
    The Kubernetes storage class to be used for Persistent Volume Claims. Find the available storage classes in the target cluster by running the following command: kubectl get sc.
    storageClassName: local-storage
  2. Edit the license: setting:
    1. Set accept: to true to accept the license. Note that the default value is false. If you do not accept the license, the Operator will not install the subsystem.
    2. Set metric: to track your product usage. Enter the unit of measure that is used for your program license:
      • PROCESSOR_VALUE_UNIT - Default value. If you leave the field blank, this value is used.
      • MONTHLY_API_CALL - Applies only to the IBM API Connect Hybrid Entitlement program.

      For information on tracking monthly call volume, see Tracking API volume for auditing and compliance.

    3. Set use: to either production or nonproduction, to match the license you purchased.
    4. Set license: to the License ID for the version of API Connect that you purchased. See API Connect licenses.

    Example entry to accept the license for a production system:

      license:
        accept: true
        metric: PROCESSOR_VALUE_UNIT 
        use: production
        license: L-RJON-BZ5LSE
  3. If installing with custom internal certificates, specify a site name.
    • The site name is used as the identifier for the PostgreSQL database cluster used by API Connect. This name should already have been decided upon and used to update the custom-certs-internal.yaml file as described in Generating custom certificates using cert-manager.
    • You must now add your chosen site name to management_cr.yaml, by creating a siteName property anywhere inside the spec block, set to the chosen site name:
      
        siteName: <site_name>

      Replace <site_name> with your chosen site name.

  4. It is recommended to allocate 100Gi for write-ahead logging (WAL) storage.

    The default storage is:

    • One replica profile - 30Gi
    • Three replica profile - 47Gi

    For best performance, edit the CR to add the following entries, and set volumeSize: to 100Gi:

    spec:
      dbArchiveVolumeClaimTemplate:
        storageClassName: <storage-class>
        volumeSize: <volume-size>
    
  5. Optional: If you are installing as part of a two data center disaster recovery set up, complete the steps in Installing a two data center deployment on Kubernetes before you apply the edited file.
  6. Install the management Custom Resource, replacing <namespace> with the target installation namespace in the Kubernetes cluster.
    kubectl apply -f management_cr.yaml -n <namespace>
  7. Verify that the management subsystem is fully installed:
    kubectl get ManagementCluster -n <namespace>

    The installation has completed when the READY status is True, and the SUMMARY reports that all services are online (e.g. 9/9). For example:

    NAME         READY   SUMMARY   VERSION    RECONCILED VERSION   AGE
    management   True   16/16       <version>   <version-build>       7m17s
  8. Check your connection to the Cloud Manager user interface on the management subsystem on your Cloud Manager endpoint.

    For example, if you accepted the default prefix of admin, and you set $STACK_HOST to myhost.subnet.example.com, the Cloud Manager endpoint URL is:

    https://admin.myhost.subnet.example.com/admin

    The first time that you access the Cloud Manager user interface, you enter admin for the user name and 7iron-hide for the password. You will be prompted to change the Cloud Administrator password and email address. For further details, see Accessing the Cloud Manager user interface.

  9. Backup your management subsystem database and infrastructure configuration: Backing up and restoring the management subsystem.

What to do next

If you are creating a new deployment of API Connect, install other subsystems as needed.

When you have completed the installation of all required API Connect subsystems, you can proceed to defining your API Connect configuration by using the API Connect Cloud Manager; refer to the Cloud Manager configuration checklist.