Create the installation CR for API Connect analytics so that you can deploy the analytics
subsystem.
About this task
To install the analytics subsystem, define the analytics Custom Resource (CR) in a YAML file. The
YAML file contains all of your configuration settings for the analytics deployment. Use the file to
install, upgrade, and update the configuration of your analytics subsystem.
Note: The
analytics_cr.yaml template file is stored in the directory where you extracted
helper_files.zip.
Procedure
-
Create or copy the analytics_cr.yaml file from the helper_files.
-
Edit the CR file and update the following settings:
You cannot install the analytics subsystem until the placeholders are replaced with real values
for your environment.
$APP_PRODUCT_VERSION- API Connect application version for the subsystems.
version: <version_number>
Example version number: 10.0.8.2-ifix2
$PROFILE-
Specify your analytics subsystem profile, where
n indicates number of replicas,
c number of cores, and
m is the minimum memory allocation in GB.
For more information on profiles, see
Deployment and component profiles.
Note: The
profile that you select influences your storage type options. If you select an
n1
profile then you must select the
shared storage type. For more information about
storage types, see
storage types.
$SECRET_NAME- The name of the secret used to pull images from the Docker
registry.
imagePullSecrets:
- apic-registry-secret
$DOCKER_REGISTRY- The hostname of the Docker Registry to which you uploaded the installation images. For
example:
my.docker.registry.domain.example.com.
- $INGRESS_CLASS
-
The ingress class that you want the endpoint to use. This property is optional and if not
specified, the ingress class with annotation
ingressclass.kubernetes.io/is-default-class:
true is used. If such an ingress class does not exist in the Kubernetes environment, then
nginx is used. If you do set this value, it must refer to a valid ingress class
configured in your Kubernetes system.
Note: This property is commented out in the template CR file.
If you set this value, make sure to also uncomment it.
$STACK_HOST- The ingress subdomain for the API Connect stack. Used for
the ingestion endpoint. Domain names that are used for endpoints cannot contain the underscore "_"
character. You can customize the subdomain or the complete hostname:
- Subdomain customization only
Accept the prefixes predefined for the ingress hostnames to use
and replace all instances of $STACK_HOST with the ingress subdomain for the API Connect stack. For
example, if your host is myhost.subnet.example.com:
ingestion:
endpoint:
< ... >
hosts:
- name: ai.myhost.subnet.example.com
secretName: analytics-ai-endpoint
< .... >
$STORAGE_TYPE- If you selected an n1 (one replica) profile in
$PROFILE, then set $STORAGE_TYPE to shared. If
you selected an n3 (three replica)
profile, then set $STORAGE_TYPE to dedicated. For more information
about analytics storage types, see Storage type.
$STORAGE_CLASS- The Kubernetes storage class to be used for persistent volume claims. For more information, see
Analytics preinstallation planning. Find the available storage
classes in the target cluster by running the following command:
kubectl get sc.
- For shared storage deployments (where you set
$STORAGE_TYPE to
shared): storage:
type: shared
shared:
volumeClaimTemplate:
storageClassName: local_storage
- For dedicated storage deployments (where you set
$STORAGE_TYPE to
dedicated), set $STORAGE_CLASS in two
places: storage:
type: dedicated
shared:
volumeClaimTemplate:
storageClassName: local_storage
...
master:
volumeClaimTemplate:
storageClassName: local_storage
...
- $DATA_VOLUME_SIZE
-
Replace
$DATA_VOLUME_SIZE with the value that you calculated in
Estimating storage requirements. If you are unable to estimate your storage requirement then
set it to 500Gi.
storage:
...
shared:
volumeClaimTemplate:
...
volumeSize: 500Gi
- Edit the
license setting.
- Set
accept: to true to accept the license. The
default value is false. If you do not accept the license, the Operator does not
install the subsystem.
- Set
metric: to track your product usage. Enter the unit of measure
that is used for your program license:
- PROCESSOR_VALUE_UNIT - Default value. If you leave the field blank, this value is used.
- MONTHLY_API_CALL - Applies only to the IBM API Connect Hybrid Entitlement program.
For information on tracking monthly call volume, see Counting
total API calls.
- Set
use: to either production or
nonproduction to match the license you purchased.
- Set
license: to the license ID for the version of API Connect that
you purchased. See API Connect licenses.
Example entry to accept the license for a production system:
license:
accept: true
metric: PROCESSOR_VALUE_UNIT
use: production
license: L-RJON-CEBL97
- Optional: If you want to disable mTLS for
communications between the
management and analytics subsystem, and between the gateway and analytics subsystem, and enable
JWT instead, then add and set the properties
mtlsValidateClient and
jwksUrl. spec:
...
mtlsValidateClient: false
jwksUrl: <JWKS URL>
where
<JWKS URL> is the URL of the JWKS endpoint that is hosted on the management
subsystems. To find out the jwksUrl, describe the management CR and check the
status:
section:kubectl describe mgmt -n <namespace>
...
status:
- name: jwksUrl
secretName: api-endpoint
type: API
uri: https://api.apic.acme.com/api/cloud/oauth2/certs
For more information about JWT security, see Enable JWT security instead of mTLS.Note: It is not possible to use JWT on the V5 compatible gateway to analytics message
flow.
- Optional: If you plan to configure analytics database backups, then define the storage that is required
for backups:
Define your backup PVC by adding the
backup.volumeClaimTemplate property in
spec.storage. For example:
spec:
storage:
backup:
volumeClaimTemplate:
storageClassName: <storage class>
volumeSize: <size>
If you are not sure of the volume
size that you need, then you can configure the backup.volumeClaimTemplate after
installation.
-
Save the file.