API Connect on Kubernetes, OpenShift, and Cloud Pak for Integration
Understand the Kubernetes artifacts that make up the analytics subsystem, and how to configure your AnalyticsCluster CR.
The AnalyticsCluster Custom Resource (CR)
Your analytics subsystem is defined by a Custom Resource (CR) called
AnalyticsCluster
. Throughout this documentation, the
AnalyticsCluster
CR is also referred to as the analytics CR
.
AnalyticsCluster
CR. How you
edit the CR depends on your platform:- Kubernetes and OpenShift individual subsystem CRs: Edit the
AnalyticsCluster
directly. - Cloud Pak for Integration and OpenShift
top-level CR: Edit the analytics section of the top-level CR. When saved, the changes to the
top-level CR are applied to
AnalyticsCluster
CR. If you change theAnalyticsCluster
CR directly, changes can be overwritten by the top-level CR.
a7s
can be used instead of
AnalyticsCluster
when you edit the CR. For
example:kubectl edit a7s
instead
of:kubectl edit AnalyticsCluster
The properties that you can configure in the AnalyticsCluster
CR are listed in
Analytics CR properties reference.
Ingresses
The analytics subsystem has one ingress, called the ingestion endpoint
. The ingestion
endpoint serves requests coming from both the management subsystem and the gateway. The management
subsystem communicates with the ingestion endpoint to query API event data stored by the analytics
subsystem, and also to manage the analytics subsystem. The gateway sends API event data to the
ingestion endpoint.
The ingestion endpoint is listed as ai-endpoint
or <instance
name>-ai-endpoint
in the output of kubectl get ingress
.
routesare used instead of ingresses. The functions of the ingestion endpoint are the same for both the Kubernetes
ai-endpoint
ingress and the OpenShift
ai-endpoint
route.Pods
Name | Description |
---|---|
osinit |
OpenSearch initialization
job. This pod is in completed state after installation. |
oscron |
Manages the jobs that transform API event data into summary data. Runs every 15 minutes. |
director |
Manages the analytics subsystem. The director pod serves all requests that come from the management subsystem, such as: initial subsystem registration, queries for analytics data, management of saved queries, and changes to retention settings. |
ingestion |
Logstash-based data pipeline that receives the API event data from the gateway, applies any ingestion filters that the user configures, and forwards the events to the storage pods and/or to third-party offload targets. |
mtls-gw |
Secures all communication that arrives on the analytics ingestion endpoint, forwarding
communication from the management subsystem to the director pod, and communication
from the gateway to the ingestion pod. |
storage |
The storage pods contain the OpenSearch database that stores all
the analytics data. By default the storage pods also run the OpenSearch cluster management tasks.
If dedicated storage is enabled the OpenSearch cluster management tasks
are done by the storage-os-master pods, and the storage pods
contain just the analytics data. |
storage-os-master |
The storage-os-master pod exists only on deployments where dedicated storage is enabled. The
storage-os-master pods manage the OpenSearch cluster, while the
storage pods are dedicated to the storage of the analytics data. |
warehouse |
The warehouse pod stores your local backups and stages them for transmission
to your remote SFTP server or object-store. |
PersistentVolumeClaims (PVCs)
Name | Description |
---|---|
data-analytics-storage-<integer> |
The PVC that stores your analytics data. A
data-analytics-storage-<integer> PVC is created for each analytics
storage pod. The <integer> is the replica number, starting from
0. |
data-analytics-storage-os-master-<integer> |
If dedicated storage is enabled,
then the storage-os-master PVCs are created. Each
storage-os-master PVC corresponds to a storage-os-master pod. The
<integer> corresponds to the pod replica number, starting from 0. The PVC stores
data that is related to the management of your OpenSearch cluster. |
data-analytics-ingestion-<integer> |
If the persistent queue
feature is enabled, a data-analytics-ingestion-<integer> PVC is created for each
ingestion pod. The data-analytics-ingestion-<integer> PVC
stores API event data temporarily when the ingestion pod is unable to forward the
data to the storage pods. The <integer> corresponds to the pod
replica number, starting from 0. |
data-a7s-warehouse |
If backups are enabled, then local backups are stored on this PVC. |
Certificates
Certificate name | Issuer | Description |
---|---|---|
analytics-ai-endpoint or a7s-ai-endpoint |
ingress-issuer |
Server certificate used on the analytics ingestion endpoint, in the If this certificate is updated, restart the |
analytics-ca or a7s-ca |
selfsigning-issuer |
The issuer for the analytics-client and
analytics-server certificates. Communication between analytics subsystem pods fails
if there is a problem with this certificate.If you update this certificate, you must then update
the
analytics-client and analytics-server server certificates, and
then ensure that the following pods are restarted:
|
analytics-client or a7s-client |
analytics-ca |
Client certificate used in communication between analytics subsystem
pods. Communication between analytics subsystem pods fails if there is a problem with this
certificate. If this certificate is updated, then the |
analytics-server or a7s-server |
analytics-ca |
Server certificate used in communication between analytics subsystem
pods. Communication between analytics subsystem pods fails if there is a problem with this
certificate. Required DNS names within the SAN section are:
If this certificate is updated, then the
|