Running the apic-configsync utility as a cronjob on Kubernetes
enables the utility to be run on a timed basis, such as every 10 minutes.
Before you begin
Ensure that the following prerequisites are satisfied before attempting to configure the
cronjob:
About this task
You can configure the apic-configsync utility to run as a cronjob in an API
Connect deployment running on Kubernetes. The apic-configsync utility should
run as close to the target cluster as possible, so the cronjob should be configured to run within
the same Kubernetes environment as the target API Connect cluster.
Procedure
-
Download and extract the API Connect
Config Sync package.
- Extract the Config Sync image from the extracted API Connect Config
Sync package by running the following command:
tar xf ibm-apic-configsync-image.tar.gz
- Copy the extracted Config Sync image to the target registry.
For example, if you use skopeo, run the following command:
skopeo copy dir:./ibm-apic-configsync/ibm-apic-configsync-<version>/<tag> docker://<registry>/ibm-apic-configsync/ibm-apic-configsync-<version>:<tag>
Replace <version>
and
<tag>
with their actual values. To ensure that you use the
most recent values, copy them from the README file located in the root of the extracted API Connect
Config Sync package.
Replace <registry>
with the actual registry value for your
image registry. Refer to the skopeo documentation on configuring credentials for your destination
registry.
-
Define the environment variables for
the source and target catalogs.
- Create secrets to host configuration details for the source cluster and the target
cluster.
- Create a secret to host the configuration details for the source cluster in the
namespace where you intend to run the cronjob:
kubectl create secret --namespace <namespace> generic source-catalog-details \
--from-literal=SOURCE_MGMT_SERVER=$SOURCE_MGMT_SERVER \
--from-literal=SOURCE_ORG=$SOURCE_ORG \
--from-literal=SOURCE_REALM=$SOURCE_REALM \
--from-literal=SOURCE_ADMIN_USER=$SOURCE_ADMIN_USER \
--from-literal=SOURCE_ADMIN_PASSWORD=$SOURCE_ADMIN_PASSWORD \
--from-literal=SOURCE_CATALOG=$SOURCE_CATALOG \
--from-literal=SOURCE_TOOLKIT_CREDENTIALS_CLIENTID=$SOURCE_TOOLKIT_CREDENTIALS_CLIENTID \
--from-literal=SOURCE_TOOLKIT_CREDENTIALS_CLIENTSECRET=$SOURCE_TOOLKIT_CREDENTIALS_CLIENTSECRET
- Create a secret to host the configuration details for the target cluster in the
namespace where you intend to run the cronjob:
kubectl create secret --namespace <namespace> generic target-catalog-details \
--from-literal=TARGET_MGMT_SERVER=$TARGET_MGMT_SERVER \
--from-literal=TARGET_ORG=$TARGET_ORG \
--from-literal=TARGET_REALM=$TARGET_REALM \
--from-literal=TARGET_ADMIN_USER=$TARGET_ADMIN_USER \
--from-literal=TARGET_ADMIN_PASSWORD=$TARGET_ADMIN_PASSWORD \
--from-literal=TARGET_CATALOG=$TARGET_CATALOG \
--from-literal=TARGET_TOOLKIT_CREDENTIALS_CLIENTID=$TARGET_TOOLKIT_CREDENTIALS_CLIENTID \
--from-literal=TARGET_TOOLKIT_CREDENTIALS_CLIENTSECRET=$TARGET_TOOLKIT_CREDENTIALS_CLIENTSECRET
- Create the cronjob:
- Open the
helper_files/configsync-cronjob-k8s.yaml
file located in the
extracted API Connect Config Sync package.
- Modify the
schedule
property to specify how frequently the job will
run.
The minimum recommended schedule period is 1 minute; however, a deployment with a large number of
objects might require more time for the job to complete. Because concurrent jobs are not allowed,
the total time between the start of two consecutive jobs might be longer.
- Set the
concurrencyPolicy
to Forbid
.
Config Sync operates on a single source-target catalog pair at a time. If you want to sync
multiple different source-target catalog pairs, create a separate cronjob for each pair.
- In the
image
property, replace the
<registry>
variable with the actual registry value for your
image registry.
- Create the cronjob resource in the cluster by running the following command:
kubectl --namespace <namespace> apply -f helper_files/configsync-cronjob-k8s.yaml