Running Config Sync as a cronjob on Kubernetes

Running the apic-configsync utility as a cronjob on Kubernetes enables the utility to be run on a timed basis, such as every 10 minutes.

Before you begin

Ensure that the following prerequisites are satisfied before attempting to configure the cronjob:

  • Ensure that you have a tool available for copying the image into your image registry.

    The examples in this topic use skopeo to copy the image to the target registry, but you could use equivalent docker or podman commands instead.

About this task

You can configure the apic-configsync utility to run as a cronjob in an API Connect deployment running on Kubernetes. The apic-configsync utility should run as close to the target cluster as possible, so the cronjob should be configured to run within the same Kubernetes environment as the target API Connect cluster.

Procedure

  1. Download and extract the API Connect Config Sync package.
  2. Extract the Config Sync image from the extracted API Connect Config Sync package by running the following command:
    tar xf ibm-apic-configsync-image.tar.gz
  3. Copy the extracted Config Sync image to the target registry.

    For example, if you use skopeo, run the following command:

    skopeo copy dir:./ibm-apic-configsync/ibm-apic-configsync-<version>/<tag> docker://<registry>/ibm-apic-configsync/ibm-apic-configsync-<version>:<tag>

    Replace <version> and <tag> with their actual values. To ensure that you use the most recent values, copy them from the README file located in the root of the extracted API Connect Config Sync package.

    Replace <registry> with the actual registry value for your image registry. Refer to the skopeo documentation on configuring credentials for your destination registry.

  4. Define the environment variables for the source and target catalogs.
  5. Create secrets to host configuration details for the source cluster and the target cluster.
    1. Create a secret to host the configuration details for the source cluster in the namespace where you intend to run the cronjob:
      kubectl create secret --namespace <namespace> generic source-catalog-details \
          --from-literal=SOURCE_MGMT_SERVER=$SOURCE_MGMT_SERVER \
          --from-literal=SOURCE_ORG=$SOURCE_ORG \
          --from-literal=SOURCE_REALM=$SOURCE_REALM \
          --from-literal=SOURCE_ADMIN_USER=$SOURCE_ADMIN_USER \
          --from-literal=SOURCE_ADMIN_PASSWORD=$SOURCE_ADMIN_PASSWORD \
          --from-literal=SOURCE_CATALOG=$SOURCE_CATALOG \
          --from-literal=SOURCE_TOOLKIT_CREDENTIALS_CLIENTID=$SOURCE_TOOLKIT_CREDENTIALS_CLIENTID \
          --from-literal=SOURCE_TOOLKIT_CREDENTIALS_CLIENTSECRET=$SOURCE_TOOLKIT_CREDENTIALS_CLIENTSECRET
    2. Create a secret to host the configuration details for the target cluster in the namespace where you intend to run the cronjob:
      kubectl create secret --namespace <namespace> generic target-catalog-details \
          --from-literal=TARGET_MGMT_SERVER=$TARGET_MGMT_SERVER \
          --from-literal=TARGET_ORG=$TARGET_ORG \
          --from-literal=TARGET_REALM=$TARGET_REALM \
          --from-literal=TARGET_ADMIN_USER=$TARGET_ADMIN_USER \
          --from-literal=TARGET_ADMIN_PASSWORD=$TARGET_ADMIN_PASSWORD \
          --from-literal=TARGET_CATALOG=$TARGET_CATALOG \
          --from-literal=TARGET_TOOLKIT_CREDENTIALS_CLIENTID=$TARGET_TOOLKIT_CREDENTIALS_CLIENTID \
          --from-literal=TARGET_TOOLKIT_CREDENTIALS_CLIENTSECRET=$TARGET_TOOLKIT_CREDENTIALS_CLIENTSECRET
  6. Create the cronjob:
    1. Open the helper_files/configsync-cronjob-k8s.yaml file located in the extracted API Connect Config Sync package.
    2. Modify the schedule property to specify how frequently the job will run.

      The minimum recommended schedule period is 1 minute; however, a deployment with a large number of objects might require more time for the job to complete. Because concurrent jobs are not allowed, the total time between the start of two consecutive jobs might be longer.

    3. Set the concurrencyPolicy to Forbid.

      Config Sync operates on a single source-target catalog pair at a time. If you want to sync multiple different source-target catalog pairs, create a separate cronjob for each pair.

    4. In the image property, replace the <registry> variable with the actual registry value for your image registry.
    5. Create the cronjob resource in the cluster by running the following command:
      kubectl --namespace <namespace> apply -f helper_files/configsync-cronjob-k8s.yaml