Deploy the API Connect Gateway subsystem on the Linux x86_64 cluster.
Procedure
- Create a file called gateway-certs.yaml with the following
contents:
Replace <apiconnectCluster_name>
with the name of the API
Connect cluster.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
---
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gateway-service
labels: {
app.kubernetes.io/instance: "gatewaycluster",
app.kubernetes.io/managed-by: "ibm-apiconnect",
app.kubernetes.io/name: "gateway-service"
}
spec:
commonName: gateway-service
secretName: gateway-service
issuerRef:
name: <apiconnectCluster_name>-ingress-issuer
usages:
- "client auth"
- "signing"
- "key encipherment"
duration: 17520h # 2 years
renewBefore: 48h
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gateway-peering
labels: {
app.kubernetes.io/instance: "gatewaycluster",
app.kubernetes.io/managed-by: "ibm-apiconnect",
app.kubernetes.io/name: "gateway-peering"
}
spec:
commonName: gateway-peering
secretName: gateway-peering
issuerRef:
name: <apiconnectCluster_name>-ingress-issuer
usages:
- "server auth"
- "client auth"
- "signing"
- "key encipherment"
duration: 17520h # 2 years
renewBefore: 48h
- Run the following command to apply the gateway-certs.yaml file to
the target namespace of the Linux x86_64 :
oc apply -f gateway-certs.yaml -n <namespace>
- Run the following command to create the secret for the admin user of the Gateway:
oc create secret generic admin-secret --from-literal=password=admin -n <namespace>
- Create a file called gateway_cr.yaml containing the desired Gateway
CR configuration; for example:
Replace <apiconnectCluster_name>
with the name of the API
Connect cluster, and supply appropriate values for
<license_ID>
and
<block_storage>
.
apiVersion: gateway.apiconnect.ibm.com/v1beta1
kind: GatewayCluster
metadata:
name: apic-prod-gw
labels:
app.kubernetes.io/instance: gateway
app.kubernetes.io/managed-by: ibm-apiconnect
app.kubernetes.io/name: gateway
spec:
license:
accept: true
license: <license_ID>
use: nonproduction
apicGatewayServiceTLS:
secretName: gateway-service
profile: n3xc4.m8
apicGatewayPeeringTLS:
secretName: gateway-peering
version: 10.0.5.0
tokenManagementService:
enabled: true
storage:
storageClassName: <block_storage>
volumeSize: 30Gi
gatewayEndpoint:
annotations:
cert-manager.io/issuer: <apiconnectCluster_name>-ingress-issuer
apicGatewayServiceV5CompatibilityMode: false
adminUser:
secretName: admin-secret
datapowerLogLevel: 5
gatewayManagerEndpoint:
annotations:
cert-manager.io/issuer: <apiconnectCluster_name>-ingress-issuer
- Run the following command to apply the gateway CR:
oc apply -f gateway_cr.yaml -n <namespace>
- Run the following command to verify that the gateway cluster reports all services as
READY:
oc get gatewaycluster -n <namespace>