Configuring IBM API Connect monitoring in Unified Agent

When you deploy the Unified Agent, you can select to install IBM APIC plug-in to monitor IBM API Connect. It can help to determine the health status of the APIC cluster in Kubernetes by retrieving data from Kubernetes API Server, and also gathers APIC Cloud Information from APIC REST APIs including cloud settings, registered services, and cloud events.

Prerequisites

Before you configure the APIC plug-in in Unified Agent, you must enable the APIC plug-in to access the API Connect REST API. The APIC plug-in must be registered with the API Connect cloud, by using the apic registrations:create API Connect toolkit CLI command. Refer to the Obtaining a Client ID and Secret section of Open API Explorer Documentation for more details.

Log in to the API Connect server as an admin user that is used for the apic login command.
```
$apic login --username $APIC_USERNAME --password $APIC_PASSW0RD --server $APIC_HOST --realm admin/default-idp-1
```
Where
- APIC_USERNAME is the username to log in to APIC server, for example, admin.
- APIC_PASSWORD is the password to log in to APIC server, for example, passw0rd.

Use the JSON content (ibmapicplugin.json) for the registering parameters:

{
  "name": "ibmapicplugin",
  "client_id": "ibmapicpluginid", 
  "client_secret": "apicsecret",
  "client_type": "ui"
}

Use this registration command to register this plug-in:

$ apic registrations:create --server $APIC_HOST ibmapicplugin.json

Procedure

To deploy the Unified Agent with APIC monitoring, you need to configure the authorization to log in APIC server. For the password, you must first create base64 password, set the password value in ua-secrets, and then type the key in the CR of the IBM APIC plug-in.

Get the base64 password for the APIC server, for example, if your server password is passw0rd, run the following command:
```
echo -n 'passw0rd' | base64 -w0
```
Edit ua-secrets to set the based64 password by running the following command:
```
kubectl edit secret ua-secrets
```
Set the password value to what you get in step 1. If you get cGFzc3cwcmQ= in step 1, edit ua-secrets as the following value:
```
apiVersion: v1
data:
  ibmapic.password: cGFzc3cwcmQ=
kind: Secret
```
Note:
- ibmapic.password is the secret key that you need to input in the plug-in CR.
- cGFzc3cwcmQ= is the password value that you need to input in the ua-secrets.
- If you update the password, repeat steps 1-3 to get the new secret.
Edit the ua-ibmapic CR by running the following command:
```
kubectl edit UA ua-ibmapic
```
Locate the section of [[inputs.ibmapic]].
Enter the IBM API Connect server hostname of IBM API Connect Cloud Manager, for example, ui.apic.server.com.
Enter the username of IBM API Connect server, the default is admin.
For the password_sec field, enter the password of IBM API Connect server that you get in step 3, for example, ibmapic.password.

Enter the namespace in which IBM API Connect cluster is deployed. The default is apiconnect.

See the following example of the configured CR:

[[inputs.ibmapic]]
# APIC server
server =  "ui.apic.coc.icp"

# username of APIC server
username = "admin"

## Note: the value used here is consistent with the key in ua-secrets
password_sec = "ibmapic.password"

# namespace of APIC Cloud
namespace =  "apiconnect"

# optional: HTTP response timeout (default: 5s)
#response_timeout = "5s"

Make sure that the enabled state is true and save the CR.

Results

The IBM API Connect plug-in is successfully enabled and configured in Unified Agent.