Preparing the deployment environment

Configure the registry credentials, image pull secrets, and optional Watsonx credentials that are required to deploy DataPower Interact Gateway.

Before you begin

Make sure that you have obtained the product release files and installed the prerequisite components.
Note: The DataPower® Nano Gateway entitlement as part of DataPower Interact Gateway only allows the use of DataPower Nano Gateway. It does not entitle you to use any other DataPower components or capabilities.

About this task

In this task, you perform the following tasks.

  • Set the environment variables that are required for the deployment.
  • Create Kubernetes secrets for accessing the target container registries.
  • Optionally, create a Watsonx credentials secret to enable GenAI features.

Procedure

  1. Prepare the environment for operator installation and IDIG cluster deployment.
    Set the following environment variables that are required for the operator installation.
    Note: Make sure you have created the IDIG namespace and exported the namespace while installing the prerequisite components.
    
    #Set the endpoint domain that clients use to access the IDIG platform. Replace example.com with your domain name.
    export ENDPOINT_DOMAIN="example.com"
    
    #Set your docker registry credentials to pull container images.
    export DOCKER_USER="your-username"
    export DOCKER_PASSWORD="your-password"
    
    #Target registry URL
    export APIC_DOCKER_REGISTRY="target_registry_path"
  2. Navigate to the directory that contains the extracted release files.
    cd release-files
  3. Create Kubernetes secrets that DataPower Interact Gateway uses to authenticate with the target registry to pull container images.
    1. Create a secret for the Docker registry to pull the container images from the target registry (where you uploaded).
      
      kubectl create secret docker-registry apic-registry-secret \
        --docker-server=${APIC_DOCKER_REGISTRY} \
        --docker-username=${DOCKER_USER} \
        --docker-password=${DOCKER_PASSWORD} \
        -n ${KUBE_NAMESPACE}
    2. Verify that the secrets are created successfully.
      
      kubectl get secret apic-registry-secret -n ${KUBE_NAMESPACE}

      The output displays the secret with type kubernetes.io/dockerconfigjson.

  4. Create IBM entitlement key secret for the Docker registry to pull the DataPower Nano Gateway images from the IBM Container Registry.

    To install IDIG operators and IDIG cluster, the Docker registry must pull DataPower Nano Gateway images from the IBM Container Registry (ICR). Therefore, you must create an entitlement key secret that allows the Docker registry to authenticate with the ICR registry and pull the required images.

    1. Obtain an entitlement key.
      1. Sign in to IBM Container Library.
      2. From Entitlement keys section, click Add new key and copy the entitlement key.
      3. Save the entitlement key for use in the next step.
    2. Create the entitlement key secret.
      
      kubectl create secret docker-registry ibm-entitlement-key \
        --docker-server=cp.icr.io/cp/datapower \
        --docker-username=cp \
        --docker-password=your-entitlement-key \
        -n ${KUBE_NAMESPACE}
      
      Where:
      • ibm-entitlement-key is the secret name.
      • cp.icr.io/cp/datapower is the IBM Container Registry URL.
      • cp is the user name.
      • your-entitlement-key is the entitlement key that you copied from the IBM Container Registry.
    3. Verify that the secret is created.
      kubectl get secret ibm-entitlement-key -n ${KUBE_NAMESPACE}

      The output displays the secret with type kubernetes.io/dockerconfigjson.

  5. Optional: Create the Watsonx credentials secret if you want to enable the GenAI service for AI-powered enhancements.
    Important: This step is optional. If you do not create the Watsonx credentials secret, the GenAI service is not deployed. All other DataPower Interact Gateway components continue to function normally.
    1. If you have WatsonX credentials, create the secret.
      
      #Set the Watsonx credentials.
      export WATSONX_API_KEY="your-watsonx-api-key"
      export WATSONX_PROJECT_ID="your-project-id"
      
      #Create the Watsonx credentials secret.
      cat <<EOF | kubectl -n ${KUBE_NAMESPACE} apply -f -
      apiVersion: v1
      kind: Secret
      metadata:
        name: watsonx-credentials
        namespace: ${KUBE_NAMESPACE}
      type: Opaque
      stringData:
        WATSONX_API_KEY: "${WATSONX_API_KEY}"
        WATSONX_PROJECT_ID: "${WATSONX_PROJECT_ID}"
      EOF
    2. Verify that the secret is created successfully.
      kubectl get secret watsonx-credentials -n ${KUBE_NAMESPACE}
  6. Continue to install operators.