Installing a two data center deployment
Additional installation instructions explaining how to deploy a two data center disaster recovery (DR) deployment on Kubernetes and OpenShift.
Before you begin
Ensure that you understand the concepts of two data center disaster recovery in API Connect. For more information, see A two data center deployment strategy on Kubernetes and OpenShift.
You must download the operator files and custom resource definitions for use during installation onto both of your data centers. Ensure that you complete the instructions for Deploying operators.
Familiarize yourself with the instructions in Installing the API Connect subsystems. You will need to complete these instructions in conjunction with the additional steps in this topic that are specific to installing a two data center disaster recovery deployment.
About this task
- Management subsystem endpoints
-
cloudManagerEndpoint
apiManagerEndpoint
platformAPIEndpoint
consumerAPIEndpoint
- Portal subsystem endpoints
-
portalAdminEndpoint
portalUIEndpoint
The main difference is that the custom resource (CR) files for both the Management subsystem and
the Developer Portal subsystem on each data center must include a multiSiteHA
configuration section, and it's this section that determines the two data center DR deployment. It's
also this section that's used to control the deployment in the future, for example in failover and
recovery situations.
The following codeblocks show examples of completed multiSiteHA
sections in the
PortalCluster
CR files for two data centers, one active and one
passive. Both the ManagementCluster
and the
PortalCluster
CR templates have a multiSiteHA
section containing
the placeholder $MULTI_SITE_HA
, and it is this placeholder that must be replaced
with the values for your deployment.
|
|
Configuration property | Description |
---|---|
mode |
The state of the data center in the context of the two data center deployment. Valid values
are:
|
|
Contains details of the external ingress name for the subsystem in the current data center in
the two data center deployment. The hosts |
replicationPeerFQDN |
The ingress hostname for the other data center in the two data center deployment. This information is required so that the two data centers can communicate with each other. |
|
The TLS client secret for the subsystem. |
The siteName
property is a unique descriptive name for the Portal subsystem, and
the Management subsystem, in each data center, for example dallas
on data center 1,
and raleigh
on data center 2. You must set different a siteName
on
the active data center, to the one set on the passive data center. This name is used in the host
names, and so can contain only a-z
and 0-9
characters. Note that
you can set a siteName
in the ManagementCluster
or
PortalCluster
CR only when the subsystems are first deployed, and you cannot change
the name after deployment. If you don't set a siteName
at first deployment, an
automated siteName
is created for you. For example, if you are converting an
existing single Management cluster to a two data center Management cluster by adding the multi-site
HA values, you will not be able to configure a siteName
for the existing Management
cluster.
To install a two data center disaster recovery deployment, you must set all of the placeholder properties in the CR file for both the Management and the Developer Portal subsystems as detailed in the relevant topics in the Installing the API Connect subsystems section, as well as the properties in the multi-site HA section that are detailed here. Some examples of complete CR files are shown in the Example section.
Procedure
Example
ManagementCluster
CR file for an active data
center:apiVersion: management.apiconnect.ibm.com/v1beta1
kind: ManagementCluster
metadata:
name: management
labels: {
app.kubernetes.io/instance: "management",
app.kubernetes.io/managed-by: "ibm-apiconnect",
app.kubernetes.io/name: "management"
}
spec:
siteName: dc1
multiSiteHA:
mode: passive
replicationEndpoint:
hosts:
- name: mgrreplicationfrankfurt.apic-2ha-frankfur-683198-xxxxxxx950db7077951d4-0000.eu-de.containers.appdomain.cloud
secretName: dc1-mgmt-replication
replicationPeerFQDN: mgrreplicationdallas.apic-2ha-dallas-xxxxxxx950db7077951d4-0000.us-south.containers.appdomain.cloud
tlsClient:
secretName: dc1-mgmt-replication-client
version: 10.0.1.0
imagePullSecrets:
- apic-registry-secret
imageRegistry: apic-dev-docker-local.artifactory.swg-devops.com
profile: n3xc4.m16
portal:
admin:
secretName: portal-admin-client
analytics:
client:
secretName: analytics-client-client
ingestion:
secretName: analytics-ingestion-client
gateway:
client:
secretName: gateway-client-client
cloudManagerEndpoint:
hosts:
- name: admin.ha-demo.apic.test.appdomain.cloud
secretName: cm-endpoint
apiManagerEndpoint:
hosts:
- name: manager.ha-demo.apic.test.appdomain.cloud
secretName: apim-endpoint
platformAPIEndpoint:
hosts:
- name: api.ha-demo.apic.test.appdomain.cloud
secretName: api-endpoint
consumerAPIEndpoint:
hosts:
- name: consumer.ha-demo.apic.test.appdomain.cloud
secretName: consumer-endpoint
databaseVolumeClaimTemplate:
storageClassName: apic-mz-ibmc-block-gold-hourly
microServiceSecurity: custom
license:
accept: true
use: production
Example of a ManagementCluster
CR file for a passive
data center:apiVersion: management.apiconnect.ibm.com/v1beta1
kind: ManagementCluster
metadata:
name: management
labels: {
app.kubernetes.io/instance: "management",
app.kubernetes.io/managed-by: "ibm-apiconnect",
app.kubernetes.io/name: "management"
}
spec:
siteName: dc2
encryptionSecret:
secretName: dc1-enc-key
multiSiteHA:
mode: active
replicationEndpoint:
annotations:
cert-manager.io/issuer: ingress-issuer
hosts:
- name: mgrreplicationdallas.apic-2ha-dallas-xxxxxxxe950db7077951d4-0000.us-south.containers.appdomain.cloud
secretName: dc2-mgmt-replication
replicationPeerFQDN: mgrreplicationfrankfurt.apic-2ha-frankfur-683198-xxxxxxxe950db7077951d4-0000.eu-de.containers.appdomain.cloud
tlsClient:
secretName: dc2-mgmt-replication-client
version: 10.0.1.0
imagePullSecrets:
- apic-registry-secret
imageRegistry: apic-dev-docker-local.artifactory.swg-devops.com
profile: n3xc4.m16
portal:
admin:
secretName: portal-admin-client
analytics:
client:
secretName: analytics-client-client
ingestion:
secretName: analytics-ingestion-client
gateway:
client:
secretName: gateway-client-client
cloudManagerEndpoint:
hosts:
- name: admin.ha-demo.apic.test.appdomain.cloud
secretName: cm-endpoint
apiManagerEndpoint:
hosts:
- name: manager.ha-demo.apic.test.appdomain.cloud
secretName: apim-endpoint
platformAPIEndpoint:
hosts:
- name: api.ha-demo.apic.test.appdomain.cloud
secretName: api-endpoint
consumerAPIEndpoint:
hosts:
- name: consumer.ha-demo.apic.test.appdomain.cloud
secretName: consumer-endpoint
databaseVolumeClaimTemplate:
storageClassName: apic-mz-ibmc-block-gold-hourly
microServiceSecurity: custom
license:
accept: true
use: production
Example of a PortalCluster
CR file for an active data
center:apiVersion: portal.apiconnect.mycompany.com/v1
kind: PortalCluster
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":[truncated]}
creationTimestamp: "2020-04-09T18:25:44Z"
generation: 10
name: portal
namespace: cvs
resourceVersion: "16603004"
selfLink: /apis/portal.apiconnect.mycompany.com/v1/namespaces/cvs/portalclusters/portal
uid: xxxx333a-ff80-4059-b9c7-6718c1c3f393
spec:
adminVolumeClaimTemplate:
storageClassName: apic-mz-ibmc-block-gold-hourly
volumeSize: 20Gi
appVersion: 10.0.0.0
backupVolumeClaimTemplate:
storageClassName: apic-mz-ibmc-block-gold-hourly
volumeSize: 30Gi
databaseLogsVolumeClaimTemplate:
storageClassName: apic-mz-ibmc-block-gold-hourly
volumeSize: 12Gi
databaseVolumeClaimTemplate:
storageClassName: apic-mz-ibmc-block-gold-hourly
volumeSize: 30Gi
encryptionSecret: ptl-encryption-key
imagePullSecrets:
- apic-registry-secret
imageRegistry: apic-dev-docker-local.artifactory.swg-devops.com
license: production
multiSiteHA:
mode: active
replicationEndpoint:
annotations:
cert-manager.io/issuer: ingress-issuer
hosts:
- name: ptl-replication.cvs.apic-2ha-dallas-144307-xxxx14539d6e75f74e950db7077951d4-0000.us-south.containers.appdomain.cloud
secretName: ptl-replication
tlsClient:
secretName: ptl-replication-client
overrides:
microservices:
db-remote:
hostAliases:
- hostnames:
- ptl-replication.cvs.apic-2ha-frankfur-683198-xxxx14539d6e75f74e950db7077951d4-0000.eu-de.containers.appdomain.cloud
ip: 10.123.133.xxx
www:
containers:
admin:
image: portal-admin:master-xxxxe9777692cf513bc8b366e5fa445e982bcbed-3766
web:
image: portal-web:master-xxxxe9777692cf513bc8b366e5fa445e982bcbed-3766
www-remote:
hostAliases:
- hostnames:
- ptl-replication.cvs.apic-2ha-frankfur-683198-xxxx14539d6e75f74e950db7077951d4-0000.eu-de.containers.appdomain.cloud
ip: 10.123.133.xxx
portalAdminEndpoint:
annotations:
cert-manager.io/issuer: ingress-issuer
hosts:
- name: api.portal.ha-demo.apic.test.appdomain.cloud
secret: portal-admin
portalAdminSecret: portal-admin-client
portalUIEndpoint:
annotations:
cert-manager.io/issuer: ingress-issuer
hosts:
- name: portal.ha-demo.apic.test.appdomain.cloud
secret: portal-web
profile: Prod
siteName: dallas
webVolumeClaimTemplate:
storageClassName: apic-mz-ibmc-block-gold-hourly
volumeSize: 20Gi
Example of a PortalCluster
CR file for a passive
data center:apiVersion: portal.apiconnect.mycompany.com/v1
kind: PortalCluster
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":[truncated]}
creationTimestamp: "2020-04-09T18:28:30Z"
generation: 9
name: portal
namespace: cvs
resourceVersion: "7946061"
selfLink: /apis/portal.apiconnect.mycompany.com/v1/namespaces/cvs/portalclusters/portal
uid: xxxxe850-68b4-4077-ac15-746d08f802f9
spec:
adminVolumeClaimTemplate:
storageClassName: apic-mz-ibmc-block-gold-hourly
volumeSize: 20Gi
appVersion: 10.0.0.0
backupVolumeClaimTemplate:
storageClassName: apic-mz-ibmc-block-gold-hourly
volumeSize: 30Gi
databaseLogsVolumeClaimTemplate:
storageClassName: apic-mz-ibmc-block-gold-hourly
volumeSize: 12Gi
databaseVolumeClaimTemplate:
storageClassName: apic-mz-ibmc-block-gold-hourly
volumeSize: 30Gi
encryptionSecret: ptl-encryption-key
imagePullSecrets:
- apic-registry-secret
imageRegistry: apic-dev-docker-local.artifactory.swg-devops.com
license: production
multiSiteHA:
mode: passive
replicationEndpoint:
annotations:
cert-manager.io/issuer: ingress-issuer
hosts:
- name: ptl-replication.cvs.apic-2ha-frankfur-683198-xxxx14539d6e75f74e950db7077951d4-0000.eu-de.containers.appdomain.cloud
secretName: ptl-replication
replicationPeerFQDN: ptl-replication.cvs.apic-2ha-dallas-144307-xxxx14539d6e75f74e950db7077951d4-0000.us-south.containers.appdomain.cloud
tlsClient:
secretName: ptl-replication-client
overrides:
microservices:
db-remote:
hostAliases:
- hostnames:
- ptl-replication.cvs.apic-2ha-dallas-144307-xxxx14539d6e75f74e950db7077951d4-0000.us-south.containers.appdomain.cloud
ip: 10.208.75.xxx
www:
containers:
admin:
image: portal-admin:master-xxxxe9777692cf513bc8b366e5fa445e982bcbed-3766
web:
image: portal-web:master-xxxxe9777692cf513bc8b366e5fa445e982bcbed-3766
www-remote:
hostAliases:
- hostnames:
- ptl-replication.cvs.apic-2ha-dallas-144307-xxxx14539d6e75f74e950db7077951d4-0000.us-south.containers.appdomain.cloud
ip: 10.208.75.xxx
portalAdminEndpoint:
annotations:
cert-manager.io/issuer: ingress-issuer
hosts:
- name: api.portal.ha-demo.apic.test.appdomain.cloud
secret: portal-admin
portalAdminSecret: portal-admin-client
portalUIEndpoint:
annotations:
cert-manager.io/issuer: ingress-issuer
hosts:
- name: portal.ha-demo.apic.test.appdomain.cloud
secret: portal-web
profile: Prod
siteName: frankfurt
webVolumeClaimTemplate:
storageClassName: apic-mz-ibmc-block-gold-hourly
volumeSize: 20Gi
Example of the status section of a PortalCluster
CR
file for an active data center:
status:
conditions:
- lastTransitionTime: "2020-04-27T08:00:25Z"
message: 4/6
status: "False"
type: Ready
customImages: true
dbCASecret: portal-db-ca
encryptionSecret: ptl-encryption-key
endpoints:
portal-director: https://api.portal.ha-demo.cloud/
portal-web: https://portal.ha-demo.cloud/
replication: https://ptl-replication.cvs.apic-2ha-dallas-144307-xxxx14539d6e75f74e950db7077951d4-0000.us-south.containers.appdomain.cloud/
localMultiSiteHAPeerConfigHash: UM9VtuWDdp/328n0oCl/GQGFzy34o1V9sH2OyXxKMHw=
haMode: progressing to active (ready for traffic)
microServiceSecurity: custom
multiSiteHA:
dbPodScale: 3
remoteSiteDeploymentName: portal
remoteSiteName: frankfurt
replicationPeer: https://ptl-replication.cvs.apic-2ha-frankfur-683198-xxxx14539d6e75f74e950db7077951d4-0000.eu-de.containers.appdomain.cloud/
wwwPodScale: 3
phase: 0
serviceCASecret: portal-ca
serviceClientSecret: portal-client
serviceServerSecret: portal-server
services:
db: portal-dallas-db
db-remote: portal-frankfurt-db
nginx: portal-nginx
tunnel: portal-tunnel
www: portal-dallas-www
www-remote: portal-frankfurt-www
versions:
available:
channels:
- name: "10"
- name: "10.0"
- name: 10.0.0
- name: 10.0.0.0
versions:
- name: 10.0.0.0-1038
reconciled: 10.0.0.0-1038
haMode
for the active
data center:active
- this is the active data center, or the only data center, and all pods are ready and accepting traffic.progressing to active
- this is the active data center, or the only data center, and there are no pods ready yet.progressing to active (ready for traffic)
- this is the active data center, or the only data center, and there is at least one pod of each type, www, db, and nginx, ready, so the data center is accepting traffic.
PortalCluster
CR file for a passive
data center:
status:
conditions:
- lastTransitionTime: "2020-04-21T10:54:54Z"
message: 6/6
status: "True"
type: Ready
customImages: true
dbCASecret: portal-db-ca
encryptionSecret: ptl-encryption-key
endpoints:
portal-director: https://api.portal.ha-demo.cloud/
portal-web: https://portal.ha-demo.cloud/
replication: https://ptl-replication.cvs.apic-2ha-frankfur-683198-xxxx14539d6e75f74e950db7077951d4-0000.eu-de.containers.appdomain.cloud/
localMultiSiteHAPeerConfigHash: VguODE74TkiS3LCc5ytQiaF8100PXMHUrVBtb+PbKOg=
haMode: progressing to passive (ready for traffic)
microServiceSecurity: custom
multiSiteHA:
dbPodScale: 3
remoteSiteDeploymentName: portal
remoteSiteName: dallas
replicationPeer: https://ptl-replication.cvs.apic-2ha-dallas-144307-xxxx14539d6e75f74e950db7077951d4-0000.us-south.containers.appdomain.cloud/
wwwPodScale: 3
phase: 0
serviceCASecret: portal-ca
serviceClientSecret: portal-client
serviceServerSecret: portal-server
services:
db: portal-frankfurt-db
db-remote: portal-dallas-db
nginx: portal-nginx
tunnel: portal-tunnel
www: portal-frankfurt-www
www-remote: portal-dallas-www
versions:
available:
channels:
- name: "10"
- name: "10.0"
- name: 10.0.0
- name: 10.0.0.0
versions:
- name: 10.0.0.0-1038
reconciled: 10.0.0.0-1038
haMode
for the passive
data center:passive
- this is the passive data center, and all pods are ready and accepting traffic.progressing to passive
- this is the passive data center, and there are no pods ready yet.progressing to passive (ready for traffic)
- this is the passive data center, and there is at least one pod of each type, www, db, and nginx, ready, so the data center is accepting traffic.