Installing the DataPower Gateway subsystem
Install the DataPower Gateway subsystem
Before you begin
- Install both the API Connect and the DataPower operators.
The versions of the operators on the remote cluster and the version of the Gateway operand must exactly match the versions used in the main cluster.
- Make sure the remote cluster has the certificates:
- If you are using certificate manager, ensure that the ingress-ca is synced between sites.
- If you are not using certificate manager, copy the client gateway certificates to the remote cluster and reference them in the Gateway CR.
About this task
The installation folder where the helper_files.zip
was extracted contains two
templates for Gateway service. The v5cgateway_cr.yaml
template is for the v5
compatible Gateway, and the apigateway_cr.yaml
template is for the API Gateway.
Sample custom resource for API Gateway, apigateway_cr.yaml
:
# Licensed Materials - Property of IBM
#
# (C) Copyright IBM Corporation 2020 All Rights Reserved
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with
# IBM Corp.
apiVersion: gateway.apiconnect.ibm.com/v1beta1
kind: GatewayCluster
metadata:
name: gwv6
labels: {
app.kubernetes.io/instance: "gateway",
app.kubernetes.io/managed-by: "ibm-apiconnect",
app.kubernetes.io/name: "gwv6"
}
spec:
version: $APP_PRODUCT_VERSION
profile: $PROFILE
imagePullSecrets:
- $SECRET_NAME
imageRegistry: $DOCKER_REGISTRY
apicGatewayServiceV5CompatibilityMode: false
gatewayEndpoint:
annotations:
cert-manager.io/issuer: ingress-issuer
ingressClassName: $INGRESS_CLASS
hosts:
- name: rgw.$STACK_HOST
secretName: gwv6-endpoint
gatewayManagerEndpoint:
annotations:
cert-manager.io/issuer: ingress-issuer
ingressClassName: $INGRESS_CLASS
hosts:
- name: rgwd.$STACK_HOST
secretName: gwv6-manager-endpoint
apicGatewayServiceTLS:
secretName: gateway-service
apicGatewayPeeringTLS:
secretName: gateway-peering
datapowerLogLevel: 3
license:
accept: false
use: production
tokenManagementService:
enabled: true
storage:
storageClassName: $STORAGE_CLASS
volumeSize: 30Gi
adminUser:
secretName: $ADMIN_USER_SECRET
syslogConfig:
enabled: false # if true, provide below details
# remoteHost: $DATAPOWER_SYSLOG_TCP_REMOTE_HOST # must be a string
# remotePort: $DATAPOWER_SYSLOG_TCP_REMOTE_PORT # must be an int
# secretName: $DATAPOWER_SYSLOG_TCP_TLS_SECRET # must be a string
Sample custom resource for v5-compatible Gateway, v5cgateway_cr
:
# Licensed Materials - Property of IBM
#
# (C) Copyright IBM Corporation 2020 All Rights Reserved
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with
# IBM Corp.
apiVersion: gateway.apiconnect.ibm.com/v1beta1
kind: GatewayCluster
metadata:
name: gwv5
labels: {
app.kubernetes.io/instance: "gateway",
app.kubernetes.io/managed-by: "ibm-apiconnect",
app.kubernetes.io/name: "gwv5"
}
spec:
version: $APP_PRODUCT_VERSION
profile: $PROFILE
imagePullSecrets:
- $SECRET_NAME
imageRegistry: $DOCKER_REGISTRY
apicGatewayServiceV5CompatibilityMode: true
gatewayEndpoint:
annotations:
cert-manager.io/issuer: ingress-issuer
ingressClassName: $INGRESS_CLASS
hosts:
- name: gw.$STACK_HOST
secretName: gwv5-endpoint
gatewayManagerEndpoint:
annotations:
cert-manager.io/issuer: ingress-issuer
ingressClassName: $INGRESS_CLASS
hosts:
- name: gwd.$STACK_HOST
secretName: gwv5-manager-endpoint
apicGatewayServiceTLS:
secretName: gateway-service
apicGatewayPeeringTLS:
secretName: gateway-peering
datapowerLogLevel: 3
license:
accept: false
use: production
adminUser:
secretName: $ADMIN_USER_SECRET
syslogConfig:
enabled: false # if true, provide below details
# remoteHost: $DATAPOWER_SYSLOG_TCP_REMOTE_HOST # must be a string
# remotePort: $DATAPOWER_SYSLOG_TCP_REMOTE_PORT # must be an int
# secretName: $DATAPOWER_SYSLOG_TCP_TLS_SECRET # must be a string
Procedure
What to do next
If you are creating a new deployment of API Connect, install other subsystems as needed.
When you have completed the installation of all required API Connect subsystems, you can proceed to defining your API Connect configuration by using the API Connect Cloud Manager; refer to the Cloud Manager configuration checklist.