Before installing API Connect into a
Kubernetes environment, you must first download the tar files and then upload them to your registry.
Before you begin
Before starting the installation into a Kubernetes runtime
environment, complete the following tasks:
Note:
- Keep a record of the DNS entries mapped to the endpoints for each API Connect subsystem. You
will need to map the DNS entries to new IP addresses when restoring the management database to a new
cluster. See Restoring the management database in a Kubernetes environment.
- The instructions in this section apply to an initial installation of API Connect into a
Kubernetes environment. If you already have API Connect installed in a Kubernetes environment, you
perform an upgrade. The upgrade instructions are available here: Upgrading API Connect in a Kubernetes
runtime environment
- The Management server and Gateway firmware versions must match, for example, API Connect
2018.4.1.3 and DataPower 2018.4.1.3.
- If you plan to migrate a Version 5 deployment to Version 2018, see Migrating a Version 5 deployment
before you start the installation process.
In these First Steps, you will use the APICUP installer included in Install Assist to
create a project directory that contains the configuration file apiconnect-up.yml
.
Only one project directory is allowed. The configuration for all subsystems is stored in a single
apiconnect-up.yml
file contained in that project directory. All subsystems use the
same project directory in order to update apiconnect-up.yml
.
The first steps
for a new Kubernetes installation are:
- Download the tar files containing the latest version of the API Connect subsystems and
the Install Assist installer from Fix Central
- Upload the files to your registry
- Initialize one project directory for all subsystems
Procedure
Download the appropriate files and then upload them to your image
registry.
-
To obtain the most recent release, download the latest Fix Pack from IBM® Fix Central. For new
installations, select ALL to list all versions, and then choose the latest
version. For existing installations, choose your current installed version number to obtain the
upgrade files. See IBM Fix Central.
-
You will need a tar file for each subsystem and the Install Assist file for your operating
system. Install Assist is an easy-to-use tool that automatically manages certificate creation,
deployment configuration, and other technical aspects of configuring an IBM API Connect
installation. The Install Assist download file contains the APICUP installation program, which
automates the installation process. Following are the available files for a Kubernetes
deployment:
Description |
File name |
IBM API Connect Management V2018.4.x.x Containers |
management-images-kubernetes_lts_v2018.4.x.x.tgz |
IBM API Connect Developer Portal V2018.4.x.x Containers |
portal-images-kubernetes_lts_v2018.4.x.x.tgz |
IBM API Connect Analytics V2018.4.x.x Containers |
analytics-images-kubernetes_lts_v2018.4.x.x.tgz |
IBM API Connect Install Assist V2018.4.x.x for Linux |
apicup-linux_lts_v2018.4.x.x |
IBM API Connect Install Assist V2018.4.x.x for Mac |
apicup-mac_lts_v2018.4.x.x |
IBM API Connect Install Assist V2018.4.x.x for Windows |
apicup-windows_lts_v2018.4.x.x |
Production DataPower Gateway |
idg_dk20184xx.lts.prod.tar.gz |
Nonproduction DataPower Gateway |
idg_dk20184xx.lts.nonprod.tar.gz |
Kubernetes DataPower Monitor |
dpm2018417.lts.tar.gz |
The production version of the Gateway is for use in a production environment. The
nonproduction version is for use in a test or development environment.
- The toolkit files (with or without API Designer) can be downloaded from Fix Central
directly, or from the Cloud Manager and API Manager UIs after installation is completed. See Installing the
toolkit.
- Upload API Connect files to the registry. Ensure that the registry has sufficient disk
space for the files.
For the Management, Portal, and Analytics subsystems, upload the tar files directly to the image
registry using the registry-upload
command. The registry-upload
command creates the tags required to push the files to the registry, as follows:
apicup registry-upload <subsystem_type> <image_tgz> <registry_host>
where:
- Upload the DataPower Gateway images and any necessary supporting files.
Note: For API Connect Version 2018.4.1.7 or earlier, production deployments that use v5-compatible
Gateway Servers also require an Application Optimization module. For these deployments, do not use
Step
3.a. Instead, use the alternative
instructions in the IBM technical note:
https://www.ibm.com/support/pages/node/1283110.
Note that for Version 2018.4.1.8 or later, all deployments use
Step 3.a on this page.
- Upload the DataPower Gateway image (either Production or Nonproduction) that
you downloaded in Step 1.
- Load the Gateway image to your local docker registry:
docker load -i idg_dk2018417.lts.prod.tar.gz
For these examples, the version
number is 2018.4.1.7 and the production (-prod
) version is downloaded. The image is
automatically tagged in the docker registry to
ibmcom/datapower:2018.4.1.7.312001-prod.
- Re-tag the image for the new registry with the registry host, image name, and tag in the
following format:
docker tag <existing REGISTRY_HOST>/<IMAGE_NAME>:<TAG> <new REGISTRY_HOST>/<IMAGE_NAME>:<TAG>
Table 1. Docker tag parameters
Parameter |
Description |
<REGISTRY_HOST>/ <IMAGE_NAME> |
Enter your registry host name and an image name, for example, My
Registry/MyImage. The <REGISTRY_HOST>/<IMAGE_NAME> matches the value entered for
installation in the apicup subsys set gwy image-repository command.
|
<TAG> |
Enter a tag for the image, for example, 2018.4.1.7-312001-release-prod .
- The <TAG> value must match the value entered for the gateway image tag during installation
using the
apicup subsys set gwy image-tag command.
- You can look up required tag using the
./apicup version --images command to
list all images required by APICUP.
- The tag must match the tag for the
datapower-api-gateway image, for example:
apiconnect/datapower-api-gateway:2018.4.1.7-312001-release-prod .
|
For
example:
docker tag ibmcom/datapower:2018.4.1.7.312001-prod MyRegistry/datapower-api-gateway:2018.4.1.7-312001-release-prod
- Push the Gateway image to the new registry:
docker push
<REGISTRY_HOST>/<IMAGE_NAME>:<TAG>
. For
example:docker push MyRegistry/datapower-api-gateway:2018.4.1.7-312001-release-prod
- The image is now added to your registry. You can now upload the DataPower Monitor image.
Continue with Step 3.b.
- For the Gateway Kubernetes DataPower Monitor, load the images into your
local Docker registry, re-tag them, and push them to the image repository, as follows:
- Load the Kubernetes DataPower Monitor image to your local docker registry:
docker load -i dpm2018417.lts.tar.gz
The image is automatically tagged in the
docker registry: ibmcom/k8s-datapower-monitor:2018.4.1-9-00bcbcf
- Re-tag the image for the new
registry:
docker tag <existing REGISTRY_HOST>/<IMAGE_NAME>:<TAG> <new REGISTRY_HOST>/<IMAGE_NAME>:<TAG>
Table 2. Docker tag parameters
Parameter |
Description |
<REGISTRY_HOST>/ <IMAGE_NAME> |
Enter your registry host name and an image name, for example, My
Registry/k8s-datapower-monitor. The <REGISTRY_HOST>/<IMAGE_NAME> matches the
value entered for installation in the apicup subsys set gwy
monitor-image-repository command.
|
<TAG> |
Enter a tag for the image, for example, 2018.4.1-9-00bcbcf .
- The <TAG> value must match the value entered for the gateway image tag during installation
using the
apicup subsys set gwy monitor-image-tag command.
- You can look up required tag using the
./apicup version --images command to
list all images required by APICUP.
- The tag must match the tag for the Kubernetes DataPower Monitor. For example:
2018.4.1-9-00bcbcf .
|
For
example:
docker tag ibmcom/k8s-datapower-monitor:2018.4.1-9-00bcbcf MyRegistry/k8s-datapower-monitor:2018.4.1-9-00bcbcf
- Push the monitor pod image to the new registry:
docker push
<REGISTRY_HOST>/<IMAGE_NAME>:<TAG>
. For
example:docker push MyRegistry/k8s-datapower-monitor:2018.4.1-9-00bcbcf
- For DataPower Gateway, BusyBox 1.29 is required.
Note: An internet connection is required to obtain the BusyBox image from Docker Hub. If you want to
download the image and copy it to the system containing the DataPower image, follow these steps:
- Download the Docker image for BusyBox from a system with an internet
connection:
docker pull busybox:1.29-glibc
- Save the image to a tar
file:
docker save busybox:1.29-glibc > ./busybox-1.29-glibc.tar
- Copy the image to the same location as the DataPower image and load
it:
docker load < ./busybox-1.29-glibc.tar
- Tag the image and push it to your local
registry:
docker tag busybox:1.29-glibc <MyRegistry>/busybox:1.29-glibc
docker push MyRegistry/busybox:1.29-glibc
- Login to Docker Hub https://hub.docker.com/_/busybox?tab=tags to obtain BusyBox 1.29.
- Tag the image and push it to your local
registry:
docker pull busybox:1.29-glibc
docker tag busybox:1.29-glibc <MyRegistry>/busybox:1.29-glibc
docker push MyRegistry/busybox:1.29-glibc
The images for all subsystems and BusyBox are now stored in the appropriate registries. The
registry locations will be set by APICUP commands during the installation process.
- Create one project directory, for example, myProject and
change directories to the myProject directory. Run the
apicup init command to initialize the project directory. An
apiconnect-up.yml configuration file will be created. The
apiconnect-up.yml file contains all values entered during the
installation process as you move forward.
For example:
mkdir ./myProject
cd ./myProject
apicup init
Important:
Use a single APICUP project for all subsystems, even those in a different cluster. Multiple
projects will result in multiple certificate chains which will not match.
The original project directory created with APICUP during the initial product installation (for
example, myProject) is required to both restore the database and to upgrade your
deployment. You cannot restore the database or perform an upgrade without the initial project
directory because it contains pertinent information about the cluster. Note that the endpoints and
certificates cannot change; the same endpoints and certificates will be used in the restored or
upgraded system. A good practice is to back up the original project directory to a location from
where it can always be retrieved.
What to do next
Install the subsystems (Management, Gateway, Analytics, and Portal) for your API Connect cloud.
You can install the subsystems in any order, but the installation of all subsystems must be
completed before configuring your API Connect cloud using Cloud Manager.