Authors: Swathi Kannan, Vaishak A, Joice Joy
This blog covers how to install IBM API Connect (APIC) on OpenShift (OCP).
IBM API Connect is a software that assists organizations in creating and managing safe and organized web interfaces and APIs. It provides tools for developing APIs, securing them, and monitoring their performance.
Red Hat OpenShift Container Platform (OCP) is a hybrid cloud foundation for building and scaling containerized applications.
Pre-Requisite
-
An OCP cluster with version 4.12.7 (Preferably, 3 master nodes with 8v CPU and 16GB RAM and 3 worker nodes with 16v CPU and 32GB RAM)
-
Permissions to install and configure software in the OCP cluster
Installation of a storage orchestrator
Storage orchestrator is used for allocating storage classes for operates as per their requirement. Block storage class is required to install IBM API Connect. Installing IBM API Connect by using rook-ceph is covered in this blog. Rook-ceph is an open-source Kubernetes cloud-native storage orchestrator.
yum install git -y
git clone https://github.com/rook/rook.git
cd rook/deploy/examples
oc create -f crds.yaml
oc create -f common.yaml
oc create -f operator-openshift.yaml
#verify pod are in running state instead of container creating state ‘oc get all -n rook-ceph’)
oc create -f cluster.yaml
#verify all pods are in running state ‘oc get pod -n rook-ceph’, especially the rook-ceph-mon* and rook-ceph-osd* pods are in running state)
oc create -f ./csi/rbd/storageclass.yaml
#verify sc rook-ceph-block created through oc get sc)
oc create -f ./csi/rbd/pvc.yaml
oc create -f filesystem.yaml
oc create -f ./csi/cephfs/storageclass.yaml
oc create -f ./csi/cephfs/pvc.yaml
oc create -f toolbox.yaml (verify all pods status at the end
#3 pods for rook-ceph-osd-prepare-node* should be in completed state)
oc patch storageclass <storage class name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
Here <storage class name> is the name of the storage class. In our case rook-ceph-block.
Installation of APIC Operator in OCP cluster
Skip this step if you are installing the operator in every namespace as the openshift-operators namespace already has the necessary Operator group installed.
-
-
Set up an OperatorGroup object in the apiconnect-operator-group.yaml file:
-
Specify the namespace to access the CSV and generate Role-Based Access Control for the IBM API Connect Operator. Role-Based Access Control is a technique for controlling access and permissions in a system.
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: <operator-group-name>
namespace: <APIC-namespace>
spec:
targetNamespaces:
- <APIC-namespace>
- Apply the OperatorGroup object:
oc apply -f apiconnect-operator-group.yaml
- Create an image pull secret to securely pull container images from a container registry in the namespace in which you want to install API Connect:
-
Open the web console for OpenShift.
-
Go to Workloads and then click Secrets.
-
Make sure that the Project is set to the namespace where you intend to install API Connect.
-
Click Create and select Image pull secret.
-
Set the parameters for the secret as follows:
-
Secret name: ibm-entitlement-key.
-
Authentication type: Image registry credentials
-
Registry server address: cp.icr.io
-
Username: cp
-
Password: Entitlement key generated
-
Click Create.
-
Add the IBM Common Services Catalog source:
-
Open the OpenShift web console and click + (in the page banner) to open the Import YAML dialog.
-
Paste the following resource definition into the dialog and click Create:
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: opencloud-operators
namespace: openshift-marketplace
spec:
displayName: IBMCS Operators
publisher: IBM
sourceType: grpc
image: quay.io/opencloudio/ibm-common-service-catalog:latest
updateStrategy:
registryPoll:
interval: 45m
- Add the IBM Operator Catalog source:
- Open the OpenShift web console and click + and import the YAML.
- Paste the following resource definition into the dialog and click Create:
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: ibm-operator-catalog
namespace: openshift-marketplace
spec:
displayName: "IBM Operator Catalog"
publisher: IBM
sourceType: grpc
image: icr.io/cpopen/ibm-operator-catalog
updateStrategy:
registryPoll:
interval: 45m
- Create the apiconnect subscription with the appropriate channel:
- Create a file with the name apic-sub.yaml.
-
Paste the following contents and update the namespace:
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: ibm-apiconnect
namespace: <namespace>
spec:
channel: v3.3
name: ibm-apiconnect
source: ibm-operator-catalog
sourceNamespace: openshift-marketplace
- Apply the subscription:
oc apply -f apic-sub.yaml
- Select Operators > Installed Operators and ensure that Project: All Projects is selected.
- If an operator such as ibm-apiconnect or ibm-cert-manager-operator shows "Upgrade available", approve the upgrade:
- Click Upgrade available.
- Click Preview InstallPlan.
- Click Approve.
-
-
Wait for the IBM API Connect and IBM DataPower Gateway operators to install.
-
IBM DataPower Gateway operator is required for API Connect. Ensure that IBM DataPower Gateway operator is retained.
-
Check whether the ibm-common-services-operator subscription is available.
-
If ibm-common-services-operator subscription is not available, create the subscription:
-
-
Create a file named as common-services-sub.yaml.
- Paste the following contents:
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: ibm-common-service-operator
namespace: <namespace>
spec:
channel: <channel>
name: ibm-common-service-operator
source: ibm-operator-catalog
sourceNamespace: openshift-marketplace
-
Use one of the values for <namespace>:
-
To install the operator in all namespaces, use openshift-operators as the namespace.
-
To install the operator in a single namespace, use the namespace created in step 5.
-
Use one of the following values for <channel>:
- If you are using IBM Cloud Pak foundational services for CD (continuous delivery), use v3.23.
- If you are using IBM Cloud Pak foundational services for LTSR (long term service release, v3.
- Apply the subscription:
oc apply -f common-services-sub.yaml
-
Wait until the installation is completed for IBM Cloud Pak foundational services, IBM NamespaceScope, and Operand Deployment Lifecycle Manager operators.
-
Install cert manager:
-
Create a file named as cert-manager-operand-request.yaml.
-
Paste the following content in the file:
apiVersion: operator.ibm.com/v1alpha1
kind: OperandRequest
metadata:
name: ibm-apiconnect-cert-manager
namespace: <namespace>
spec:
requests:
- operands:
- name: ibm-cert-manager-operator
registry: common-service
registryNamespace: ibm-common-services
-
Create the operandRequest for cert-manager:
oc apply -f cert-manager-operand-request.yaml
-
Wait until the IBM Cert Manager operator installation is completed.
Installing API Connect
-
Install the subsystems by using the OpenShift web console.
-
Select Operators->Installed Operators.
-
Click the IBM API Connect operator.
-
Click Create Instance on the API Connect cluster tile to install the top-level Custom Resource. The API Connect subsystems are Management, Developer Portal, Gateway, and Analytics.
-
Set the values for the following parameters:
Parameter
|
Description
|
Required/
Optional
|
Name
|
The name to use for deploying the API Connect cluster Custom Resource
|
|
License acceptance
|
Click to accept the license. You must accept the license to install API Connect.
|
Required
|
License use
|
Select production or non-production to match the type of license that you purchased.
|
Required
|
License metric
|
|
Optional
|
License ID
|
The license ID for the API Connect program that you purchased. To view all license IDs, see API Connect licenses.
|
Required
|
Deployment profile
|
The available profiles are listed in API Connect deployment profiles for OpenShift and Cloud Pak for Integration.
|
|
Product version
|
The latest product version is set by default.
|
Optional
|
Default storage class name
|
The name of the Storage class to use.
|
|
- To verify your API Connect cluster is successfully installed, run
oc get apic -n <APIC-namespace>
-
Verify that you can log in to the API Connect Cloud Manager UI.
-
Determine the location for logging in, view all the endpoints:
oc get routes -n <APIC-namespace>
-
Locate the gmt.-admin-apic endpoint and access the Cloud Manager UI.
-
Log in as the admin user. When you install with the top-level CR, the password is automatically generated.
-
To get the password:
oc get secret -n <APIC-namespace> | grep mgmt-admin-pass
oc get secret -n <APIC-namespace> <secret_name_from_previous command> -o jsonpath="{.data.password}" | base64 -d && echo ""
After the log-in to API Connect Cloud manager is enabled, you can create API Managers, create products, and publish them.
By following these steps, you can install IBM API Connect on the Red Had OpenShift platform.
#Instana#IBMInstana