Instana U

Authors: Swathi Kannan, Vaishak A, Joice Joy

This blog covers how to install IBM API Connect (APIC) on OpenShift (OCP). 

IBM API Connect is a software that assists organizations in creating and managing safe and organized web interfaces and APIs. It provides tools for developing APIs, securing them, and monitoring their performance. 

Red Hat OpenShift Container Platform (OCP) is a hybrid cloud foundation for building and scaling containerized applications. 

Pre-Requisite

• An OCP cluster with version 4.12.7 (Preferably, 3 master nodes with 8v CPU and 16GB RAM and 3 worker nodes with 16v CPU and 32GB RAM) 

• Permissions to install and configure software in the OCP cluster 

• IBMid for obtaining entitlement key. 

Installation of a storage orchestrator

Storage orchestrator is used for allocating storage classes for operates as per their requirement. Block storage class is required to install IBM API Connect. Installing IBM API Connect by using rook-ceph is covered in this blog. Rook-ceph is an open-source Kubernetes cloud-native storage orchestrator. 

• To install rook-ceph in OCP cluster, run the following shell scripts. 

yum install git -y 
git clone https://github.com/rook/rook.git 
cd rook/deploy/examples 
oc create -f crds.yaml 
oc create -f common.yaml 
oc create -f operator-openshift.yaml 
#verify pod are in running state instead of container creating state ‘oc get all -n rook-ceph’) 
oc create -f cluster.yaml 
#verify all pods are in running state ‘oc get pod -n rook-ceph’, especially the rook-ceph-mon* and rook-ceph-osd* pods are in running state) 
oc create -f ./csi/rbd/storageclass.yaml 
#verify sc rook-ceph-block created through oc get sc) 
oc create -f ./csi/rbd/pvc.yaml 
oc create -f filesystem.yaml 
oc create -f ./csi/cephfs/storageclass.yaml 
oc create -f ./csi/cephfs/pvc.yaml 
oc create -f toolbox.yaml (verify all pods status at the end 
#3 pods for rook-ceph-osd-prepare-node* should be in completed state) 

• Make rook-ceph as the default storage class by running the following command: 

oc patch storageclass <storage class name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

Here <storage class name> is the name of the storage class. In our case rook-ceph-block. 

Installation of APIC Operator in OCP cluster

•  To install API Operator in an OCP cluster, complete the following steps: 

1. Obtain an entitlement key for the Entitled Registry. 

2. Log on to IBM Container Library.  

3. Go to Container software library and then select Get entitlement key.  

4. After the Access your container software heading, click Copy key.  

5. Create a namespace:  

   oc create ns <APIC-namespace>

6. If you are installing the operator into a single namespace, create an OperatorGroup object with that namespace specified.

Skip this step if you are installing the operator in every namespace as the openshift-operators namespace already has the necessary Operator group installed. 

1. 7. Set up an OperatorGroup object in the apiconnect-operator-group.yaml file: 

      • Specify the namespace to access the CSV and generate Role-Based Access Control for the IBM API Connect Operator. Role-Based Access Control is a technique for controlling access and permissions in a system. 

        apiVersion: operators.coreos.com/v1
        kind: OperatorGroup
        metadata:
          name: <operator-group-name>
          namespace: <APIC-namespace>
        spec:
          targetNamespaces:
          - <APIC-namespace>

   8. Apply the OperatorGroup object: 

      oc apply -f apiconnect-operator-group.yaml 

   9. Create an image pull secret to securely pull container images from a container registry in the namespace in which you want to install API Connect:  

   10. Open the web console for OpenShift.

   11. Go to Workloads and then click Secrets.

   12. Make sure that the Project is set to the namespace where you intend to install API Connect. 

   13. Click Create and select Image pull secret. 

   14. Set the parameters for the secret as follows:

       1. Secret name: ibm-entitlement-key.

       2. Authentication type: Image registry credentials 

       3. Registry server address: cp.icr.io 

       4. Username: cp

       5. Password: Entitlement key generated 

   15. Click Create.

   16. Add the IBM Common Services Catalog source:

       1. Open the OpenShift web console and click + (in the page banner) to open the Import YAML dialog.

       2. Paste the following resource definition into the dialog and click Create: 

          apiVersion: operators.coreos.com/v1alpha1
          kind: CatalogSource
          metadata:
            name: opencloud-operators
            namespace: openshift-marketplace
          spec:
            displayName: IBMCS Operators
            publisher: IBM
            sourceType: grpc
            image: quay.io/opencloudio/ibm-common-service-catalog:latest
            updateStrategy:
              registryPoll:
                interval: 45m

   17. Add the IBM Operator Catalog source:
       1. Open the OpenShift web console and click + and import the YAML.
       2. Paste the following resource definition into the dialog and click Create: 

          apiVersion: operators.coreos.com/v1alpha1
          kind: CatalogSource
          metadata:
            name: ibm-operator-catalog
            namespace: openshift-marketplace
          spec:
            displayName: "IBM Operator Catalog" 
            publisher: IBM
            sourceType: grpc
            image: icr.io/cpopen/ibm-operator-catalog
            updateStrategy:
              registryPoll:
                interval: 45m

   18. Create the apiconnect subscription with the appropriate channel: 
       1. Create a file with the name apic-sub.yaml. 

       2. Paste the  following contents and update the namespace: 

          apiVersion: operators.coreos.com/v1alpha1
          kind: Subscription
          metadata:
            name: ibm-apiconnect
            namespace: <namespace>
          spec:
            channel: v3.3
            name: ibm-apiconnect
            source: ibm-operator-catalog
            sourceNamespace: openshift-marketplace

       3.  Apply the subscription:  

          oc apply -f apic-sub.yaml 

   19. Select Operators > Installed Operators and ensure that Project: All Projects is selected. 
   20. If an operator such as ibm-apiconnect or ibm-cert-manager-operator shows "Upgrade available", approve the upgrade: 
       1. Click Upgrade available. 
       2. Click Preview InstallPlan. 
       3. Click Approve.  

1. 21. Wait for the IBM API Connect and IBM DataPower Gateway operators to install.  

   22. IBM DataPower Gateway operator is required for API Connect. Ensure that IBM DataPower Gateway operator is retained.  

   23. Check whether the ibm-common-services-operator subscription is available. 

   24. If ibm-common-services-operator subscription is not available, create the subscription:

       1. 1. Create a file named as common-services-sub.yaml. 

          2. Paste the following contents:  

             apiVersion: operators.coreos.com/v1alpha1
             kind: Subscription
             metadata:
               name: ibm-common-service-operator
               namespace: <namespace>
             spec:
               channel: <channel>
               name: ibm-common-service-operator
               source: ibm-operator-catalog
               sourceNamespace: openshift-marketplace

   25.  Use one of the values for <namespace>:

       1. To install the operator in all namespaces, use openshift-operators as the namespace. 

       2.  To install the operator in a single namespace, use the namespace created in step 5.

   26.  Use one of the following values for <channel>: 

       1. If you are using IBM Cloud Pak foundational services for CD (continuous delivery), use v3.23.  
       2. If you are using IBM Cloud Pak foundational services for LTSR (long term service release, v3.
   27. Apply the subscription: 

       oc apply -f common-services-sub.yaml

   28. Wait until the installation is completed for IBM Cloud Pak foundational services, IBM NamespaceScope, and Operand Deployment Lifecycle Manager operators.

   29. Install cert manager: 

       1. Create a file named as cert-manager-operand-request.yaml.

       2. Paste the following content in the file: 

          apiVersion: operator.ibm.com/v1alpha1
          kind: OperandRequest
          metadata:
            name: ibm-apiconnect-cert-manager
            namespace: <namespace>
          spec:
            requests:
            - operands:
              - name: ibm-cert-manager-operator
              registry: common-service
              registryNamespace: ibm-common-services

   30. Create the operandRequest for cert-manager: 

       oc apply -f cert-manager-operand-request.yaml 

   31. Wait until the IBM Cert Manager operator installation is completed.  

Installing API Connect 

1. Install the subsystems by using the OpenShift web console. 

2. Select Operators->Installed Operators.

3. Click the IBM API Connect operator.

4. Click Create Instance on the API Connect cluster tile to install the top-level Custom Resource. The API Connect subsystems are Management, Developer Portal, Gateway, and Analytics.

5. Set the values for the following parameters: 

6. To verify your API Connect cluster is successfully installed, run

   oc get apic -n <APIC-namespace>

7. Verify that you can log in to the API Connect Cloud Manager UI.

8. Determine the location for logging in, view all the endpoints:

   oc get routes -n <APIC-namespace>

9. Locate the gmt.-admin-apic endpoint and access the Cloud Manager UI. 

10. Log in as the admin user. When you install with the top-level CR, the password is automatically generated. 

11. To get the password:

    oc get secret -n <APIC-namespace> | grep mgmt-admin-pass 
    oc get secret -n <APIC-namespace> <secret_name_from_previous command> -o jsonpath="{.data.password}" | base64 -d && echo ""

After the log-in to API Connect Cloud manager is enabled, you can create API Managers, create products, and publish them. 

By following these steps, you can install IBM API Connect on the Red Had OpenShift platform.