App Connect

 View Only

Creating ingress resources for your App Connect Dashboard and integration runtimes out of the box on IBM Cloud Kubernetes Service

By Shanna Xu posted 16 days ago

  

Introduction

With the release of IBM® App Connect Operator 12.8.0, App Connect Dashboard and integration runtime resources now support ingress out of the box on IBM Cloud Kubernetes Service (IKS).

Whilst you can continue to manually create, and subsequently manage the life cycle of ingress, this new feature allows the App Connect Dashboard and integration runtimes to manage the life cycle of their required ingress resources. It is worth noting that this new feature is available only with App Connect licenses.

This article contains a tutorial on how to enable your App Connect Dashboard and integration runtimes to manage ingress on IKS.

Prerequisites

  • Install App Connect Operator 12.8.0 or later
  • Install App Connect Dashboard and integration runtime versions 13.0.2.1-r1 or later
  • Use App Connect licenses only (such as AppConnectEnterpriseProduction)
  • Use Kubernetes version 1.27, 1.28, or 1.29
  • Configure a test cluster on IKS, either Classic or VPC
  • [Optional] To use the CustomerDatabaseV1.bar file that is featured in this tutorial, you can download the cp4i-https-basic-auth.zip file from the official App Connect documentation.  This .zip file contains the CustomerDatabaseV1.bar file, which is a simple REST-based integration.

Article index

Note: In this article, resource names are highlighted in dark red.  Keywords that are displayed on a UI are highlighted in bold.

Scenario 1: Create and access the App Connect Dashboard with ingress enabled on IKS

  1. On the test cluster, create a namespace called ace-ingress with the following command: 
    kubectl create namespace ace-ingress
  2. Set ace-ingress as your current namespace, so that the subsequent commands target it. 
    kubectl config set-context --current --namespace ace-ingress
  3. Follow the documentation on entitlement key to create a secret resource named ibm-entitlement-key. This key enables you to download the required images for the Dashboard.
  4. To define the custom resource (CR) for a Dashboard instance, copy the following YAML template into a file, and save it as dashboard-ingress.yaml. 
    apiVersion: appconnect.ibm.com/v1beta1
kind: Dashboard
metadata:
  name: example-dash
  labels:
    backup.appconnect.ibm.com/component: dashboard
  namespace: ace-ingress
spec:
  ingress:
    enabled: true
  api:
    enabled: true
  license:
    accept: true
    license: L-KPRV-AUG9NC
    use: AppConnectEnterpriseProduction
  pod:
    containers:
      content-server:
        resources:
          limits:
            memory: 512Mi
          requests:
            cpu: 50m
            memory: 50Mi
      control-ui:
        resources:
          limits:
            memory: 512Mi
          requests:
            cpu: 50m
            memory: 125Mi
  storage:
    size: 5Gi
    type: persistent-claim
    class: ibmc-file-gold-gid
  replicas: 1
  version: '13.0.2.1-r1'
  displayMode: IntegrationRuntimes
  authorization:
    integrationKeycloak:
      enabled: false
  authentication:
    integrationKeycloak:
      enabled: false
    1. Ensure that spec.ingress.enabled is set to true. This setting enables the Dashboard to automatically manage the life cycle of its required ingress resources. By default, this value is set to false, which requires you to manually set up ingress for the Dashboard resource.
    2. Notice that spec.api.enabled is set to true. With ingress enabled, this means that the Dashboard instance not only manages the life cycle of the UI ingress, but also the API ingress. 
    3. Notice that spec.license.use is set to AppConnectEnterpriseProduction because this new feature is available only with App Connect licenses.
    4. Notice that spec.version is set to 13.0.2.1-r1, which reconciles the Dashboard instance to the latest operand version for App Connect Operator 12.8.0.
    5. Follow the storage instructions for the App Connect Dashboard to set spec.storage.class.
  5. Now, create a Dashboard instance with the following command: 
    kubectl apply -f dashboard-ingress.yaml
  6. Wait for the Dashboard instance to become ready, and then verify that the required ingress resources are created. You can carry out the following actions:
    1. Check the status of the Dashboard instance with the following command: 
      kubectl get dashboard example-dash
      The output provides details on the current status of the Dashboard instance. When the instance is ready, you can see that STATUS is set to ReadyUI URL is set to the Dashboard UI, and API URL is set to the Dashboard API.
      Here is an example output: 
      NAME           RESOLVEDVERSION   REPLICAS   CUSTOMIMAGES   STATUS   UI URL                                                  API URL                                                 KEYCLOAK URL   AGE
example-dash   13.0.2.1-r1       1          false          Ready    https://example-dash-ui-ace-ingress.testcluster.cloud   https://example-dash-api-ace-ingress.testcluster.cloud                  1m
      Additional information:
      • The App Connect Dashboard UI and API URLs are in the format of https://[host_prefix].[cluster_subdomain]
        • The value of host_prefix is immutable, and in a format of [dashboard_name]-[ui|api]-[dashboard_namespace]
        • The value of cluster_subdomain is the default subdomain of your cluster. In your IKS cluster, it is exposed by the k8s-alb-health ingress in the kube-system namespace.
        • Instead of using the default cluster subdomain to construct your App Connect Dashboard URLs, you can provide a customised subdomain by providing a value for spec.ingress.domain.
          For example, with spec.ingress.domain set to mytest.domain, the App Connect Dashboard UI URL in this case becomes https://example-dash-ui-ace-ingress.mytest.domain.
          You can provide the customised subdomain when you create the Dashboard, or you can modify an existing CR to automatically update the ingress host.

    2. [Optional] Alternatively, locate the App Connect Dashboard UI and API URLs in the YAML output of the Dashboard instance. The UI URL is shown in spec.status.adminUiUrl and spec.status.endpoints, and the API URL in spec.status.adminApiUrl and spec.status.endpoints.
      Run the following command: 
      kubectl get dashboard example-dash -o yaml
      Here is an example output: 
      status:
  adminApiUrl: https://example-dash-api-ace-ingress.testcluster.cloud
  adminUiUrl: https://example-dash-ui-ace-ingress.testcluster.cloud
  conditions:
    - lastTransitionTime: "2025-01-21T14:09:57Z"
      message: dashboard is ready
      reason: Deployed
      status: "True"
      type: Ready
  customImages: false
  endpoints:
    - name: ui
      type: UI
      uri: https://example-dash-ui-ace-ingress.testcluster.cloud
    - name: api
      type: API
      uri: https://example-dash-api-ace-ingress.testcluster.cloud
    3. Verify the required ingress resources are created with the following command: 
      kubectl get ingress
      Because we enabled both ingress and API in step 4, the Dashboard instance creates two ingress resources as shown in the following example. 
      NAME                     CLASS                  HOSTS                                                       ADDRESS         PORTS     AGE
example-dash-ui          public-iks-k8s-nginx   example-dash-ui-ace-ingress.testcluster.cloud               x.x.x.x         80        1m		
example-dash-api         public-iks-k8s-nginx   example-dash-api-ace-ingress.testcluster.cloud              x.x.x.x         80        1m
      Additional information:
      • The ingress name is in a format of [dashboard_name]-[ui|api]. In this example, example-dash-ui in the NAME column is the ingress for the UI of the Dashboard instance, whilst example-dash-api is for the API.
      • These ingress resources are created and owned by the Dashboard instance. As a result, when you delete the Dashboard instance, these ingress resources are also deleted.
  7. After the App Connect Dashboard deployment is ready, use the App Connect Dashboard UI URL to access the UI.
Congratulations! You have created a Dashboard instance with ingress enabled. When you are ready, navigate to scenario 2 to create and test an integration runtime from this Dashboard instance.

Scenario 2: Create and test an integration runtime with ingress enabled on IKS

This scenario contains three parts. Parts 1 and 2 demonstrate how to create an integration runtime instance with ingress enabled. Follow part 1 to use the App Connect Dashboard UI for creation. Alternatively, follow part 2 to use the Kubernetes CLI for creation. Finally, you can use part 3 to test the running integration runtime.

Scenario 2 requires you to use the content server in the Dashboard to store the CustomerDatabaseV1.bar file that you downloaded in the Prerequisites section. Therefore, you will need to manually upload the BAR file to the Dashboard UI, before you create the integration runtime. You should already have a Dashboard instance running in the same namespace, with ingress enabled, as described in scenario 1.

Part 1: Use the App Connect Dashboard UI to create an integration runtime with ingress enabled

  1. From the navigation pane, click Dashboard, and then click Deploy integrations to create an integration runtime instance.
  2. Click Quick start integration, and click Next.
  3. Upload the CustomerDatabaseV1.bar file, and click Next.
  4. Skip Create configuration, and click Next.
  5. Use the final creation page to configure the integration runtime instance. 
    Click YAML editor to edit the CR. 
    Complete the following actions:
    1. Set metadata.name to example-ir to provide a unique name for your integration runtime.
    2. Set spec.license.use to AppConnectEnterpriseProduction because this new feature is available only with App Connect licenses.
    3. Add spec.ingress.enabled and set it to true. This setting enables the integration runtime to automatically manage the life cycle of its required ingress resources. By default, this value is set to false, which requires you to manually set up ingress for the integration runtime resource.
    4. Add spec.metrics.disabled and set it to true because metrics are not provided out of the box on Kubernetes.
    5. Notice that spec.barURL is set to the URL of the BAR file that you uploaded in step 3.
    6. Finally, click Create to deploy the integration runtime.
  6. Wait for the integration runtime instance to become ready. You will need to refresh the web page to pick up the status update.

    Tip: To understand how your integration runtime manages ingress, see step 4 in part 2.
Congratulations! You have created an integration runtime with ingress enabled. When you are ready, navigate to part 3 to test the integration runtime.

Part 2: Use the Kubernetes CLI to create an integration runtime with ingress enabled

  1. Before you start to use the Kubernetes CLI to create the integration runtime, upload the CustomerDatabaseV1.bar file to the Dashboard UI.
    1. From the navigation pane in the Dashboard UI, click BAR files, click Import BAR file, and then import the CustomerDatabaseV1.bar file.
    2. Click the options menu (⋮) for the imported BAR file, and then click Display BAR URL.
    3. Copy the BAR file location and save it in a temporary file. You will need to use this location to set the barURL in the integration runtime CR.
  2. To define the CR for your integration runtime, copy the following YAML template into a file, and save it as ir-ingress.yaml. 
    apiVersion: appconnect.ibm.com/v1beta1
kind: IntegrationRuntime
metadata:
  name: example-ir
  labels:
    backup.appconnect.ibm.com/component: integrationruntime
  namespace: ace-ingress
spec:
  ingress:
    enabled: true
  license:
    accept: true
    license: L-KPRV-AUG9NC
    use: AppConnectEnterpriseProduction
  template:
    spec:
      containers:
        - resources:
            requests:
              cpu: 300m
              memory: 368Mi
          name: runtime
  logFormat: basic
  defaultNetworkPolicy:
    enabled: true
  replicas: 1
  version: '13.0.2.1-r1'
  barURL:
    - 'https://example-dash-dash.ace-ingress:3443/v1/directories/CustomerDatabaseV1?55584220-0410-408d-9dfa-d77971c79507'
  metrics:
    disabled: true
    1. Ensure that spec.ingress.enabled is set to true. This setting enables the integration runtime resource to automatically manage the life cycle of its required ingress resources. By default, this value is set to false, which requires you to manually set up ingress for the integration runtime resource.
    2. Set spec.barURL to the BAR file location that you copied in step 1.
  3. Now, create an integration runtime with the following command: 
    kubectl apply -f ir-ingress.yaml
  4. Wait for the integration runtime to become ready, and then verify that the required ingress resources are created. You can carry out the following actions:
    1. Check the status of the integration runtime with the following command: 
      kubectl get ir example-ir
      The output provides details about the current status of the integration runtime. When the instance is ready, you can see that STATUS is set to Ready, and URL is set to the ingress host for the integration runtime.
      Here is an example output: 
      NAME         RESOLVEDVERSION   STATUS   REPLICAS   AVAILABLEREPLICAS   URL                                                    AGE   CUSTOMIMAGES
example-ir   13.0.2.1-r1       Ready    1          1                   http://example-ir-http-ace-ingress.testcluster.cloud   1m    false
      Additional information:
      • The integration runtime HTTP URL is in the format of https://[host_prefix].[cluster_subdomain]
        • The value of host_prefix is immutable, and in a format of [integration_runtime_name]-http-[integration_runtime_namespace]
        • The value of cluster_subdomain is the default subdomain of your cluster. In your IKS cluster, this subdomain is exposed by the k8s-alb-health ingress in the kube-system namespace.
        • Instead of using the default cluster subdomain to construct your App Connect integration runtime HTTP URL, you can provide a customised subdomain by specifying a value for spec.ingress.domain.
          For example, with spec.ingress.domain set to mytest.domain, the App Connect integration runtime HTTP URL in this case becomes https://example-ir-http-ace-ingress.mytest.domain.
          You can provide the customised subdomain when you create the integraiton runtime, or you can modify an existing CR to automatically update the ingress host.
    2. [Optional] Alternatively, locate the integration runtime HTTP and HTTPS URLs in the YAML output of the integration runtime instance. They are both shown in spec.status.endpoints.
      Run the following command: 
      kubectl get ir example-ir -o yaml
      Here is an example output: 
      status:
  availableReplicas: 1
  conditions:
    - lastTransitionTime: "2025-01-23T13:02:23Z"
      message: IntegrationRuntime is ready.
      reason: Deployed
      status: "True"
      type: Ready
      customImages: false
  endpoints:
    - name: http endpoint
      type: api
      uri: http://example-ir-http-ace-ingress.testcluster.cloud
    - name: https endpoint
      type: api
      uri: https://example-ir-https-ace-ingress.testcluster.cloud
    3. Verify that the required ingress resources are created with the following command: 
      kubectl get ingress
      Because we enabled ingress and did not set spec.forceFlowsHTTPS.enabled to true, this integration runtime creates two ingress resources as shown in the following example. 
      NAME                    CLASS                  HOSTS                                                      ADDRESS         PORTS     AGE
example-ir-http         public-iks-k8s-nginx   example-ir-http-ace-ingress.testcluster.cloud              x.x.x.x         80        1m
example-ir-https        public-iks-k8s-nginx   example-ir-https-ace-ingress.testcluster.cloud             x.x.x.x         80,443    1m
      Additional information:
      • The ingress name is in a format of [integration_runtime_name]-[http|https]. In this example, example-ir-http in the NAME column is the ingress for the HTTP endpoint of the integration runtime resource, whilst example-ir-https is for the HTTPS endpoint.
      • These ingress resources are created and owned by the integration runtime. As a result, when you delete the integration runtime, these ingress resources are also deleted.
  5. After the integration runtime deployment is ready, navigate to part 3 to test this integration runtime.

Part 3: Test an integration runtime from the Dashboard UI

  1. From the Dashboard UI, click the tile for the integration runtime, then click the CustomerDatabaseV1 API tile.
  2. From the Documentation tab, click GET /customers to get all customers from the database. Then, click the Try it tab to test the API. Because the integration runtime was created with ingress enabled, you can test your application out of the box.
  3. In Parameters section, click Generate to set a maximum length for the query, and finally click Send to send the GET request to the application.
    You should receive a response code of 200 that indicates a success.

Conclusion

The IBM® App Connect Operator (version 12.8.0 or later) handles ingress for App Connect Dashboard and integration runtime instances on IKS. This means that you can access the App Connect Dashboard UI as soon as a Dashboard instance becomes ready. In addition, you can test integration runtimes that are running on such Dashboard instances out of the box.

If you want to upgrade your existing Dashboard and integration runtime instances to exploit this new feature, see [documentation link to update when it is available].

0 comments
35 views

Permalink