• 1.  Difficulties installing DataPower (alone) on OpenShift

    Posted Wed April 28, 2021 11:05 AM
    I have been struggling for the last days on the installation of DataPower on OpenShift (DP alone, not part of CP4I or APIC).
    I was able to create a DataPowerService, but not to use it.

    Here are the details of what I did:
    -  I was able to create an operator, a DataPowerService and a DataPowerMonitor. However, I could not go any further. I found kind of a documentation (, but it did not provide me with the level of information I needed.

    - It seems that the DataPowerService which was created includes the REST admin interface only:
        - name: rest-mgmt
          port: 5554
    And it does not seem possible to add other interfaces (such as the Web mgmt interface) when creating the DataPowerService.

    - A "datapower-operator" service was also created, but it does not include the 5554 port. I added it:
        - name: rest-mgmt
          protocol: TCP
          port: 5554
          targetPort: 5554

    - No route was created and I created one with settings suitable for the REST mgmt interface:
        kind: Service
        name: datapower-operator
        weight: 100
        targetPort: rest-mgmt
        termination: passthrough
      wildcardPolicy: None

    With these settings, I am still not able to reach the REST mgmt interface:
    curl -u admin:******* -k -v
    *   Trying
    * TCP_NODELAY set
    * Connected to ( port 443 (#0)
    * ALPN, offering http/1.1
    * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
    * TLSv1.2 (OUT), TLS header, Certificate Status (22):
    * TLSv1.2 (OUT), TLS handshake, Client hello (1):
    * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
    * Closing connection 0
    curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to

    Any idea?

    Patrick Marie

  • 2.  RE: Difficulties installing DataPower (alone) on OpenShift

    Posted Wed April 28, 2021 06:10 PM
    The problem is fixed now. I had to create a Configuration map, to refer to it in the DataPowerService, then to define and service and a route. Now the Web management interface is available.

    Patrick Marie

  • 3.  RE: Difficulties installing DataPower (alone) on OpenShift

    Posted Wed April 28, 2021 08:03 PM
    Hi Patrick,

    The DataPower Operator does not automatically configure the WebGUI (web-mgmt) service in the DataPower operand. The rest-mgmt service is configured by default because it is used for internal communication between the operator and the DataPower itself. If you wish you enable the web-mgmt service you would do so via ConfigMap utilizing the domains API. For example, the ConfigMap might look like:

    apiVersion: v1
    kind: ConfigMap
      name: web-mgmt
      web-mgmt.cfg: |
        top; configure terminal;
          admin-state enabled
          port 9090
          idle-timeout 9000
          ssl-config-type server

    Then you can add this in a domains spec, like so:

      - name: default
          - web-mgmt​

    There is an in-depth guide to the domains API here:

    If you wish to expose any service (whether it be an MPGW or web-mgmt), you would do so by creating your own Service object and exposing it with either an Ingress or a Route. You should not modify the Service objects that the operator creates by default.

    I hope this helps.

    Aidan Harbison