What's new in Version 10.0.5.5
This page details the enhancements in IBM® API Connect Version 10.0.5.5 since the previous release.
For details on the specific APARs that are included in this release, links to downloads, and additional blogs and conference notices, see the IBM API Connect 10.0.5.5 Support Announcement page.
- Direct upgrade from Version 2018 is no longer supported. To upgrade from 2018, upgrade to 10.0.5.4 (or another version of 10.0.5.x prior to 10.0.5.5), and then upgrade to 10.0.5.5 or later versions.
- Cert-manager update required for Kubernetes deployments. API Connect 10.0.5.5 uses cert-manager 1.11.5. If you are upgrading a deployment on Kubernetes, be sure to update the cert-manager as explained in the procedure for Upgrading subsystems on native Kubernetes.
- The following Drupal modules are now unsupported and their installation is blocked in the Developer Portal:
- All of the advanced aggregation modules;
advagg
,advagg_mod
,advagg_js_minify
,advagg_css_minify
,advagg_ext_minify
,advagg_validator
, andadvagg_bundler
. These modules are blocked due to incompatibility with the current Drupal version. statistics
module. This module is being deprecated by Drupal.tfa
module. Two-factor authentication isn't available within the Developer Portal. If multi-factor authentication is required, it can be configured within an OpenID Connect (OIDC) user registry; see Creating an OIDC user registry.
- All of the advanced aggregation modules;
What's new for Developers
- LDAP updates
- The UI for creating an LDAP registry now provides options for specifying the scope for "Search DN" (subtree, one level, and base) as you can in the CLI.
- You can now specify whether your LDAP is Microsoft Active Directory in the UI and with the CLI, to ensure that the directory is handled correctly in API Connect.
What's new for API product managers
- Analytics Monitoring Data Dashboard
- The Cloud Manager and API Manager analytics view have a new dashboard called Monitoring Data Dashboard. The new dashboard provides information on which applications, plans, consumer organizations, and APIs are sending and receiving the most data.
- New analytics API event fields
- From API Connect
10.0.5.5 and later, when using IBM
DataPower® 10.5.0.8 or later
with the DataPower API
Gateway, two
new fields are now included in the API event records:
api_resource_id
: String containing the resource ID for the API used by the gateway. Format isapi_name:api_version:method:path
.gateway_service_name
: The name of the gateway service, as configured in the Cloud Manager UI.
- Analytics event
query_string
fields are now stored as text - API event
query_string
fields are now stored in Analytics as text for improved indexing. - Top 20 analytics charts
- New analytics charts that show the top 20 APIs, applications, and consumer organizations.
- Analytics scroll API responses sorted by datetime
- Calls to the analytics REST API
events/scroll
operation return results sorted by datetime. - Analytics charts variable length time axis
- The time axis on analytics charts is sized appropriate to the available data points and selected time period.
- Analytics time range options in UI
- New time range options for viewing API event data in the UI:
- Last minute of API event data.
- Last 5 minutes of API event data.
What's new for API consumers
- Download your APIs in JSON format
- You can now download your OpenAPI documents from the Developer Portal UI
in JSON format, as well as YAML format. You can select your required download option from the
Overview section of the API.
What's new for Developer Portal site administrators
- Ability to configure the analytics chart views in the Developer Portal
- You can now configure which analytics charts of API data are displayed to API consumers in the Developer Portal. Previously, if access to analytics data is granted, API consumers see all of the default charts of application and organization analytics data, including API statistics, response times, and error information. Now, you can configure which charts are displayed to your API consumers, by using the menu in the Developer Portal UI.
- Updates to the Developer Portal content commands
-
The content command now enables you to export and import your Developer Portal site content. The following content commands are added:
content:create-export
Creates a task to export a .tgz file of your site content.
content:create-import
Creates a task to import an archive of your site content.
content:delete-export
Cancels any currently running
content:create-export
tasks, and deletes any related artifacts.content:delete-import
Cancels any currently running
content:create-import
tasks, and deletes any related artifacts.content:get-export
Streams the content of a specific completed export task to a .tgz file.
content:get-export-status
Returns the status of a specific export task.
content:get-import-status
Returns the status of a specific import task.
Also, the
content:list
entity type flag name is changed from--content_type
to--entity_type
. There is no change to thecontent:list-types
command.For more information about the content commands and how to use them, see Using the content commands .
- New Developer Portal export-entity commands
- The following export-entity commands are added, which enable you to export
assorted entity content from your Developer Portal
site.
export-entity:create
Creates a new export entity, which is the container for the entity content that you want to export.
export-entity:add-content
Adds content to an existing export entity.
export-entity:get
Returns a list of the content of a specific export entity.
export-entity:remove-content
Removes certain content from a specific export entity.
export-entity:delete
Deletes a specific export entity.
export-entity:launch
Launches an export entity polling task that creates a .tgz file of all of the entities that are contained in a specific export entity. Can be run with a
--no-poll
option, in which case the task doesn't return a .tgz file, but just returns the task ID.export-entity:get-launch-export
Streams the content of a specific completed
export-entity:launch
task to a .tgz file.export-entity:delete-launch-export
Cancels a currently running
export-entity:launch
task, and deletes any related artifacts.export-entity:get-launch-export-status
Returns the status of a specific
export-entity:launch
task.export-entity:list
Returns a list of all of the export entities within a specific Developer Portal. Each export entity contains a defined list of all of the entity content that will be exported if
export-entity:launch
is run.
For more information about the export-entity commands and how to use them, see Using the export-entity commands.
Note that you can now also export and import entities from the Developer Portal UI. When you're editing a content entity type in the UI, you can click Export in the side navigation bar. To create an export entity container and export that entity, including any required embedded entities, click Export entity. Or, if you have an existing export entity container, you can select the required container, and click Add to the export. You can also view and manage all of your export entities by clicking , and all of your import entities by clicking .
- Updates to the Developer Portal site commands
-
The site command now enables you to export and import the entire configuration for a Developer Portal site, including custom modules, custom themes, site configuration, and site content. The added commands mean that you can easily replicate a Developer Portal site, for example replicating a test site into a production site. The following site commands are added:
site:create-export
Creates a task to export a .tgz archive file of your entire site configuration. You can then use this archive to create an identical Developer Portal site.
site:create-import
Creates a task to import an archive of your entire site configuration, completely overriding the original site configuration, including content, custom modules, and custom themes.
site:delete-export
Cancels any currently running
site:create-export
tasks, and deletes any related artifacts.site:delete-import
Cancels any currently running
site:create-import
tasks, and deletes any related artifacts.site:get-export-status
Returns the status of a specific export task.
site:get-export
Streams the content of a specific completed export task to a .tgz file.
site:get-import-status
Returns the status of a specific import task.
Important: If you want to import a site export configuration file, the export file must have been created on the same version of API Connect as the version that you want to import to.For more information about the site commands and how to use them, see Using the site commands.
- Updates to the list of blocked Drupal modules
- The following Drupal modules are now unsupported and their installation is blocked in the Developer Portal:
- All of the advanced aggregation modules;
advagg
,advagg_mod
,advagg_js_minify
,advagg_css_minify
,advagg_ext_minify
,advagg_validator
, andadvagg_bundler
. These modules are blocked due to incompatibility with the current Drupal version. statistics
module. This module is being deprecated by Drupal.tfa
module. Two-factor authentication isn't available within the Developer Portal. If multi-factor authentication is required, it can be configured within an OpenID Connect (OIDC) user registry; see Creating an OIDC user registry.
- All of the advanced aggregation modules;
- Ability to identify the realm parameter when logging in as a consumer to the toolkit CLI
- You can now find out which realm parameter you need to use when logging in to the Developer Portal with
the toolkit CLI, by
running the following
command:
For more information, see Logging in as a consumer to the Developer Portal by using the CLI.apic identity-providers:list --server consumer_endpoint_api --mode consumer --catalog catalog_name_or_id --org <provider_org_name_or_id> --fields registry_type,realm
What's new for DevOps
- Migrate v5-compatible APIs to the DataPower API Gateway
- If your deployment includes v5-compatible APIs, they can only be used with the DataPower v5-compatible Gateway (also known as the v5c gateway). To use the v5-compatible APIs with the DataPower API Gateway, you must migrate the APIs to the newer format. For more information, see Migrating v5-compatible APIs to API Gateway.
- Cert-manager update required for Kubernetes deployments
- API Connect 10.0.5.5 uses cert-manager 1.11.5. If you are upgrading a deployment on Kubernetes, be sure to update the cert-manager as explained in the procedure for Upgrading subsystems on native Kubernetes.
- After upgrading on Kubernetes or OpenShift, optionally regenerate DataPowerService CRs to use random passwords for gateway-peering
-
Starting with API Connect 10.0.5.5, GatewayCluster pods are configured by default to secure the gateway-peering sessions with a unique, randomly generated password. However, GatewayCluster pods created prior to API Connect 10.0.5.5 are configured to use a single, hard-coded password and upgrading to 10.0.5.5 or later does not replace the hard-coded password.
After upgrading to API Connect 10.0.5.5 or later, you can choose to secure the gateway-peering sessions by running the following command to delete the DataPowerService CR that was created by the GatewayCluster:
- Kubernetes:
kubectl delete dp <gateway_cluster_name>
- OpenShift:
oc delete dp <gateway_cluster_name>
This action prompts the API Connect Operator to recreate the DataPowerService CR with the unique, randomly generated password. This is a one-time change and does not need to be repeated for subsequent upgrades.
Note: This operation results in an API outage until the new GatewayCluster pods start up and are configured by API Connect. If you do not regenerate the CRs during the upgrade procedure, you can schedule this task for planned downtime. There is no need for unscheduled downtime to regenerate the CRs because the gateway-peering sessions are also secured by mutual TLS, so there is very little risk of data exposure/corruption on the pre-10.0.5.5 GatewayClusters.Regenerating the DataPowerService CRs to use random passwords for gateway-peering is included as an optional step in the Upgrading subsystems on Kubernetes, Upgrading on OpenShift in an online environment, and the OpenShift Air-gapped upgrade topics.
- Kubernetes:
- New annotation suppresses Zen behavior in Cloud Pak for Integration
- In previous releases of API Connect, you could only deploy it as the API Management capability
in Cloud Pak for Integration by using a single, top-level CR, and the Cloud Pak for Integration Zen
features were also installed.
Beginning with API Connect 10.0.5.3, you can install the API Management capability with a special annotation in the CR that suppresses the Zen features and allows you to deploy by using either the top-level CR or a set of subsystem-level CRs, even when your deployment includes the Automation UI. The new annotation is supported for all fresh installations of API Connect 10.0.5.3 and later (Cloud Pak for Integration 2022.2.1 and 2022.4.1), and for upgrades from 10.0.1.7-eus (Cloud Pak for Integration 2020.4). For more information, see the sections on Deploying on OpenShift and Cloud Pak for Integration and Upgrading on OpenShift and Cloud Pak for Integration.
- Analytics ingestion resiliency
- Analytics persistent queue feature updated for better resiliency when both internal storage and offload is configured. The offload processes are now separated from the internal storage processes.
- Direct upgrade from Version 2018 is no longer supported
- Beginning with 10.0.5.5, a direct upgrade from version 2018 is no longer supported. To upgrade from 2018, upgrade to v10.0.5.4 (or another version of 10.0.5.x prior to 10.0.5.5), and then upgrade to 10.0.5.5 or later versions.
- Updates to analytics deployment profile storage and ingestion pods
- The memory requests and limits of the storage pods is reduced for the following profiles:
n1xc6.m48
: Reduced from 38 Gi to 37 Gi.n3xc6.m48
: Reduced from 38 Gi to 37 Gi for shared storage, and from 36 Gi to 35 Gi for dedicated storage.n3xc8.m64
: Reduced from 54 Gi to 53 Gi for shared storage, and from 50 Gi to 49 Gi for dedicated storage.
- Upgrade improvements
- Updates to the analytics microservices are redesigned, leading to reduced downtime during upgrades.
- LDAP updates
- The UI for creating an LDAP registry now provides options for specifying the scope for "Search DN" (subtree, one level, and base) as you can in the CLI.
- You can now specify whether your LDAP is Microsoft Active Directory in the UI and with the CLI, to ensure that the directory is handled correctly in API Connect.
- API key now supports multiple uses
- When defining the API key timeout in Cloud Manager, you can additionally choose whether to allow the an application to exchange the API key for an access token multiple times. For more information, see Configuring API key timeouts.