Enabling API governance on VMware

You can optionally configure API governance in API Connect on VMware by enabling the governance microservice.

About this task

API governance is an optional add-on to IBM® API Connect that can be used to validate and enforce organizational governance policies and best practices to your API development process.

Note:

These instructions apply only to VMware installations. For Kubernetes, OpenShift, and IBM Cloud Pak for Integration installations, see Enabling API governance on Kubernetes.
API governance rulesets cannot be added to your deployment until the governance microservice is enabled.
All of the commands must be run in the apicup management project directory.

To enable or disable the governance microservice, see the following instructions:

Enabling the governance microservice
Disabling the governance microservice

After the governance microservice is enabled, API governance resources can be created. For more information, see Configuring API governance in the Cloud Manager, and Configuring API governance in the API Manager.

Procedure

Enabling the governance microservice
1. Open your API Connect installation project directory.
2. Run the following apicup command to enable the governance microservice:
```
apicup subsys set <mgmt_subsystem_name> governance-enabled=true
```
  Where <mgmt_subsystem_name> is the name of the management subsystem that you are configuring.
3. Install the new setting for the governance microservice by running the following command:
```
apicup subsys install <mgmt_subsystem_name> --debug
```
  Including the --debug option enables the debug output for the command.
4. Monitor the health-check output until the management subsystem is healthy by running the following command:
```
apicup subsys health-check <mgmt_subsystem_name>
```
  If one or more of the health criteria are not met, the command stops processing and displays a message with the failure, and exits with a status of 1. The following output is an example of unhealthy output while the install is running:
```
Error: Cluster not in good health:
 ManagementCluster (current ha mode: active) is not ready | State: 15/17 Phase: Pending
 ManagementCluster (current ha mode: active) is not ready | State: 15/17 Phase: Pending
```
  When all of the health criteria are successfully met, the command displays no output, and exits with a status of 0.
Disabling the governance microservice
1. Open your API Connect installation project directory.
2. Run the following apicup command to disable the governance microservice:
```
apicup subsys set <mgmt_subsystem_name> governance-enabled=false
```
  Where <mgmt_subsystem_name> is the name of the management subsystem that you are configuring.
3. Install the new setting for the governance microservice by running the following command:
```
apicup subsys install <mgmt_subsystem_name> --debug
```
  Including the --debug option enables the debug output for the command.

Results

Note that when the governance microservice is enabled, there are a number of new deployments, jobs, and pods in the ManagementCluster namespace. These Kubernetes governance resources have names containing either compliance-service or compliance-ui. For example:

kubectl get pods -n apic | grep compliance
management-compliance-service-f6cdf95fc-t4qkx                     1/1     Running     0          127m
management-compliance-ui-59897fcc4-zm25v                          1/1     Running     0          126m
management-up-compliance-service-data-populate-0-to-1-t2f4d       0/1     Completed   1          132m
management-up-compliance-service-schema-0-to-1-2lkqq              0/1     Completed   0