Deploying all API management subsystems on Linux x86_64 (Platform UI)
Deploy an instance with all API management subsystems on a Linux x86_64 cluster so that you can create, manage, and share APIs. This procedure uses the Platform UI.
Introduction
Deploy all API Connect subsystems on a Linux x86_64 cluster.
Before you begin
- The API Connect operator and instances must be from the same release and fix pack level of API
Connect to ensure a successful installation. Table 1 lists the current version of the operator and
instance for API Connect.
Table 1. API Connect version and operator for Cloud Pak for Integration API Connect (instance) Operator channel version Highest operator version 10.0.7.0 v5.1 5.1.0 - API Connect supports only the
restricted
SCC (security context constraint) in OpenShift. - API Connect requires the use of block storage.
About this task
Prerequisites
If you have not already done so, review Installing and follow the installation procedures that are required for your cluster.
Deploying an instance of API Connect or API Calls
Complete the following steps to deploy an instance of API management:
- Log in to the Platform UI. Use the authentication method and credentials set by your administrator.
- On the Instances section, click Create an instance.
- Select the API management tile and click Next.
- On the Create an instance for API management page, use one of the following deployment options:
- To deploy by using the default configuration, click the tile for the deployment option that you need, then click Next. You can modify the default configuration as needed.
- To deploy by using an existing template from Automation assets, click the Select a template tile. If you do not have Automation assets
installed, a panel opens. Click the link to open a guided installation for Automation assets.
- Select a template and preview its contents.
- Click Create from asset.
- API Connect 10.0.6.0 or later: Optionally override the default deployment profile for one or
more API Connect subsystems.
If you want to customize the profile for an API Connect subsystem, add a template override to the
apiconnectCluster
CR:- Click the YAML tab.
- Modify the sample template as appropriate for your deployment.
The following example template includes overrides for all API Connect subsystems but you do not have to use them all. Delete the sections that you don't want to use, and modify the remaining sections as needed. For information on the available profiles for each subsystem, see the links to the topics in this section of the API Connect documentation: Component profiles, CPU limits, memory limits, and licensing.
spec: template: - name: management containers: - name: cr env: - name: PROFILE value: n1xc2.m16 - name: portal containers: - name: cr env: - name: PROFILE value: n1xc2.m8 - name: analytics containers: - name: cr env: - name: PROFILE value: n1xc2.m16 - name: gateway containers: - name: cr env: - name: PROFILE value: n1xc1.m8
- Add the customized template into the
spec
section of the CR and then return to the Basic settings page.
- On the Basic settings page, fill in the configuration fields that are
described in Table 2.Note: You only need to complete the fields in Table 2. All other settings are preconfigured and can be accepted as-is. If you prefer to customize the configuration settings, click Advanced settings and fill in the configuration fields as explained in API Connect cluster configuration settings in the API Connect documentation.
Table 2. Basic configuration settings for API Connect Input Value Name A name for your API Connect instance. License acceptance Click to accept the license. You must accept the license to install API Connect. License use Select production or nonproduction to match the type of license that you purchased. License metric Enter the unit of measure that is used for your program license: - VIRTUAL_PROCESSOR_CORE - Default value. If you leave the field blank, this value is used.
- MONTHLY_API_CALL - Applies only to the "IBM Cloud Pak for Integration - API Calls"
program.
For information on tracking monthly call volume, see Tracking API volume for auditing and compliance.
License ID The License ID for the API Connect program that you purchased: - API Connect - Select L-MMBZ-295QZQ (the license ID for program name "IBM
API Connect Enterprise V10.0.7.0").
If you purchased Cloud Pak for Integration, accept the API Connect Enterprise license when you purchase your VPCs (virtual processor cores).
- API Calls add-on - Select L-GGQD-G7AYJD (the license ID for Program Name
"IBM Cloud Pak for Integration - API Calls 2023.4.1").
If you purchased Cloud Pak for Integration - API Calls (which is an add-on product), select the CP4I API Calls license, which entitles you to track usage by the monthly number of API calls instead of the number of installed VPCs (virtual processor cores).
To view the available License IDs, see API Connect licenses in the API Connect documentation.
Deployment profile Select the type of API Connect installation profile that you want. The default corresponds to the tile that was selected in the previous screen: - Small - Single replica (n1xc7.m48) best suited for light, noncritical workloads such as small team development and testing. Deploys 1 replica of the Management, Developer Portal, Analytics, and Gateway components with a minimal footprint.
- Medium - Single replica (n1xc16.m72) ideal for medium workloads such as organizational development, testing, and production when in alignment with business availability requirements. Deploys 1 replica of the Management, Developer Portal, Analytics, and Gateway components.
- Large - Three replicas (n3xc16.m48) ideal for heavy workloads when business requires redundancy for greater availability & capacity. Deploys 3 replicas of the Management, Developer Portal, Analytics, and Gateway components.
- Medium - Single replica - Remote Gateway (n1xc12.m64) ideal for medium workloads such as organizational development, testing, and production when in alignment with business availability requirements. Must be configured for use with existing or independently deployed Gateways. Deploys 1 replica of the Management, Developer Portal, and Analytics components.
- Large - Three replicas - Remote Gateway (n3xc12.m40) ideal for heavy workloads when business requires redundancy for greater availability & capacity. Must be configured for use with existing or independently deployed Gateways. Deploys 3 replicas the Management, Developer Portal, and Analytics components.
In the next step you can optionally customize the deployment profile for each API Connect subsystem (version 10.0.5.2 and later). In addition, you can switch to a different deployment profile after installation as explained in Changing the deployment profile on Cloud Pak for Integration in the API Connect documentation.
Product version Select the API Connect product version or channel to be installed. Storage class Specify the RWO block storage class to use for persistent storage. API Connect 10.0.7.0 requires an S3 object-store for backing up the management database. If you are unable to configure S3 storage, you can install API Connect with no backup settings configured. If you use this configuration, then no management database backups are taken and disaster recovery is impossible.
To install without backup settings configured, click the YAML tab to manually edit the CR. In the CR, delete thedatabaseBackup
section from the CR, and add the following annotation in themetadata
section:metadata: annotations: apiconnect-operator/backups-not-configured: "true"
- API Connect 10.0.7.0 or later: Optionally deploy with Cloud Pak endpoints.
Beginning with version 10.0.7.0, API Connect no longer uses the Cloud Pak
cpd
routes for endpoints when deployed as a component of Cloud Pak for Integration. Instead, the API Management component uses the typical default API Connect routes (or the custom endpoints configured in the CR).If you want to deploy with Cloud Pak endpoints, complete the following steps:- Click the YAML tab to manually edit the CR.
- Insert the
deprecatedCloudPakRoute
object into thespec.management
section as shown in the following example:apiVersion: apiconnect.ibm.com/v1beta1 kind: APIConnectCluster metadata: labels: app.kubernetes.io/instance: apiconnect app.kubernetes.io/managed-by: ibm-apiconnect app.kubernetes.io/name: apiconnect-minimum name: <name_of_your_instance> namespace: <APIC-namespace> spec: license: accept: true license: L-MMBZ-295QZQ metric: PROCESSOR_VALUE_UNIT use: nonproduction profile: n1xc17.m48 version: 10.0.7.0 storageClassName: <default-storage-class> management: deprecatedCloudPakRoute: enabled: true cloudPakEndpoint: hosts: - name: cpd-apic.apps.admin-<domain>.com
- Optional: If you want to add a custom certificate for the Cloud Pak route, complete the
following steps:
- Create a Cloud Pak certificate that was signed by a Cloud Pak CA as in the following
example:
--- apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: custom-cpd-ca namespace: apic spec: selfSigned: {} --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: custom-cpd namespace: apic spec: commonName: small-mgmt-cpd dnsNames: - cpd-apic.apps.admin-apickeycloak.cp.fyre.ibm.com duration: 17520h0m0s issuerRef: kind: Issuer name: custom-cpd-ca privateKey: algorithm: RSA rotationPolicy: Always size: 2048 renewBefore: 720h0m0s secretName: custom-cpd usages: - key encipherment - digital signature - server auth
- In the CR, provide the secret name within the
cloudPakEndpoint
property of the newdeprecatedCloudPakRoute
object; for example:spec: deprecatedCloudPakRoute: enabled: true cloudPakEndpoint: hosts: - name: cpd-apic.apps.admin-<domain>.com secretName: custom-cpd
- Create a Cloud Pak certificate that was signed by a Cloud Pak CA as in the following
example:
- Click Create.
API Connect configures the API Connect "Common Services User Registry" (CSUR), and then on-boards
the OpenShift kubeadmin
user into the CSUR as the API Connect Administrator. When
you invite users to join provider organizations based on the CSUR, the user must open a private
(incognito) browser to accept the invitation and register with API Connect.
Configuring your API Connect instance
Complete basic configuration settings for your instance of API Connect.
- Click the
next to the API Connect instance name, and select Cloud Manager.
- Log in to Cloud Manager with the Common Services user registry, using the
same username and password that you used for logging in to the Platform UI.
Users must log in to the Cloud Pak for Integration platform in order to access the Cloud Manager and API Manager user interfaces in API Connect.
- Configure a mail server for sending invitations and notifications to users as explained in Configuring an email server for notifications in the API Connect documentation.
What to do next
When you finish installing API Connect, Backing up your Cloud Pak for Integration API Connect deployment so that your data can be restored in the event of an emergency.