Deploying all API management subsystems on Linux x86_64 (Platform UI)

Introduction

Deploy all API Connect subsystems on a Linux x86_64 cluster.

Before you begin

• The API Connect operator and instances must be from the same release and fix pack level of API Connect to ensure a successful installation. Table 1 lists the current version of the operator and instance for API Connect.

  Table 1. API Connect version and operator for Cloud Pak for Integration

  API Connect (instance)	Operator channel version	Highest operator version
  10.0.7.0	v5.1	5.1.0

• API Connect supports only the restricted SCC (security context constraint) in OpenShift.
• API Connect requires the use of block storage.

About this task

Prerequisites

If you have not already done so, review Installing and follow the installation procedures that are required for your cluster.

Deploying an instance of API Connect or API Calls

Complete the following steps to deploy an instance of API management:

1. Log in to the Platform UI. Use the authentication method and credentials set by your administrator.

2. On the Instances section, click Create an instance.

3. Select the API management tile and click Next.

4. On the Create an instance for API management page, use one of the following deployment options:
   • To deploy by using the default configuration, click the tile for the deployment option that you need, then click Next. You can modify the default configuration as needed.
   • To deploy by using an existing template from Automation assets, click the Select a template tile. If you do not have Automation assets installed, a panel opens. Click the link to open a guided installation for Automation assets.
     1. Select a template and preview its contents.
     2. Click Create from asset.

5. API Connect 10.0.6.0 or later: Optionally override the default deployment profile for one or more API Connect subsystems.

   If you want to customize the profile for an API Connect subsystem, add a template override to the apiconnectCluster CR:

   1. Click the YAML tab.
   2. Modify the sample template as appropriate for your deployment.

      The following example template includes overrides for all API Connect subsystems but you do not have to use them all. Delete the sections that you don't want to use, and modify the remaining sections as needed. For information on the available profiles for each subsystem, see the links to the topics in this section of the API Connect documentation: Component profiles, CPU limits, memory limits, and licensing.

      spec:
        template:
        - name: management
          containers:
          - name: cr
            env:
            - name: PROFILE
              value: n1xc2.m16
        - name: portal
          containers:
          - name: cr
            env:
            - name: PROFILE
              value: n1xc2.m8
        - name: analytics
          containers:
          - name: cr
            env:
            - name: PROFILE
              value: n1xc2.m16
        - name: gateway
          containers:
          - name: cr
            env:
            - name: PROFILE
              value: n1xc1.m8

   3. Add the customized template into the spec section of the CR and then return to the Basic settings page.
6. On the Basic settings page, fill in the configuration fields that are described in Table 2.
   Note: You only need to complete the fields in Table 2. All other settings are preconfigured and can be accepted as-is. If you prefer to customize the configuration settings, click Advanced settings and fill in the configuration fields as explained in API Connect cluster configuration settings in the API Connect documentation.

   Table 2. Basic configuration settings for API Connect

   Input	Value
   Name	A name for your API Connect instance.
   License acceptance	Click to accept the license. You must accept the license to install API Connect.
   License use	Select production or nonproduction to match the type of license that you purchased.
   License metric	Enter the unit of measure that is used for your program license: VIRTUAL_PROCESSOR_CORE - Default value. If you leave the field blank, this value is used. MONTHLY_API_CALL - Applies only to the "IBM Cloud Pak for Integration - API Calls" program. For information on tracking monthly call volume, see Tracking API volume for auditing and compliance.
   License ID	The License ID for the API Connect program that you purchased: API Connect - Select L-MMBZ-295QZQ (the license ID for program name "IBM API Connect Enterprise V10.0.7.0"). If you purchased Cloud Pak for Integration, accept the API Connect Enterprise license when you purchase your VPCs (virtual processor cores). API Calls add-on - Select L-GGQD-G7AYJD (the license ID for Program Name "IBM Cloud Pak for Integration - API Calls 2023.4.1"). If you purchased Cloud Pak for Integration - API Calls (which is an add-on product), select the CP4I API Calls license, which entitles you to track usage by the monthly number of API calls instead of the number of installed VPCs (virtual processor cores). To view the available License IDs, see API Connect licenses in the API Connect documentation.
   Deployment profile	Select the type of API Connect installation profile that you want. The default corresponds to the tile that was selected in the previous screen: Small - Single replica (n1xc7.m48) best suited for light, noncritical workloads such as small team development and testing. Deploys 1 replica of the Management, Developer Portal, Analytics, and Gateway components with a minimal footprint. Medium - Single replica (n1xc16.m72) ideal for medium workloads such as organizational development, testing, and production when in alignment with business availability requirements. Deploys 1 replica of the Management, Developer Portal, Analytics, and Gateway components. Large - Three replicas (n3xc16.m48) ideal for heavy workloads when business requires redundancy for greater availability & capacity. Deploys 3 replicas of the Management, Developer Portal, Analytics, and Gateway components. Medium - Single replica - Remote Gateway (n1xc12.m64) ideal for medium workloads such as organizational development, testing, and production when in alignment with business availability requirements. Must be configured for use with existing or independently deployed Gateways. Deploys 1 replica of the Management, Developer Portal, and Analytics components. Large - Three replicas - Remote Gateway (n3xc12.m40) ideal for heavy workloads when business requires redundancy for greater availability & capacity. Must be configured for use with existing or independently deployed Gateways. Deploys 3 replicas the Management, Developer Portal, and Analytics components. In the next step you can optionally customize the deployment profile for each API Connect subsystem (version 10.0.5.2 and later). In addition, you can switch to a different deployment profile after installation as explained in Changing the deployment profile on Cloud Pak for Integration in the API Connect documentation.
   Product version	Select the API Connect product version or channel to be installed.
   Storage class	Specify the RWO block storage class to use for persistent storage. API Connect 10.0.7.0 requires an S3 object-store for backing up the management database. If you are unable to configure S3 storage, you can install API Connect with no backup settings configured. If you use this configuration, then no management database backups are taken and disaster recovery is impossible. To install without backup settings configured, click the YAML tab to manually edit the CR. In the CR, delete the databaseBackup section from the CR, and add the following annotation in the metadata section: metadata: annotations: apiconnect-operator/backups-not-configured: "true"

7. API Connect 10.0.7.0 or later: Optionally deploy with Cloud Pak endpoints.

   Beginning with version 10.0.7.0, API Connect no longer uses the Cloud Pak cpd routes for endpoints when deployed as a component of Cloud Pak for Integration. Instead, the API Management component uses the typical default API Connect routes (or the custom endpoints configured in the CR).

   If you want to deploy with Cloud Pak endpoints, complete the following steps:

   1. Click the YAML tab to manually edit the CR.
   2. Insert the deprecatedCloudPakRoute object into the spec.management section as shown in the following example:

      apiVersion: apiconnect.ibm.com/v1beta1
      kind: APIConnectCluster
      metadata:
        labels:
          app.kubernetes.io/instance: apiconnect
          app.kubernetes.io/managed-by: ibm-apiconnect
          app.kubernetes.io/name: apiconnect-minimum
        name: <name_of_your_instance> 
        namespace: <APIC-namespace> 
      spec:
        license:
          accept: true
          license: L-MMBZ-295QZQ
          metric: PROCESSOR_VALUE_UNIT
          use: nonproduction
        profile: n1xc17.m48
        version: 10.0.7.0
        storageClassName: <default-storage-class>
        management:
          deprecatedCloudPakRoute:
            enabled: true
            cloudPakEndpoint:
              hosts:
              - name: cpd-apic.apps.admin-<domain>.com

   3. Optional: If you want to add a custom certificate for the Cloud Pak route, complete the following steps:
      1. Create a Cloud Pak certificate that was signed by a Cloud Pak CA as in the following example:

         ---
         apiVersion: cert-manager.io/v1
         kind: Issuer
         metadata:
          name: custom-cpd-ca
          namespace: apic
         spec:
          selfSigned: {}
         ---
         apiVersion: cert-manager.io/v1
         kind: Certificate
         metadata:
           name: custom-cpd
           namespace: apic
         spec:
           commonName: small-mgmt-cpd
           dnsNames:
           - cpd-apic.apps.admin-apickeycloak.cp.fyre.ibm.com
           duration: 17520h0m0s
           issuerRef:
             kind: Issuer
             name: custom-cpd-ca
           privateKey:
             algorithm: RSA
             rotationPolicy: Always
             size: 2048
           renewBefore: 720h0m0s
           secretName: custom-cpd
           usages:
           - key encipherment
           - digital signature
           - server auth

      2. In the CR, provide the secret name within the cloudPakEndpoint property of the new deprecatedCloudPakRoute object; for example:

         
         spec:
           deprecatedCloudPakRoute:
             enabled: true
             cloudPakEndpoint:
               hosts:
               - name: cpd-apic.apps.admin-<domain>.com
                 secretName: custom-cpd

8. Click Create.

API Connect configures the API Connect "Common Services User Registry" (CSUR), and then on-boards the OpenShift kubeadmin user into the CSUR as the API Connect Administrator. When you invite users to join provider organizations based on the CSUR, the user must open a private (incognito) browser to accept the invitation and register with API Connect.

Configuring your API Connect instance

Complete basic configuration settings for your instance of API Connect.

1. Click the next to the API Connect instance name, and select Cloud Manager.

2. Log in to Cloud Manager with the Common Services user registry, using the same username and password that you used for logging in to the Platform UI.

   Users must log in to the Cloud Pak for Integration platform in order to access the Cloud Manager and API Manager user interfaces in API Connect.

3. Configure a mail server for sending invitations and notifications to users as explained in Configuring an email server for notifications in the API Connect documentation.

What to do next

When you finish installing API Connect, Backing up your Cloud Pak for Integration API Connect deployment so that your data can be restored in the event of an emergency.