DataPower Gateway for Docker

The first-class approach to build IBM® DataPower® Gateway as a containerized application is to build and upload a DataPower Docker image to your repository.

A DataPower Docker image is the combination of your DataPower configuration artifacts and a version-specific DataPower firmware image. Each DataPower Docker image in your repository is a purpose-built application that you can deploy without any post-deployment activities. The deployment of a DataPower Gateway uses the DataPower Operator. For more information, see IBM DataPower Operator documentation.

When you decompress the archive file in a Docker container on your workstation, the root path for files is the /opt/ibm/datapower directory. The important directories and files are as follows.

cert:: /opt/ibm/datapower/root/secure/usrcerts
config:: /opt/ibm/datapower/drouter/config
local:: /opt/ibm/datapower/drouter/local
drouter: /opt/ibm/datapower/root/drouter

The DataPower Docker image inherits the DNS settings from the /etc/hosts and /etc/resolv.conf files in the container. Docker manages these files on behalf of containers. To alter the DNS settings for the DataPower Docker image, use the Docker tools to manage these files.

The default password-management behavior is masked. When masked, the passphrase-obfuscated password is shown from the CLI, stored in the persisted configuration, and included in an export package. For more information, see Managing domain settings.

The cryptographic materials to connect to the DataPower GUI are not in the Docker image. The DataPower Gateway automatically generates the self-signed key-cert pair cert:///webgui-privkey.pem and cert:///webgui-sscert.pem at the first start and uses these files as the default cryptographic materials for the DataPower GUI. You can create and use your own cryptographic materials.