Deploy API Connectivity Manager on Kubernetes
Review the following requirements for API Connectivity Manager before continuing.
To install API Connectivity Manager, you must first install Instance Manager. This is because API Connectivity Manager relies on features that are included with Instance Manager.
Refer to the following table to see the module compatibility for each F5 NGINX Management Suite chart.
| NGINX Instance Manager chart | Chart | Instance Manager | 
|---|---|---|
| 2.0.0 | nginx-stable/nim | 2.20.0 | 
| 2.19.2 | nginx-stable/nms-hybrid | 2.19.2 | 
| 2.19.1 | nginx-stable/nms-hybrid | 2.19.1 | 
| 2.19.0 | nginx-stable/nms-hybrid | 2.19.0 | 
| 1.15.0 | ngnx-stable/nms | 2.18.0 | 
| 1.14.4 | ngnx-stable/nms | 2.17.4 | 
| 1.14.0 | ngnx-stable/nms | 2.17.0 | 
| 1.13.0 | ngnx-stable/nms | 2.16.0 | 
| 1.12.1 | ngnx-stable/nms | 2.15.1 | 
| 1.12.0 | ngnx-stable/nms | 2.15.0 | 
| 1.11.0 | ngnx-stable/nms | 2.14.0 | 
| 1.10.1 | ngnx-stable/nms | 2.13.1 | 
| 1.10.0 | ngnx-stable/nms | 2.13.1 | 
| 1.9.0 | ngnx-stable/nms | 2.13.0 | 
Follow these steps to download the Docker image for API Connectivity Manager:
- 
Go to the MyF5 website, then select Resources > Downloads. 
- 
In the Select Product Family list, select NGINX. 
- 
In the Product Line list, select NGINX API Connectivity Manager. 
- 
Select the following download options: - Product version – Select the version of API Connectivity Manager you want to install. Make sure this version is compatible with the version of Instance Manager you installed as a prerequisite. Refer to the Dependencies with Instance Manager section above.
- Linux distribution – Select the Linux distribution you’re deploying to. For example, ubuntu.
- Distribution Version – Select the Linux distribution’s version. For example, 20.04.
- Architecture – Select the architecture. For example, amd64.
 
- 
In the Download Files section, download the nms-acm-<version>-img.tar.gzfile.
To complete the commands in this section, you need to have Docker 20.10 or later installed.
- 
Change to the directory where you downloaded the Docker image: cd <directory name>
- 
Load the Docker image from the nms-acm-<version>-img.tar.gzarchive:docker load -i nms-acm-<version>-img.tar.gzThe output looks similar to the following: shell $ docker load -i nms-acm-<version>-img.tar.gz 1b5933fe4b5: Loading layer [==================================================>] 5.796MB/5.796MB fbe0fc9bcf95: Loading layer [==================================================>] 17.86MB/17.86MB ... 112ae1f604e0: Loading layer [==================================================>] 67.8MB/67.8MB 4b6a693b90f4: Loading layer [==================================================>] 3.072kB/3.072kB Loaded image: nms-acm:1.5.0Take note of the loaded image’s name and tag. You’ll need to reference this information in the next section when pushing the image to your private registry. In the example output above, nms-acmis the image name and1.5.0is the tag. The image name or tag could be different depending on the product version you downloaded from MyF5.
To complete the steps in this section, you need an externally-accessible private Docker registry to push the container images to.
To push the Docker images to your private registry, take the following steps:
- 
Replace <my-docker-registry:port>with your private Docker registry and port (if needed).
- 
Replace <version>with the tag you noted when loading the Docker image above.
- 
Log in to your private registry: docker login <my-docker-registry:port>
- 
Tag the image with the image name and version you noted when loading the Docker image. docker tag nms-acm:<version> <my-docker-registry:port>/nms-acm:<version>For example: docker tag nms-acm:1.5 myregistryhost:5000/nms-acm:1.5
- 
Push the image to your private registry: docker push <my-docker-registry:port>/nms-acm:<version>For example: docker push nms-acm:1.5 myregistryhost:5000/nms-acm:1.5
To enable the API Connectivity Manager Module, take the following steps:
- 
Open the values.yamlfile for editing.
- 
Add the following snippet to the values.yamlfile:- Replace <my-docker-registry:port>with your private Docker registry and port (if needed).
- Replace <version>with the tag you noted when loading the Docker image above.
- In the imagePullSecretssection, add the credentials for your private Docker registry.
 yaml # values.yaml global: nmsModules: nms-acm: enabled: true nms-acm: imagePullSecrets: - name: regcred acm: image: repository: <my-docker-registry:port>/nms-acm tag: <version>
- Replace 
- 
Close and save the values.yamlfile.
To complete the steps in this section, you need to have OpenSSL 1.1.1 or later installed.
Run the following command to upgrade the NGINX instance deployment:
- 
Replace <path-to-your-values.yaml>with the path to the values.yaml file you created.
- 
Replace YourPassword123#with a secure password that contains a combination of uppercase and lowercase letters, numbers, and special characters.Make sure to copy and save the password for future reference. Only the encrypted password is stored in Kubernetes. There’s no way to recover or reset a lost password.
- 
(Optional) Replace <nms-chart-version>with the desired version; see the table below for the available versions. Alternatively, you can omit this flag to install the latest version.
helm upgrade -n nms --set nms-hybrid.adminPasswordHash=$(openssl passwd -6 'YourPassword123#') nms nginx-stable/nms -f <path-to-your-values.yaml> [--version <nms-chart-version>] --waitThis command upgrades an existing Helm chart deployment named nms with a new version of the chart located in the nginx-stable/nms repository. It also sets the value of the nms-hybrid.adminPasswordHash to the hashed version of the provided password and uses a values.yaml file located at the provided path.
If you’ve already deployed API Connectivity Manager and would like to upgrade to a newer version, take the following steps:
- 
Repeat the steps above to: 
- 
Run the helm upgradecommand above to upgrade the NGINX Management Suite deployment.
You can access the NGINX Instance Manager web interface using the external IP address for the API Gateway.
- 
To look up the external IP address for the API Gateway, run the following command: kubectl -n nim get svc apigwThis kubectlcommand shows details for theapigwservice in thenimnamespace. You’ll see the service type, port, cluster IP, and external IP addresses.The default service type is ClusterIPand the output looks similar to the following example:text NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE apigw ClusterIP 10.108.57.167 <none> 443/TCP 32sUsing the CLUSTER-IPvalue, go tohttps://<CLUSTER-IP>:443/ui.For example, https://10.108.57.167/ui.This IP address might not be reachable, depending on how the Kubernetes cluster networking was configured. If so, the apigwservice type can be changed to a more suitable option, such asLoadBalancer, by changing the Configurable Helm Setting value forapigw.service.type.
A valid license is required to make full use of all the features in API Connectivity Manager.
Refer to the Add a License topic for instructions on how to download and apply a trial license, subscription license, or Flexible Consumption Program license.
The following table lists the configurable parameters and default values used by the API Connectivity Manager chart when installing from a Helm chart.
To modify a configuration for an existing release, run the helm upgrade command and use -f <my-values-file>, where my-values-file is a path to a values file with your desired configuration.
| Parameter | Description | Default | 
|---|---|---|
| nms-acm.acm.logLevel | Set the log level for the backend API service. The log level can be fatal,error,warning,info, ordebug | info | 
| nms-acm.acm.image.repository | Repository name and path for the acmimage. | acm | 
| nms-acm.acm.image.tag | Tag used for pulling images from registry. | latest | 
| nms-acm.acm.image.pullPolicy | Image pull policy. | IfNotPresent | 
| nms-acm.acm.container.port.http | TCP port for the pod to listen on. | 8037 | 
| nms-acm.acm.container.port.db | Port to use for Dqlite. | 9300 | 
| nms-acm.acm.metrics.enabled | Enable metrics. | false | 
| nms-acm.acm.service.httpPort | TCP port for the service to listen on. | 8037 | 
| nms-acm.acm.resources.requests.cpu | CPU resource limits to allow for the acmpods. | 500m | 
| nms-acm.acm.resources.requests.memory | Memory resource limits to allow for the apipods. | 512Mi | 
| nms-acm.acm.persistence.enabled | Optionally disable persistent storage, used for database data. | true | 
| nms-acm.acm.persistence.claims | An array of persistent volume claims, can be modified to use an existing PVC. | See the Dqlite configuration section below. | 
| nms-acm.acm.devportal.credentials.enabled | Enables the Create Credentials Endpoint on the Developer Portal | false | 
| nms-acm.acm.devportal.credentials.ssl | This should be set to true if mTLS has been configured between API Connectivity Manager and the Developer Portal, for more information see Create Credentials Endpoint on the Developer Portal | false | 
| nms-acm.acm.devportal.client.caSecret.name | This should be set if an unknown Certificate Authority is needed for communication with the Developer Portal in order to provide a CA certificate. This should be set to the name of the secret in the release namespace that contains the CA certificate. | Blank | 
| nms-acm.acm.devportal.client.caSecret.key | This should be set if an unknown Certificate Authority is needed for communication with the Developer Portal in order to provide a CA certificate. This should be set to the key of the secret in the release namespace that contains the CA certificate. | Blank | 
  - name: dqlite
    existingClaim:
    size: 500Mi
    accessMode: ReadWriteOnceFor guidance on how to create a support package containing system and service details to share with NGINX Customer Support, refer to the guide Create a Support Package from a Helm Installation.