Best practices and key considerations while deploying IBM DataPower on Red Hat OpenShift Container Platform
As enterprises progress in their journey to cloud, one of the challenges they face is to migrate the existing services running on the IBM DataPower physical and/or virtual appliances onto a container platform, like Red Hat OpenShift. Below are some of my tips and recommendations that will be valuable as you are going though this process:
- Always use immutable container images that include all the DataPower configuration data.
- All DataPower configuration data, except Crypto Keys and Certificates, is recommended to be stored in the source code repository so that it can be readily extracted during the build process.
- The build process can be kicked-off only by the administrators who have access to the DataPower Crypto Keys and Certificates.
- Update DataPower configuration to use non-default password for the “admin” userID.
- Ensure that all the IBM DataPower Management services (webGui, REST and XML) are disabled in higher environments (especially in production) .
- It is NOT recommended to create an OpenShift project for every IBM DataPower instance. Instead, an OpenShift project can be created per environment for DataPower to handle High Availability.
- Taint and Label the compute nodes that are reserved for running IBM DataPower instances. Also, update the “deployment.yaml” used for creating IBM DataPower instances to tolerate the taints associated with these reserved nodes.
- You should be able to keep the internal ports used by the existing services unless they conflict with other workloads.
- DataPower Services can be exposed as OpenShift routes and/or NodePorts (range: 30000–32767).
- Although, it is okay to include all the existing services in single container, you could run the services in multiple containers grouped based on criticality and/or business unit. Doing so will provide the capability of selective scaling of mission critical applications.
With these recommendations you should be able to successfully accomplish migration of DataPower services onto Red Hat OpenShift Container Platform.
Bring your plan to the IBM Garage.
Are you ready to learn more about DevSecOps and delivering value with the IBM Garage? We’re here to help. Contact us today to schedule time to speak with a Garage expert about your next big idea. Learn about our IBM Garage Method, the design, development and startup communities we work in, and the deep expertise and capabilities we bring to the table.
Schedule a no-charge visit with the IBM Garage.