Installation FAQ

This document provides answers to common questions and solutions for issues encountered during the installation of API7 Enterprise.

Q1: Why is the Control Plane unable to connect to the PostgreSQL database?

A: Ensure the following:

• The database host is reachable from the CP environment.
• The database user has sufficient permissions to create tables.
• Port 5432 is open on the database server.
• Check CP logs for specific error messages: kubectl logs -l app.kubernetes.io/name=api7ee -n api7.

Q2: How do I resolve port conflict errors during installation?

A: If ports 7443, 7943, or 9080 are already in use, you can:

• Kubernetes: Change the service port in values.yaml.
• Docker Compose: Update the host-to-container port mapping (e.g., "8443:7443").
• Bare Metal: Update the configuration file to listen on a different port.

Q3: Why is the Data Plane status showing as "Offline" in the Dashboard?

A: This usually indicates a communication issue between the DP and CP.

• Check if the DP can reach the CP address on port 7943.
• Verify that the mTLS certificates are correctly configured and have not expired.
• Ensure the cp_address in the DP configuration is correct.

Q4: I am getting "Permission Denied" when running Helm commands. What should I do?

A: Ensure your Kubernetes context is correctly set and you have administrative privileges for the namespace.

• Run kubectl config current-context to verify your context.
• Use RBAC to grant the necessary permissions to your user account.

Q5: How can I fix image pull errors (ImagePullBackOff)?

A: This error occurs when the Kubernetes node cannot download the container image.

• Check if you have internet access or access to your private registry.
• Verify the image repository and tag in your values.yaml.
• For private registries, ensure the imagePullSecrets are correctly configured.

Q6: My license is invalid. Where can I get a new one?

A: Licenses can be obtained via:

• Trial: Request a trial license.
• Production: Contact your API7 account manager.
• Verification: Check if the license key is correctly copied into your configuration without extra spaces or line breaks.

Q7: Why are CP/DP pods restarting frequently (CrashLoopBackOff)?

A: This is often due to resource limits or misconfiguration.

• Run kubectl describe pod <pod_name> to see the restart reason.
• Check logs for error messages: kubectl logs <pod_name>.
• Verify that your hardware meets the System Requirements.

Q8: How do I configure mTLS between CP and DP?

A: mTLS is required for secure communication.

1. Generate or obtain CA, client, and server certificates.
2. Create a Kubernetes secret containing these certificates.
3. Configure the DP to use the secret name in values.yaml.

Q9: Can I deploy API7 without a LoadBalancer in Kubernetes?

A: Yes, you can use NodePort or ClusterIP services.

• NodePort: Access services via <NodeIP>:<NodePort>.
• ClusterIP: Use an Ingress controller (like NGINX or API7 itself) to route external traffic to the service.

Q10: How do I check the version of my API7 installation?

A:

• Dashboard: Click the User icon and select About.
• Helm: Run helm list -n api7 to see the installed chart version, and helm get values api7ee3 -n api7 to inspect the values used.
• Images: Run kubectl -n api7 get pods -o jsonpath='{.items[*].spec.containers[*].image}' | tr ' ' '\n' | sort -u to list the exact image tags running in the cluster.