Advertisements
RSS

Tag Archives: OpenShift

How to run the 3Scale APICast Gateway in OpenShift ?

In my last blogpost I’ve shown how to run the 3Scale APICast Gateway in a Docker container. The next step would be to run APICast in OpenShift (both are Red Hat family members) and this was part of a showcase for a client. This blogpost will show you which steps to make.

High Level Overview

So this is how our setup looks like with very bright shiny pretty colours:

The preperation

What we need:

  • Endpoint for the API to hit, like apicast.rubix.local
  • Endpoint of the 3Scale SaaS environment (like jvzoggel-admin.3scale.net)
  • 3Scale SaaS Access Token which is something like 93b21fc40335f58ee3a93d5a5c343…..
  • user key which is shown at the bottom of the SaaS API Configuration screen in the curl example or can be found in Application -> your app

First make sure the API Endpoint is set in the 3Scale SaaS environment and copy the the curl example at the bottom for your own convenience.

API endpoint to hit

You probably already have an Access Token, if not you can generate one from Personal Settings -> Tokens -> Access Tokens

Make sure to always note down access tokens since your not able to retrieve it again.

The commands

We make sure OpenShift is running (I use my local OS X machine to run so adjust commands where needed when a remote OpenShift cluster is needed)

jvzoggel$ oc cluster up --docker-machine=openshift
Starting OpenShift using openshift/origin:v3.7.0 ...
OpenShift server started.

The server is accessible via web console at:
    https://192.168.99.100:8443

You are logged in as:
    User:     developer
    Password: <any value>

To login as administrator:
    oc login -u system:admin

Note the OpenShift URL (in this case 192.168.99.100) presented here, we will need this later.

Next step we will use the OC command to create a new project,

 
jvzoggel$ oc new-project "3scalegateway" --display-name="gateway" --description="Rubix 3scale gateway on OpenShift demo"
Now using project "3scalegateway" on server "https://192.168.99.100:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git

to build a new example application in Ruby.

The next step is to set a configuration variable which the APICast image will use to connect on runtime to the 3Scale SaaS environment to download the configuration. The string needs the 3Scale SaaS Access Token and your MY_ACCOUNT-admin.3scale.net.

 
jvzoggel$ oc secret new-basicauth apicast-configuration-url-secret --password=https://MY_ACCESS_TOKEN@jvzoggel-admin.3scale.net
secret/apicast-configuration-url-secret

We are now going to create a new application in our project which uses a template to retrieve it’s 3Scale image and configuration settings. You can check out the template by checking the URL in your browser.

jvzoggel$ oc new-app -f https://raw.githubusercontent.com/3scale/apicast/master/openshift/apicast-template.yml
--> Deploying template "3scalegateway/3scale-gateway" for "https://raw.githubusercontent.com/3scale/apicast/master/openshift/apicast-template.yml" to project 3scalegateway

     3scale-gateway
     ---------
     3scale API Gateway

     * With parameters:
        * CONFIGURATION_URL_SECRET=apicast-configuration-url-secret
        * CONFIGURATION_FILE_PATH=
        * IMAGE_NAME=quay.io/3scale/apicast:master
        * DEPLOYMENT_ENVIRONMENT=production
        * APICAST_NAME=apicast
        * RESOLVER=
        * SERVICES_LIST=
        * CONFIGURATION_LOADER=boot
        * BACKEND_CACHE_HANDLER=strict
        * LOG_LEVEL=
        * PATH_ROUTING=false
        * RESPONSE_CODES=false
        * CONFIGURATION_CACHE=
        * REDIS_URL=
        * OAUTH_TOKENS_TTL=604800
        * MANAGEMENT_API=status
        * OPENSSL_VERIFY=false
        * REPORTING_THREADS=0

--> Creating resources ...
    deploymentconfig "apicast" created
    service "apicast" created
--> Success
    Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
     'oc expose svc/apicast' 
    Run 'oc status' to view your app.<span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span>

Your 2 pods should spin uo in OpenShift and make sure to check the Logs if no errors are there.

We need to expose our pods to incoming traphic by adding a route through the OpenShift console or through the oc command. I assume you know how to add a route through the console, so here is the command:

 
jvzoggel$ oc expose svc/apicast --name=apicast --hostname=apicast.rubix.local
route "apicast" exposed

Now we can hit our api endpoint. Since I need to hit the API endpoint with apicast.rubix.local which is not known on my host machine, I could edit the /etc/hosts file. But because I don’t like to fill up my hosts I add a HTTP Host header with my request containing the correct endpoint.

 
jvzoggel$ curl "http://192.168.99.100/echo?user_key=MY_KEY" -H "Host: apicast.rubix.local"
{
  "method": "GET",
  "path": "/echo",
  "args": "user_key=my_key_was_here",
  "body": "",
  "headers": {
    "HTTP_VERSION": "HTTP/1.1",
    "HTTP_HOST": "echo-api.3scale.net",
    "HTTP_ACCEPT": "*/*",
    "HTTP_USER_AGENT": "curl/7.54.0",
    "HTTP_X_3SCALE_PROXY_SECRET_TOKEN": "Shared_secret_sent_from_proxy_to_API_backend",
    "HTTP_X_REAL_IP": "172.17.0.1",
    "HTTP_X_FORWARDED_FOR": "192.168.99.1, 89.200.44.122, 10.0.101.13",
    "HTTP_X_FORWARDED_HOST": "echo-api.3scale.net",
    "HTTP_X_FORWARDED_PORT": "443",
    "HTTP_X_FORWARDED_PROTO": "https",
    "HTTP_FORWARDED": "for=10.0.101.13;host=echo-api.3scale.net;proto=https"
  },
  "uuid": "711e9799-1234-1234-b8b6-4287541238"
}jvzoggel:~ jvzoggel$ 

And to proof the statistics, the 3Scale SaaS dashboards show us the metrics:

So setting up 3ScaleAPICast in OpenShift is relatively easy. Further configuring APICast, setting up OpenShift routes between your consumers and API’s and adding (REDIS) caching adds more complexity, but still hope this helps!

References

Advertisements
 
Leave a comment

Posted by on 11-12-2017 in Uncategorized

 

Tags: , , ,

Free ebook, DevOps with OpenShift

When getting started with OpenShift the concepts op Docker, Kubernetes and additional OpenShift toolset can be overwhelming from both the development and infrastructure background perspective. Luckily three OpenShift experts at Red Hat explain in the book “DevOps with OpenShift” how to configure Docker application containers and the Kubernetes cluster manager with OpenShift’s tools.

The book covers (and I quote):

Discover how this infrastructure-agnostic container management platform can help companies navigate the murky area where infrastructure-as-code ends and application automation begins.

  • Get an application-centric view of automation—and understand why it’s important
  • Learn patterns and practical examples for managing continuous deployments such as rolling, A/B, blue-green, and canary
  • Implement continuous integration pipelines with OpenShift’s Jenkins capability
  • Explore mechanisms for separating and managing configuration from static runtime software
  • Learn how to use and customize OpenShift’s source-to-image capability
  • Delve into management and operational considerations when working with OpenShift-based application workloads
  • Install a self-contained local version of the OpenShift environment on your computer

Red Hat offers the eBook for free on their website as a promotion for download here. It’s a great tutorial and sort of a must-read for everyone starting with OpenShift.

 

 

 

 

 
Leave a comment

Posted by on 23-08-2017 in Uncategorized

 

Tags: , ,

How to install and run OpenShift Origin on your Mac OS X ?

Installing OpenShift Origin on OS X

The easiest way to install (many software) on your OS X machine is through Homebrew. So let’s try that! :)

brew update
brew install openshift-cli

Check the installation

jvzoggel$ oc version
oc v3.6.0+c4dd4cf
kubernetes v1.6.1+5115d708d7
features: Basic-Auth

Running

When running OpenShift on your Mac OS X host.

jvzoggel$ oc cluster up
-- Checking OpenShift client ... OK
-- Checking Docker client ... OK
-- Checking Docker version ...
WARNING: Cannot verify Docker version
-- Checking for existing OpenShift container ... OK
-- Checking for openshift/origin:v1.5.1 image ... OK
-- Checking Docker daemon configuration ... FAIL

Error: did not detect an --insecure-registry argument on the Docker daemon
Solution:
Ensure that the Docker daemon is running with the following argument: 
--insecure-registry 172.30.0.0/16
You can run this command with --create-machine to create a machine with the right argument.

We have to add the registry 172.30.0.0/16 to our Docker Daemon through preferences -> Daemon and select Apply & Restart.

Next when I tried to run the cluster I get this error:

jvzoggel$ oc cluster up
-- Checking OpenShift client ... OK
-- Checking Docker client ... OK
-- Checking Docker version ... 
   WARNING: Cannot verify Docker version
-- Checking for existing OpenShift container ... OK
-- Checking for openshift/origin:v1.5.1 image ... OK
-- Checking Docker daemon configuration ... OK
-- Checking for available ports ... OK
-- Checking type of volume mount ... 
   Using Docker shared volumes for OpenShift volumes
-- Creating host directories ... OK
-- Finding server IP ... 
   Using 127.0.0.1 as the server IP
-- Starting OpenShift container ... FAIL
   Error: exec: "socat": executable file not found in $PATH

The error is what misleading because socat is a dependency (check here) in the homebrew openshiftcli and therefor should be installed automatically through the brew command. The real reason seems the Docker Toolbox on OSx requires us to add an additional parameter when starting or stopping our OpenShift cluster.

oc cluster up --docker-machine=openshift
oc cluster down --docker-machine=openshift

Voila! Hope it helps

References

 
Leave a comment

Posted by on 21-08-2017 in Uncategorized

 

Tags: , , ,