Chapter 3. Provisioning 3scale services and configurations via the operator (Capabilities)
3.1. Introduction
This document provides information about provisioning 3scale services and configurations via the 3scale operator.
The 3scale operator is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
3.1.1. Prerequisites
- A 3scale 2.5 On-Premises instance
- You must have the 3scale operator installed.
OpenShift Container Platform 3.11
- A user account with administrator privileges in the OpenShift cluster
When using the operator to update API configurations in 3scale, the custom resource definitions (CRDs) are the source of truth. If changes are made in the Admin UI, they will not persist and eventually be overridden by the definition in the CRD.
3.2. Deploying Capabilities related custom resources
You will start to configure APIs, metrics and mappingrules in you newly created tenant by only using Openshift Objects.
Create your first API
apiVersion: capabilities.3scale.net/v1alpha1 kind: API metadata: creationTimestamp: 2019-01-25T13:28:41Z generation: 1 labels: environment: testing name: api01 spec: planSelector: matchLabels: api: api01 description: api01 integrationMethod: apicastHosted: apiTestGetRequest: / authenticationSettings: credentials: apiKey: authParameterName: user-key credentialsLocation: headers errors: authenticationFailed: contentType: text/plain; charset=us-ascii responseBody: Authentication failed responseCode: 403 authenticationMissing: contentType: text/plain; charset=us-ascii responseBody: Authentication Missing responseCode: 403 hostHeader: "" secretToken: Shared_secret_sent_from_proxy_to_API_backend_9603f637ca51ccfe mappingRulesSelector: matchLabels: api: api01 privateBaseURL: https://echo-api.3scale.net:443 metricSelector: matchLabels: api: api01
In all the Selectors (metric, plan, mappingrules) we use a specific label
api: api01
, you can change that and add as many labels and play with the selectors to cover really complex scenarios.Add a Plan
apiVersion: capabilities.3scale.net/v1alpha1 kind: Plan metadata: labels: api: api01 name: plan01 spec: approvalRequired: false default: true costs: costMonth: 0 setupFee: 0 limitSelector: matchLabels: api: api01 trialPeriod: 0
Add a metric called
metric01
apiVersion: capabilities.3scale.net/v1alpha1 kind: Metric metadata: labels: api: api01 name: metric01 spec: description: metric01 unit: hit incrementHits: false
Set a limit with a limit of 10 hits per day for the metric
apiVersion: capabilities.3scale.net/v1alpha1 kind: Limit metadata: labels: api: api01 name: plan01-metric01-day-10 spec: description: Limit for metric01 in plan01 maxValue: 10 metricRef: name: metric01 period: day
Add a MappingRule to increment
metric01
apiVersion: capabilities.3scale.net/v1alpha1 kind: MappingRule metadata: labels: api: api01 name: metric01-get-path01 spec: increment: 1 method: GET metricRef: name: metric01 path: /path01
Bind using the binding object
You will use the credentials created by the Tenant Controller
apiVersion: capabilities.3scale.net/v1alpha1 kind: Binding metadata: name: mytestingbinding spec: credentialsRef: name: ecorp-tenant-secret APISelector: matchLabels: environment: testing
The binding object references the
ecorp-tenant-secret
and creates the API objects that are labeled asenvironment: staging
.Navigate to your new 3scale tenant and check that everything has been created.
NoteFor more information, check the reference documentation: Capabilities CRD Reference.
3.3. Deploying optional tenants custom resource
Optionally, you may create other tenants deploying Tenant custom resource objects.
Deploy a new tenant in your 3scale instance by creating a secret to store the administrator password:
$ cat ecorp-admin-secret.yaml apiVersion: v1 kind: Secret metadata: name: ecorp-admin-secret type: Opaque stringData: admin_password: <admin password value> $ oc create -f ecorp-admin-secret.yaml secret/ecorp-admin-secret created
Create a new tenant CR YAML file with the following content:
apiVersion: capabilities.3scale.net/v1alpha1 kind: Tenant metadata: name: ecorp-tenant spec: username: admin systemMasterUrl: https://master.<wildcardDomain> email: admin@ecorp.com organizationName: ECorp masterCredentialsRef: name: system-seed passwordCredentialsRef: name: ecorp-admin-secret tenantSecretRef: name: ecorp-tenant-secret namespace: operator-test
NoteFor more information about the Tenant Custom Resource fields and possible values, refer to the Tenant CRD Reference documentation.
export NAMESPACE="operator-test" oc project ${NAMESPACE} oc create -f <yaml-name>
- This should trigger the creation of a new tenant in your 3scale solution in the operator-test project.
Tenant provider_key and admin domain URL will be stored in a secret. You can specify the secret location by using tenantSecretRef
tenant spec key.
3.4. Deleting created custom resources
Deleting the APIManager will delete the 3scale installation.
Delete the APIManager custom resource and the 3scale solution elements that have been deployed from it.
Deleting the APIManager will delete all 3scale related objects in where it has been deployed:
oc delete -f <yaml-name-of-the-apimanager-custom-resource>
Delete the 3scale operator, its associated roles and service accounts.
oc delete -f deploy/operator.yaml oc delete -f deploy/role_binding.yaml oc delete -f deploy/service_account.yaml oc delete -f deploy/role.yaml
Delete the APIManager and Capabilities related CRDs.
oc delete -f deploy/crds/