Chapter 4. Invoking the Data Grid REST API

Data Grid services expose a REST endpoint at port 8443.

By default, Data Grid requires user authentication for data access and encryption for client connections.

Authentication
Data Grid authorizes data access requests with credentials that you specify with the APPLICATION_USER and APPLICATION_PASSWORD parameters.
Encryption
When Data Grid pods start they generate TLS certificate/key pairs and save them in the service-certs secret. The TLS certificates are signed by the OpenShift certificate authority (CA).

4.1. Creating External Routes to the REST API

REST clients running outside OpenShift access Data Grid pods through routes with reencrypt termination.

Procedure

  1. Create a route with reencrypt termination.

    $ oc create route reencrypt ${ROUTE_NAME} \
      --port=https \
      --service ${APPLICATION_NAME}

    For example:

    $ oc create route reencrypt cache-service-https-route \
      --port=https \
      --service cache-service
  2. Run oc get routes to find the HTTPS route hostname, for example:

    $ oc get routes
    
    NAME                         HOST/PORT
    cache-service-https-route    cache-service-https-route-rhdg-helloworld.192.0.2.0.nip.io

4.2. Making REST Calls

Prerequisite

  • Configure REST clients for authentication and encryption.

    On OpenShift
    Create truststores with the CA bundle mounted in the pod at:
    /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
    Outside OpenShift
    Create truststores with the CA for your OpenShift environment.

Procedure

  • Invoke the Data Grid REST API as appropriate.

    For example, invoke a PUT call to add a key:value pair:

    curl -X PUT \
      -u ${USERNAME}:${PASSWORD} \
      -H 'Content-type: text/plain' \
      -d 'world' \
      https://${HOSTNAME_FOR_HTTPS_ROUTE}/rest/default/hello

4.2.1. Using the OpenShift CA to Make REST Calls

In cases where the CA certificate is not valid, such as local OpenShift clusters or Red Hat OpenShift Container Platform development installations, you can use service-ca.crt to make REST calls.

Procedure

  1. Get service-ca.crt from Data Grid pods.

    $ oc rsync ${pod_name}:/var/run/secrets/kubernetes.io/serviceaccount/..data/service-ca.crt .
  2. Pass service-ca.crt when you invoke REST calls.

    curl -X PUT \
      -u ${USERNAME}:${PASSWORD} \
      --cacert service-ca.crt \
      -H 'Content-type: text/plain' \
      -d 'world' \
      https://${HOSTNAME_FOR_HTTPS_ROUTE}/rest/default/hello