Adding and accessing Red Hat OpenShift API Management

Guide
  • Red Hat OpenShift API Management 1
  • Updated 19 July 2021
  • Published 08 December 2020

Adding and accessing Red Hat OpenShift API Management

Guide
Red Hat OpenShift API Management 1
  • Updated 19 July 2021
  • Published 08 December 2020

Red Hat OpenShift API Management is a managed API traffic control and program management service based on the Red Hat 3scale API Management platform. It includes an implementation of Red Hat Single Sign-On. You can add OpenShift API Management to an existing OpenShift Dedicated or OpenShift Service on AWS cluster in the OpenShift Cluster Manager.

Introduction to Red Hat OpenShift API Management

Application Programming Interface (API) management refers to the processes of distributing, controlling, and analyzing the APIs that connect applications and data across cloud environments. You can streamline API management in a unified service by using Red Hat OpenShift API Management. OpenShift API Management is a managed service that is based on the Red Hat 3scale API Management platform and is available as an add-on in Red Hat OpenShift Dedicated. With OpenShift API Management you can secure, manage, and monitor APIs at every stage of the development lifecycle. Use OpenShift API Management to manage users, oversee the API gateway, and configure APIs for increased accessibility.

You can deploy Red Hat OpenShift API Management on Amazon Web Services (AWS) versions of OpenShift Dedicated and the Red Hat OpenShift Service on AWS. Red Hat OpenShift API Management includes capabilities of the following Red Hat products:

  • Red Hat Single Sign-On provides single sign-on (SSO) authentication to secure web applications.

  • Red Hat 3scale API Management is a management platform that allows users to share, secure, distribute, control, and monetize APIs. After setting up authentication and user accounts, OpenShift API Management developers, also referred to as API providers, can configure, and publish 3scale API products.

The following actions are important to understand before you use Red Hat OpenShift API Management:

  • Configuring your identity provider to provision OpenShift Dedicated and secure APIs.

    The email address and the User Principal Name (UPN) must be paired for Red Hat Single Sign-On configured with OpenID to work between OpenShift and Red Hat 3scale API Management. The UPN and email must match or the OpenID UPN and email fields must map to the username field and email field of the customer in the OpenShift IDP configuration.
  • Accessing the Red Hat OpenShift API Management service definition, to understand the features, considerations, limits, and alerts of OpenShift API Management.

  • Understanding the roles in Red Hat OpenShift API Management to recognize user permissions.

  • Accessing the workflows for Red Hat OpenShift API Management to understand how to create, secure, and publish APIs.

  • Setting the Classless Inter-Domain Routing (CIDR) block to ensure there is no overlap with any network that the Red Hat OpenShift API Management customer would like to peer with in the OpenShift cluster virtual private cloud (VPC). You can click the link in the OpenShift Cluster Manager to apply the default CIDR block, or you can provide a custom CIDR block. After submitting the initial configuration, you cannot modify the CIDR block. If you want to change the CIDR block, you must delete and reinstall Red Hat OpenShift API Management.

  • Optional: Creating a service control policy for Customer Cloud Subscription (CCS) users who must create an AWS OpenShift Dedicated cluster.

Adding OpenShift API Management to your cluster

Red Hat OpenShift API Management can be added to a Red Hat OpenShift Dedicated cluster or a Red Hat OpenShift Service on AWS cluster. You can use the OpenShift Cluster Manager to add OpenShift API Management to an existing cluster, to make the service available for use by API providers.

Prerequisites
  • You have provisioned an OpenShift Dedicated cluster or an OpenShift Service on AWS cluster, that meets the product requirements for adding the OpenShift API Management service, as outlined in the Red Hat OpenShift API Management service definition.

  • You have configured your identity provider (IDP).

    Email addresses must match for Red Hat Single Sign-On configured with OpenID to work between OpenShift and Red Hat 3scale API Management. The User Principal Name (UPN) and email must match or the OpenID UPN and email fields must map to the username field and email field of the customer in the OpenShift IDP configuration.
Procedure
  1. Enter the following URL in a browser:

    https://cloud.redhat.com
  2. Log in to your Red Hat account.

  3. Click Open on the Red Hat OpenShift Cluster Manager option. The OpenShift Cluster Manager console is displayed.

  4. In OpenShift Cluster Manager, click Clusters in the menu. A list of clusters in the console is displayed.

  5. Select a cluster from the list of clusters.

  6. Click the Add-ons tab.

  7. Select the Red Hat OpenShift API Management option.

  8. Click Install on the Red Hat OpenShift API Management option.

  9. Enter the CIDR block in the CIDR Range field.

    The CIDR block must not overlap with any network you would like to peer with in the OpenShift cluster VPC. If you do not specify a CIDR block, you can click the link in the OpenShift Cluster Manager to apply the default CIDR block. After submitting the initial configuration, you cannot modify the CIDR block. If you want to change the CIDR block, you must delete and reinstall Red Hat OpenShift API Management.
  10. In the Notification Email field, enter the email address you would like to receive OpenShift API Management service notifications.

  11. In the Quota field, select a Daily Rate Limit Quota from the drop-down menu.

    You can not select a daily rate limit quota that exceeds the SKU specified and assigned during the purchase of the Red Hat OpenShift API Management service. For example, if you purchased a 10 Million SKU, you can not successfully apply a daily rate limit quota greater than 10 Million.
    If you are using the OpenShift Dedicated trial cluster, you do not have acccess to the daily rate limit quota options. You can only select the Evaluation option in the Quota drop-down menu. The Evaluation option has a daily rate limit of 1 million API calls and does not include production-level support. For more information on accessing all features of OpenShift API Management, refer to the Red Hat OpenShift API Management service definition.
  12. Click Install.

Verification
  1. Ensure Installed and a check mark are displayed on the Red Hat OpenShift API Management option.

    The Installed status is displayed before Red Hat OpenShift API Management is completely installed. To verify installation is complete, check the operator status in the console.
  2. Click View console to see the Red Hat OpenShift API Management operator details.

Accessing OpenShift API Management in your cluster

In OpenShift API Management you can create, secure, and publish APIs. You can access OpenShift API Management from the OpenShift application launcher in the OpenShift Cluster Manager.

Prerequisites
  • Red Hat OpenShift API Management was added to your OpenShift Dedicated or OpenShift Service on AWS cluster.

Procedure
  1. Enter the following URL in a browser:

    https://cloud.redhat.com
  2. Log in to your Red Hat account.

  3. Click Open on the Red Hat OpenShift Cluster Manager option. The OpenShift Cluster Manager console opens.

  4. In the OpenShift Cluster Manager, click Clusters in the menu.

  5. Select the cluster with OpenShift API Management installed, from the list of clusters.

  6. Click the Add-ons tab.

  7. Select the Red Hat OpenShift API Management option.

  8. On the Red Hat OpenShift API Management option, click View in console. The Red Hat OpenShift Dedicated console opens.

  9. Click the application launcher in the OpenShift Dedicated console.

  10. Select OpenShift API Management from the OpenShift Managed Services drop-down menu. A new browser tab opens.

  11. Use Red Hat Single Sign-On to authenticate your login.

Additional resources