# Running Self-Managed API Gateway On VM

## Requirement

* VM with Podman or Docker installed. See [preparing VM](https://audomsak.gitbook.io/3scale/documents/prepare-vm)

## Steps

* [1. Generate Access Token For API Gateway (APIcast)](#1-generate-access-token-for-api-gateway-apicast)
* [2. Running APIcast (API Gateway) Container](#2-running-apicast-api-gateway-container)
* [3. Promote 3scale Configuration to Self-Managed API Gateway](#3-promote-3scale-configuration-to-self-managed-api-gateway)
* [4. Testing](#4-testing)

## 1. Generate Access Token For API Gateway (APIcast)

1. From main dashboard, select **Account Settings** from dropdown list menu.

   ![self-manage gw](https://3707709575-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMgVlX77EAThg6NrNt4u%2Fuploads%2Fgit-blob-dba4ad2e16adb22394b453758fdfce4fa4a84c98%2Fself-manage-gw-1.png?alt=media)
2. Select **Personal -> Tokens** menu from left panel, then click **Add Access Token** link.

   ![self-manage gw](https://3707709575-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMgVlX77EAThg6NrNt4u%2Fuploads%2Fgit-blob-2ef19724b029109294dcf3c2c09d21af799eb2ec%2Fself-manage-gw-2.png?alt=media)
3. Enter following details, then click **Create Access token** button.

   * **Name:** `Local Gateway`
   * **Scopes:** Select `Account Management API`
   * **Permission:** `Read Only`

   ![self-manage gw](https://3707709575-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMgVlX77EAThg6NrNt4u%2Fuploads%2Fgit-blob-0e34bae889fad69d9b6649c0333389352d227d47%2Fself-manage-gw-3.png?alt=media)
4. Copy the token to somewhere you can recall later. Then click **I have copied the token** button.

   ![self-manage gw](https://3707709575-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMgVlX77EAThg6NrNt4u%2Fuploads%2Fgit-blob-0b09cfdcfbd40fcb6a3d955efefc7b2b64857001%2Fself-manage-gw-4.png?alt=media)
5. A new access token should be created.

   ![self-manage gw](https://3707709575-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMgVlX77EAThg6NrNt4u%2Fuploads%2Fgit-blob-82afd50d2b6391e7cd8e69349bfda1edf4336439%2Fself-manage-gw-5.png?alt=media)

## 2. Running APIcast (API Gateway) Container

1. Login to VM via SSH.
2. Switch to **root** user with this command.

   ```
   sudo -i
   ```
3. Use **podman** to login to Red Hat Registry with your Red Hat account.

   ```
   podman docker login registry.redhat.io
   Username: {REGISTRY-SERVICE-ACCOUNT-USERNAME}
   Password: {REGISTRY-SERVICE-ACCOUNT-PASSWORD}
   Login Succeeded!
   ```
4. Run the [APIcast container](https://catalog.redhat.com/software/containers/3scale-amp2/apicast-gateway-rhel8/5df398c85a13466876712703) with this command. **DO NOT** forget to replace following vaiables:

   * **ACCESS\_TOKEN:** the access token generated in 3scale [above](#1-generate-access-token-for-api-gateway-apicast).
   * **DOMAIN:** the OpenShift cluster domain i.e. `cluster-hrpdc.hrpdc.sandbox140.opentlc.com`. You can use `oc whoami --show-console|awk -F'apps.' '{print $2}'` command to get the domain value.

   ```
   podman run \
   --name apicast \
   --rm -d \
   -p 80:8080 \
   -e APICAST_CONFIGURATION_CACHE=5 \
   -e THREESCALE_PORTAL_ENDPOINT=https://<ACCESS_TOKEN>@3scale-admin.apps.<DOMAIN> \
   registry.redhat.io/3scale-amp2/apicast-gateway-rhel8:3scale2.12
   ```
5. Test if you can access APIcast. Replace `VM_HOSTNAME` with the actual VM hostname in the email after [VM provisioning](https://audomsak.gitbook.io/3scale/documents/prepare-vm). Don't worry about HTTP 404 Not Found at the moment.

   ```
   curl -v http://<VM_HOSTNAME>
   ```

   Sample output:

   ```
   * About to connect() to clientvm.k9pqz.example.opentlc.com port 80 (#0)
   *   Trying 18.139.181.122...
   * Connected to clientvm.k9pqz.example.opentlc.com (18.139.181.122) port 80 (#0)
   > GET / HTTP/1.1
   > User-Agent: curl/7.29.0
   > Host: clientvm.k9pqz.example.opentlc.com
   > Accept: */*
   >
   < HTTP/1.1 404 Not Found
   < Server: openresty
   < Date: Tue, 25 Oct 2022 15:41:57 GMT
   < Content-Type: text/plain
   < Transfer-Encoding: chunked
   < Connection: keep-alive
   <
   * Connection #0 to host clientvm.k9pqz.example.opentlc.com left intact
   ```

## 3. Promote 3scale Configuration to Self-Managed API Gateway

1. Switch to 3scale admin web console, click **API** link in the **Products** panel from the main dashboard.

   ![self-manage gw](https://3707709575-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMgVlX77EAThg6NrNt4u%2Fuploads%2Fgit-blob-bd094100ee7d76fec31c2e2bd02c75d95a2fca69%2Fself-manage-gw-vm-3.png?alt=media)

   **Note.** The reason we use the **API** product for demonstration is because we're running APIcast outside OpenShift cluster so if we use the **Human Resource Services** product then the APIcast won't be able to forward incomming reqeusts to the backend APIs due to we've configured the backend APIs using local/in-cluster URLs i.e. `employee.demo.svc.cluster.local` which is accessible only within OpenShift cluster.

   However, the **API** product has a backend API configured with public URL that's accessible over internet so APIcast running on VM will be able to access the API as well.
2. Select **Integration -> Settings** menu from left panel. Then replace **Production Public Base URL** with `http://<VM_HOSTNAME>` where the `VM_HOSTNAME` is the hostname of VM that's running APIcast.

   ![self-manage gw](https://3707709575-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMgVlX77EAThg6NrNt4u%2Fuploads%2Fgit-blob-01d2f323e41b660aabf282558c56f9d4bf28151e%2Fself-manage-gw-vm-4.png?alt=media)
3. Scroll down to bottom of the page, then click **Update Product** button.

   ![self-manage gw](https://3707709575-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMgVlX77EAThg6NrNt4u%2Fuploads%2Fgit-blob-1611ebe35d4cb7c235fe4f235d502f86355bf91b%2Fself-manage-gw-vm-5.png?alt=media)
4. Select **Integration -> Configuration** menu from left panel. Then promote configuration to both **Staging** and **Production** environments.

   ![self-manage gw](https://3707709575-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMgVlX77EAThg6NrNt4u%2Fuploads%2Fgit-blob-f6b1f342f8edb5b27935c73ae8a31ac3e80f82a3%2Fself-manage-gw-vm-6.png?alt=media)
5. You'll see that the Production APIcast URL gets changed to the APIcast running on VM.

   ![self-manage gw](https://3707709575-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMgVlX77EAThg6NrNt4u%2Fuploads%2Fgit-blob-67f6255859e651acc93941dd1b5c2d30c0754d3e%2Fself-manage-gw-vm-7.png?alt=media)

## 4. Testing

1. Open a new tab in Postman, then enter the APIcast API Gatway URL.

   ![self-manage gw](https://3707709575-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMgVlX77EAThg6NrNt4u%2Fuploads%2Fgit-blob-69f748a3a804b62650296dc13c776962fa8381a6%2Fself-manage-gw-vm-9.png?alt=media)
2. Copy **user\_key** query parameter from 3scale web console.

   ![self-manage gw](https://3707709575-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMgVlX77EAThg6NrNt4u%2Fuploads%2Fgit-blob-e50b1552c5e960df73f97fa2fb9edcd5fb1eea46%2Fself-manage-gw-vm-8.png?alt=media)
3. Append the copied **user\_key** to the URL in Postman (DO NOT forget to add `/` character to the URL before append the `user_key` param) and click **Send** button. You should get response back from API Gateway.

   ![self-manage gw](https://3707709575-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMgVlX77EAThg6NrNt4u%2Fuploads%2Fgit-blob-f0297feb389db41be99f0196360b1c42d5fce823%2Fself-manage-gw-vm-10.png?alt=media)