Running Self-Managed API Gateway On VM

Requirement

VM with Podman or Docker installed. See preparing VM

Steps

1. Generate Access Token For API Gateway (APIcast)

From main dashboard, select Account Settings from dropdown list menu.
self-manage gw
Select Personal -> Tokens menu from left panel, then click Add Access Token link.
self-manage gw
Enter following details, then click Create Access token button.
- Name: Local Gateway
- Scopes: Select Account Management API
- Permission: Read Only
self-manage gw
Copy the token to somewhere you can recall later. Then click I have copied the token button.
self-manage gw
A new access token should be created.
self-manage gw

2. Running APIcast (API Gateway) Container

Login to VM via SSH.
Switch to root user with this command.
```
sudo -i
```

Use podman to login to Red Hat Registry with your Red Hat account.

podman docker login registry.redhat.io
Username: {REGISTRY-SERVICE-ACCOUNT-USERNAME}
Password: {REGISTRY-SERVICE-ACCOUNT-PASSWORD}
Login Succeeded!

Run the APIcast container with this command. DO NOT forget to replace following vaiables:
- ACCESS_TOKEN: the access token generated in 3scale above.
- DOMAIN: the OpenShift cluster domain i.e. cluster-hrpdc.hrpdc.sandbox140.opentlc.com. You can use oc whoami --show-console|awk -F'apps.' '{print $2}' command to get the domain value.
```
podman run \
--name apicast \
--rm -d \
-p 80:8080 \
-e APICAST_CONFIGURATION_CACHE=5 \
-e THREESCALE_PORTAL_ENDPOINT=https://<ACCESS_TOKEN>@3scale-admin.apps.<DOMAIN> \
registry.redhat.io/3scale-amp2/apicast-gateway-rhel8:3scale2.12
```

Test if you can access APIcast. Replace VM_HOSTNAME with the actual VM hostname in the email after VM provisioning. Don't worry about HTTP 404 Not Found at the moment.

curl -v http://<VM_HOSTNAME>

Sample output:

* About to connect() to clientvm.k9pqz.example.opentlc.com port 80 (#0)
*   Trying 18.139.181.122...
* Connected to clientvm.k9pqz.example.opentlc.com (18.139.181.122) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: clientvm.k9pqz.example.opentlc.com
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Server: openresty
< Date: Tue, 25 Oct 2022 15:41:57 GMT
< Content-Type: text/plain
< Transfer-Encoding: chunked
< Connection: keep-alive
<
* Connection #0 to host clientvm.k9pqz.example.opentlc.com left intact

3. Promote 3scale Configuration to Self-Managed API Gateway

Switch to 3scale admin web console, click API link in the Products panel from the main dashboard.
self-manage gw
Note. The reason we use the API product for demonstration is because we're running APIcast outside OpenShift cluster so if we use the Human Resource Services product then the APIcast won't be able to forward incomming reqeusts to the backend APIs due to we've configured the backend APIs using local/in-cluster URLs i.e. employee.demo.svc.cluster.local which is accessible only within OpenShift cluster.
However, the API product has a backend API configured with public URL that's accessible over internet so APIcast running on VM will be able to access the API as well.
Select Integration -> Settings menu from left panel. Then replace Production Public Base URL with http://<VM_HOSTNAME> where the VM_HOSTNAME is the hostname of VM that's running APIcast.
self-manage gw
Scroll down to bottom of the page, then click Update Product button.
self-manage gw
Select Integration -> Configuration menu from left panel. Then promote configuration to both Staging and Production environments.
self-manage gw
You'll see that the Production APIcast URL gets changed to the APIcast running on VM.
self-manage gw

4. Testing

Open a new tab in Postman, then enter the APIcast API Gatway URL.
self-manage gw
Copy user_key query parameter from 3scale web console.
self-manage gw
Append the copied user_key to the URL in Postman (DO NOT forget to add / character to the URL before append the user_key param) and click Send button. You should get response back from API Gateway.
self-manage gw