This repository enables you to install 3scale API Manager on a cluster OpenShift on IBM Cloud. It provides the terraform to provision the required infrastructure, which includes a VPC network, a cluster and a Cloud Object Storage. Then, you have all the steps to install and access the 3scale dashboard.

• An IBM Cloud Account
• An OpenShift cluster on IBM Cloud, a.k.a ROKS
• A COS bucket

Terraform can be used to provision the Cloud Services: the OpenShift cluster, the COS bucket.

1. Clone this repository

   git clone https://github.com/lionelmace/roks-3scale.git

2. Initialize the terraform

   terraform init

3. Generate a plan

   terraform plan -var-file="testing.auto.tfvars"

4. Apply the Terraform plan

   terraform apply -var-file="testing.auto.tfvars"

You can also provision the Cloud Services via IBM Cloud Schematics by importing this link into a new Schematics workspace https://github.com/lionelmace/roks-3scale/tree/main/terraform.

1. Target the correct Resource Group

   ibmcloud target -g <your-resource-group-name>

   If you have used Terraform, the default Resource Group is my3scale-group.

   ibmcloud target -g my3scale-group

2. Set the cluster name variable by replacing the cluster-name (including <>).

   export CLUSTER_NAME=<your-cluster-name>

   If you have used Terraform, the default cluster name is my3scale-roks.

   export CLUSTER_NAME=my3scale-roks

3. Connect to the OpenShift cluster via the CLI

   ibmcloud ks cluster config --cluster $CLUSTER_NAME --admin

4. Set the project name.

   export THREESCALE_PROJECT=my3scale

5. Create a new Project

   oc new-project $THREESCALE_PROJECT

1. Create a Registry Service Account https://access.redhat.com/terms-based-registry/#/accounts

2. Set the value of the token.

   export TOKEN_USERNAME="<your-token-username>"
   export TOKEN_PASSWORD="<your-token-password>""

3. Submit the secret to the cluster using this command:

   oc create secret docker-registry threescale-registry-auth \
   --docker-server=registry.redhat.io \
   --docker-username=$TOKEN_USERNAME \
   --docker-password=$TOKEN_PASSWORD

4. Link the secret to your project

   oc secrets link default threescale-registry-auth --for=pull
   oc secrets link builder threescale-registry-auth

1. Select the storage instance from the COS list

   The instance created by terraform is named my3scale-cos.

2. Create a file cos-credentials.env from a template

   cp cos-credentials.env.template cos-credentials.env

3. Edit the credentials with your COS HMAC key, bucket and endpoint information

   AWS_ACCESS_KEY_ID=<replace_with_cos_hmac_keys_access_key_id>
   AWS_SECRET_ACCESS_KEY=<replace_with_cos_hmac_keys_secret_access_key>
   AWS_BUCKET=cos-bucket-for-3scale
   AWS_HOSTNAME=s3.eu-de.cloud-object-storage.appdomain.cloud
   AWS_REGION=eu-de

4. Create the secret in the project

   oc create secret generic ibmcloud-cos-credentials --namespace=$THREESCALE_PROJECT --from-env-file=cos-credentials.env

We will install this operator using the command line

1. Find the 3scale operator you want to install from OperatorHub

   oc get packagemanifests | grep 3scale

2. Inspect your desired Operator to verify its supported install modes and available channels.

   oc describe packagemanifests 3scale -n openshift-marketplace

3. Verify that the cluster service version (CSV)

   oc describe packagemanifests 3scale -n openshift-marketplace | grep CSV

4. Install the 3scale operator

   oc apply -f - <<EOF
   ---
   apiVersion: operators.coreos.com/v1alpha1
   kind: Subscription
   metadata:
     name: 3scale-operator
     namespace: $THREESCALE_PROJECT
   spec:
     channel: threescale-2.13
     installPlanApproval: Automatic 
     name: 3scale-operator
     source: redhat-operators
     sourceNamespace: openshift-marketplace
     startingCSV: 3scale-operator.v0.10.1-0.1675914645.p
   EOF

APIManager requires a wildcard DNS domain. We will use the ingress domain automatically created at the cluster provisioning time.

1. Retrieve and store the value of the cluster ingress domain.

   export INGRESS_DOMAIN=$(ibmcloud ks cluster get -c $CLUSTER_NAME | grep "Ingress Subdomain" | awk '{print tolower($3)}')

2. Verify the value of the ingress domain.

   echo $INGRESS_DOMAIN

   It should look like this:

   my3scale-roks-483cccd2f0d38128dd40d2b711142ba9-0000.eu-de.containers.appdomain.cloud

3. Create the APIManager

   oc apply -f - <<EOF
   ---
   apiVersion: apps.3scale.net/v1alpha1
   kind: APIManager
   metadata:
     name: example-apimanager
     namespace: $THREESCALE_PROJECT
   spec:
     wildcardDomain: $INGRESS_DOMAIN
     system:
       fileStorage:
         simpleStorageService:
           configurationSecretRef:
             name: ibmcloud-cos-credentials
   EOF

It takes about 5 minutes for the all the pods of the APIManaged to install.

Once the installation is complete, you will be able to access the 3scale console.

1. Go to your my3scale project, you should see a 3scale Launcher hyperlink

   

2. Retrieve the MASTER_USER and MASTER_PASSWORD from the Secret system-seed.

   

3. Login to 3scale.

   

Congratulations!

• 3scale complete installation guide