Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 12. Multitenancy

Red Hat 3scale API Management allows multiple independent instances of 3scale accounts to exist on a single on-premises deployment. Accounts operate independently from one another, and cannot share information among themselves.

12.1. Master Admin Portal
Copia collegamento

A master administrator monitors and manages the 3scale accounts through the Master Admin Portal and API endpoints. Similar to the standard Admin Portal, the Master Admin Portal contains information about all accounts in a deployment and allows for administration of accounts and users through a unique account page.

For details on account administrator operations, refer to the Accounts guide.

12.1.1. Accessing the Master Admin Portal
Copia collegamento

To access the Master Admin Portal, you need to use the credentials and URL specifically defined for the Master Admin Portal during the on-premises installation process.

The Master Admin Portal URL consists of the MASTER_NAME (master by default in the template) and the WILDCARD_DOMAIN: 

<MASTER_NAME>.<WILDCARD_DOMAIN>
Copy to Clipboard Toggle word wrap

You can identify the Master Admin Portal by the Master flag.

Master Admin Portal flag
View larger image
Master Admin Portal flag

12.1.2. Adding an account through the Master Admin Portal
Copia collegamento

To add an account through the Master Admin Portal, follow these steps:

  1. Log in to the Master Admin Portal.
  2. Navigate to Accounts.
  3. Click Create.

  4. Indicate the required information for the user:

    1. Username
    2. Email
    3. Password
    4. Password confirmation

  5. Indicate the required information for the organization:

    1. Organization/Group Name
  6. Click Create.

After these steps, Red Hat 3scale creates an account subdomain for your account based on the Organization/Group Name field. Additionally, you can see a page containing the details of the account you created.

12.2. Managing accounts
Copia collegamento

You can manage accounts through the Master Admin Portal or through API calls.

12.2.1. Managing accounts through the Master Admin Portal
Copia collegamento

To manage the accounts through the Master Admin Portal, you need to do the following:

  1. Log in to the Master Admin Portal.
  2. Navigate to the Accounts page.
  3. Select the group or organization you want to manage.

From the Accounts page, you can perform administrative actions, such as impersonating an admin account or suspending an account. You can also manage the following account attributes:

  • Applications
  • Users
  • Invitations
  • Group Memberships
  • Organization/Group Name

12.2.2. Managing accounts through API calls
Copia collegamento

You can manage accounts through the Master Admin API calls. For information on these calls, refer to the Master API section, by clicking the question mark (?) icon located in the upper-right corner of the Master Admin Portal, and then choosing 3scale API Docs.

Master API section
View larger image
Master API section

12.3. Understanding multitenancy subdomains
Copia collegamento

As a result of multiple accounts existing under the same OpenShift cluster domain, individual account names prepend the OpenShift cluster domain name as subdomains. For example, the route for an account named user on a cluster with a domain of example.com appears as: 

user.example.com
Copy to Clipboard Toggle word wrap

A standard multitenant deployment will include:

  • A master admin user

  • A master admin portal route, defined by the MASTER_NAME parameter: 

    <MASTER_NAME>.<WILDCARD_DOMAIN>
    Copy to Clipboard Toggle word wrap
  • An account admin user

  • An account admin portal route, defined by the TENANT_NAME parameter: 

    <TENANT_NAME>-admin.<WILDCARD_DOMAIN>
    Copy to Clipboard Toggle word wrap

  • A developer portal route for the account: 

    <TENANT_NAME>.<WILDCARD_DOMAIN>
    Copy to Clipboard Toggle word wrap

  • Routes for the production and staging built-in APIcast gateway: 

    <API_NAME>-<TENANT_NAME>-apicast-staging.<WILDCARD_DOMAIN>
<API_NAME>-<TENANT_NAME>-apicast-production.<WILDCARD_DOMAIN>
    Copy to Clipboard Toggle word wrap 
    This example illustrates the output users and routes of a standard multitenant deployment of 3scale:
    Copy to Clipboard Toggle word wrap 
    ----
--> Deploying template "3scale-project/3scale-api-management" for "amp.yml" to project project
    Copy to Clipboard Toggle word wrap 
    3scale API Management
---------
3scale API Management main system
    Copy to Clipboard Toggle word wrap 
         Login on https://user-admin.3scale-project.example.com as admin/xXxXyz123
     ...
     * With parameters:
      * ADMIN_PASSWORD=xXxXyz123 # generated
      * ADMIN_USERNAME=admin
      * TENANT_NAME=user
      ...
      * MASTER_NAME=master
      * MASTER_USER=master
      * MASTER_PASSWORD=xXxXyz123 # generated
      ...
--> Success
    Access your application via route 'user-admin.3scale-project.example.com'
    Access your application via route 'master-admin.3scale-project.example.com'
    Access your application via route 'backend-user.3scale-project.example.com'
    Access your application via route 'user.3scale-project.example.com'
    Access your application via route 'api-user-apicast-staging.3scale-project.example.com'
    Access your application via route 'api-user-apicast-production.3scale-project.example.com'
    Access your application via route 'apicast-wildcard.3scale-project.example.com'
    ...
----
    Copy to Clipboard Toggle word wrap

Additional accounts added by the master admin will be be assigned a subdomain based on their names.

12.4. Deleting tenant accounts
Copia collegamento

12.4.1. Deleting an account via the Admin Portal
Copia collegamento

With this procedure, accounts are scheduled for deletion and will be deleted after 15 days. During the time it is scheduled for deletion:

  • Users cannot log in to the account.
  • The account can not be edited; but the master can resume the account to the approved status.

Additionally, the domains of the tenant (admin domain and developer portal) are not available, similar to a real deletion.

Prerequisites:

Procedure

  1. To see the list of accounts, navigate to Accounts.
  2. Click the account you want to delete.
  3. Click Edit, next to the account’s name.
  4. In the accounts details page, click the Delete icon.
  5. Confirm the deletion.

12.4.2. Deleting a tenant via the console
Copia collegamento

If you want to delete the account with an immediate effect, you can do so via the console:

  1. Open the console with these commands: 

    oc rsh -c system-master "$(oc get pods --selector deploymentconfig=system-app -o name)"
bundle exec rails console
    Copy to Clipboard Toggle word wrap

  2. Delete immediately with these lines: 

    tenant = Account.find(PROVIDER_ID)
tenant.schedule_for_deletion!
DeleteAccountHierarchyWorker.perform_later(tenant)
    Copy to Clipboard Toggle word wrap

    This is how each line works:

    • Line 1: finds the account and saves it in the variable tenant.
    • Line 2: schedules the account for deletion. This is only necessary if you have not scheduled the deletion through the Admin Portal.
    • Line 3: deletes the tenant in a background process only if you have scheduled the account for deletion or it is suspended. Deletion will not proceed if the account is in approved status.

12.5. Resuming tenant accounts
Copia collegamento

Resuming a tenant account implies restoring an account scheduled for deletion. You can resume a tenant account up to 15 days after you have scheduled it for deletion.

After resuming an account:

  • All previous apps exist.
  • All historical stats remain.
  • All tokens that should be valid are valid again.
  • Apps start authorizing again.

Prerequisites:

  • Log in to your master admin account.

Procedure

  1. To see the list of accounts, navigate to Accounts.
  2. Click the account you want to delete.
  3. Under the account details, click Resume.
  4. Click Ok to confirm you want to resume the account.
Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat