Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Administering Red Hat OpenShift API Management

Red Hat OpenShift API Management 1

Administering Red Hat OpenShift API Management.

Red Hat Customer Content Services

Abstract

This guide provides information about administering Red Hat OpenShift API Management.

Making open source more inclusive
링크 복사

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Chapter 1. Administering OpenShift API Management
링크 복사

You can perform configuration and monitoring tasks for managed services. With OpenShift API Management you can manage network configurations, define policies, monitor API usage, and update notification settings.

1.1. Overview of rate limiting, alerting, and monitoring in OpenShift API Management
링크 복사

Red Hat OpenShift API Management provides a limited number of API calls. The API request hard limits are set as part of your Red Hat OpenShift API Management purchase.

You are alerted to ensure you do not exceed the set API usage hard limit. OpenShift API Management uses a tiered approach for alerting customers when the API usage is close to the hard limit, to ensure request calls are not rejected and service is not interrupted.

An email notification is sent to the email address provided during the OpenShift API Management installation. The email notification includes a link to the Grafana dashboard, which provides a visualization of your API usage.

Note

You can also access the Grafana dashboard through the OpenShift Dedicated console. To access the dashboard, click the application launcher in OpenShift Dedicated and then click API Management Dashboards in the OpenShift Managed Services drop-down menu.

A notification is sent in the following instances:

  • If API usage is between 80% and 90% for a period of 4 hours, a notification is sent every 4 hours.
  • If API usage is between 90% and 95% for a period of 2 hours, a notification is sent every 2 hours.
  • If API usage is over 95% for a period of 30 minutes, a notification is sent every 30 minutes.

OpenShift API Management offers you the flexibility to share rate limiting quotas across multiple environments. You can divide a purchased OpenShift API Management subscription level across multiple OpenShift Dedicated environments. For example, if a 10 million API calls per day subscription level is selected, you can allocate 5 million API calls per day to both a stage environment and a production environment. For more information on increasing your Red Hat OpenShift API Management subscription level, refer to the service definition.

1.2. Monitoring service capacity with Grafana
링크 복사

You can monitor the service capacity and API usage of OpenShift API Management with Grafana. Access the Grafana dashboard from the OpenShift Dedicated console, to monitor the OpenShift API Management API rate limits for the following durations:

  • last minute
  • last 24 hours

In the dashboard, you can view, share, and inspect the data for the OpenShift API Management API requests.

Prerequisites

  • Red Hat OpenShift API Management was added to your OpenShift Dedicated cluster.

Procedure

  1. Click the application launcher in OpenShift Dedicated.
  2. Click API Management Dashboards in the OpenShift Managed Services drop-down menu.
  3. You are prompted to log in. Click Log in with OpenShift.
  4. Enter login credentials, if prompted.
  5. Click Allow selected permissions to authorize monitoring access.
  6. In the Grafana console, click the Dashboards dropdown menu from the main menu to access the available dashboards and folders.
  7. Click Manage.
  8. Click redhat-rhoam-customer-monitoring-operator to open the folder.

  9. Click Rate Limiting to access the monitoring data.

    Note

    Alternatively, click Home to search for a dashboard by name.

Chapter 2. Network policies
링크 복사

A cluster hosts two types of projects:

  • Projects associated with managed services. These projects support inbound and outbound connections.
  • User projects. These projects support communication from managed services.

In OpenShift Dedicated, there are two approaches to enabling communications:

  • Using network policies
  • Using the join-project option of the oc command

In OpenShift API Management, you can use network policies to enable communication and allow 3scale to communicate directly with the service endpoint, instead of the external URL.

You cannot use the join-projects option of the oc command with managed services projects.

2.1. Enabling communication between managed services and customer applications
링크 복사

You can create NetworkPolicy objects to define granular rules describing the Ingress network traffic that is allowed for projects in your cluster. By default, when you create projects in a cluster, communication between the projects is disabled.

This procedure describes how to enable communication for a project so that managed services, such as 3scale, can access customer applications.

Prerequisites

  • You have installed the OpenShift command-line interface (CLI), commonly known as oc.

Procedure

  1. Log in to the cluster using the oc login command.

  2. Use the following command to change the project: 

    $ oc project <project_name>
    Copy to Clipboard Toggle word wrap

    where <project_name> is the name of a project that you want to accept communications from other projects.

  3. Create a NetworkPolicy object:

    1. Create a allow-from-middleware-namespaces.yaml file.

    2. Define a policy in the file you just created, such as in the following example: 

      apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-from-middleware-namespaces
spec:
  podSelector:
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              integreatly-middleware-service: 'true'
      Copy to Clipboard Toggle word wrap

    3. Run the following command to create the policy object: 

      $ oc create -f allow-from-middleware-namespaces.yaml -n <project>

networkpolicy "allow-from-middleware-namespaces" created
      Copy to Clipboard Toggle word wrap

2.2. Enabling communication between managed services and projects
링크 복사

By default, when you create projects in a cluster, communication between the projects is disabled. Use this procedure to enable communication in a project.

Prerequisites

  • You have installed the OpenShift command-line interface (CLI), commonly known as oc.

Procedure

  1. Log in to the cluster using the oc login command.

  2. Use the following command to change the project: 

    $ oc project <project_name>
    Copy to Clipboard Toggle word wrap

    where <project_name> is the name of a project that you want to accept communications from other projects.

  3. Create a NetworkPolicy object:

    1. Create a NetworkPolicy.yaml file.

    2. Define a policy in the file you just created, such as in the following example.

      This policy enables incoming communication for all projects in the cluster: 

      kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: allow-all
spec:
  podSelector:
  ingress:
  - {}
      Copy to Clipboard Toggle word wrap
      Note

      This policy configuration enables this project to communicate with all projects in the cluster.

    3. Run the following command to create the policy object: 

      $ oc create -f <policy-name>.yaml -n <project>
      Copy to Clipboard Toggle word wrap

2.3. Enabling communication between customer applications
링크 복사

You can enable communication between user applications.

Prerequisites

  • You have installed the OpenShift command-line interface (CLI), commonly known as oc.

Procedure

  1. Log in to the cluster using the oc login command.

  2. Use the following command to change the project: 

    $ oc project <project_name>
    Copy to Clipboard Toggle word wrap

    <project_name> is the name of a project that you want to accept communications from.

  3. Create a NetworkPolicy object:

    1. Create a allow-from-myproject-namespace.yaml file.

    2. Define a policy in the file you just created, such as in the following example.

      This policy enables incoming communication for a specific project (myproject): 

      apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-from-myproject-namespace
spec:
  podSelector:
  ingress:
    - from:
        - namespaceSelector:
             matchLabels:
               project: myproject
      Copy to Clipboard Toggle word wrap

  4. Run the following commands to create the policy object: 

    $ oc create -f allow-from-myproject-namespace.yaml -n <project>
networkpolicy "allow-from-myproject-namespace" created
    Copy to Clipboard Toggle word wrap

2.4. Disabling communication from a managed service to a project
링크 복사

By default, projects are created with a template that allows communication from a managed service. For example, 3scale can communicate with all of your projects.

You can disable the communication from a managed service to a project.

Prerequisites

  • You have installed the OpenShift command-line interface (CLI), commonly known as oc
  • You have a project you want to isolate from the managed services.

Procedure

  1. Log in to the cluster using the oc login command.

  2. Use the following command to change the project: 

    $ oc project <project_name>
    Copy to Clipboard Toggle word wrap

    where <project_name> is the name of a project that you want to isolate from the managed services.

  3. Create a NetworkPolicy object:

    1. Create a deny-all.yaml file.

    2. Define a policy in the file you just created, such as in the following example: 

      kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: deny-all
spec:
  podSelector: {}
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              integreatly-middleware-service: 'true'
      Copy to Clipboard Toggle word wrap

    3. Run the following command to create the policy object: 

      $ oc create -f <policy-name>.yaml -n <project>
      Copy to Clipboard Toggle word wrap

Chapter 3. Defining methods and metrics
링크 복사

An application plan sets limits and pricing rules for consumer access to your API. To enable enforcement of limits and rules, designate methods in your API for which to collect individual usage data or add metrics. Add a mapping rule to each designated method and each custom metric. The mapping rule specifies details about the usage data that you want to capture.

For more information about methods and metrics, see Designating methods and adding metrics for capturing usage details.

3.1. Adding methods to products and backends
링크 복사

Adding a method to a product or backend means that you are designating a method in your API for which you want to capture individual usage details. An application plan provides the ability to set a limit for each method that you add to a product or backend. The procedure for adding a method or metric to a product is similar to adding a method or metric to a backend.

Procedure

  1. Navigate to [Your_product_name] > Integration > Methods & Metrics or [Your_backend_name] > Methods & Metrics.
  2. Click New method.

  3. In the Friendly name field, enter a short description of the method. This name is displayed in different sections of the 3scale Admin Portal. The friendly name must be unique for the product.

    Important

    Be careful with changing the system name of the methods or deleting them. These changes can break your already deployed 3scale integration if there are mapping rules pointing to the previous system name of the method.

  4. In the System name field, enter the name of the method in your API to use to report the usage through the 3scale Service Management API. The system name must conform to these rules:

    • Unique in the product or backend
    • Contain only alphanumeric characters, underscore _, hyphen - or forward slash /
    • No spaces

    Otherwise, you are free to decide what the system name looks like. It can be the same as the endpoint (/status), or, for example, it can include the method and the path (GET_/status).

  5. Optional: In the Description field, enter a more detailed description of the method.
  6. Click Create Method.

Verification steps

  • Added methods are available in your application plans.

3.2. Adding metrics to products and backends
링크 복사

Adding a metric specifies a usage unit that you want to capture for all calls to your API. An application plan provides the ability to set a limit for each metric that you add to a product or backend. The procedure for adding a method or metric to a product is similar to adding a method or metric to a backend.

Procedure

  1. Navigate to [Your_product_name] > Integration > Methods & Metrics or [Your_backend_name] > Methods & Metrics.
  2. Click New metric.

  3. In the Friendly name field, enter a short description of the metric. This name is displayed in different sections of the 3scale Admin Portal. The friendly name must be unique for the product.

    Important

    Be careful with changing the system name of the metrics or deleting them. These changes can break your already deployed 3scale integration if there are mapping rules pointing to the previous system name of the metric.

  4. In the System name field, enter the name of the metric in your API to use to report the usage through the 3scale Service Management API. The system name must conform to these rules:

    • Unique in the product or backend
    • Contain only alphanumeric characters, underscore _, hyphen - or forward slash /
    • No spaces

    Otherwise, you are free to decide what the system name looks like.

  5. In the Unit field, enter the unit.

    • Use a singular noun, for example, hit. The singular will become plural in the analytics charts.
  6. Optional: In the Description field, enter a more detailed description of the metric.
  7. Click Create Metric.

Verification steps

  • Added metrics are available in your application plans.

3.3. Alternatives for importing methods and metrics
링크 복사

If your API has multiple endpoints, there are two ways to automatically designate methods and add metrics to 3scale products and backends:

3.4. Adding mapping rules to methods and metrics
링크 복사

Mapping rules are operations that are mapped to previously created methods and metrics in your products and backends.

Note

Mapping rules are required in your previously created methods, however, they are optional for metrics.

Procedure

  1. Navigate to [Your_product_name] > Integration > Mapping Rules.
  2. Click Add Mapping Rule.
  3. The Verb field is pre-populated with the HTTP method, GET, however you can select other options from the dropdown list.
  4. In the Pattern field, add a valid URL that starts with an forward slash /. The URL can be from a wildcard you specified inside curly brackets {}.
  5. In the Metric or Method to increment field, select from one of your previously created methods or metrics.
  6. The Increment by field is pre-populated with 1, however, change this to suit your own needs.
  7. Click the Create Mapping Rule button.

Verification steps

  • To verify your mapping rules, navigate to [Your_product_name] > Integration > Methods & Metrics. Each method and metric should have a check mark in the Mapped column.

Legal Notice
링크 복사

Copyright © 2024 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2026 Red Hat