Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 5. Invoking the Data Grid REST API
Data Grid services expose a REST endpoint at port 8443.
By default, Data Grid requires user authentication for data access and encryption for client connections.
- Authentication
-
Data Grid authorizes data access requests with credentials that you specify with the
APPLICATION_USERandAPPLICATION_PASSWORDparameters. - Encryption
-
When Data Grid pods start they generate TLS certificate/key pairs and save them in the
service-certssecret. The TLS certificates are signed by the OpenShift certificate authority (CA).
5.1. Creating External Routes to the REST API
REST clients running outside OpenShift access Data Grid pods through routes with reencrypt termination.
Procedure
Create a route with
reencrypttermination.oc create route reencrypt ${ROUTE_NAME} \ --port=https \ --service ${APPLICATION_NAME}$ oc create route reencrypt ${ROUTE_NAME} \ --port=https \ --service ${APPLICATION_NAME}Copy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
oc create route reencrypt cache-service-https-route \ --port=https \ --service cache-service
$ oc create route reencrypt cache-service-https-route \ --port=https \ --service cache-serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow Run
oc get routesto find the HTTPS route hostname, for example:oc get routes
$ oc get routes NAME HOST/PORT cache-service-https-route cache-service-https-route-rhdg-helloworld.192.0.2.0.nip.ioCopy to Clipboard Copied! Toggle word wrap Toggle overflow
5.2. Making REST Calls
Prerequisite
Configure REST clients for authentication and encryption.
- On OpenShift
-
Create truststores with the CA bundle mounted in the pod at:
/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt - Outside OpenShift
- Create truststores with the CA for your OpenShift environment.
Procedure
Invoke the Data Grid REST API as appropriate.
For example, invoke a
PUTcall to add a key:value pair:curl -X PUT \ -u ${USERNAME}:${PASSWORD} \ -H 'Content-type: text/plain' \ -d 'world' \ https://${HOSTNAME_FOR_HTTPS_ROUTE}/rest/default/hellocurl -X PUT \ -u ${USERNAME}:${PASSWORD} \ -H 'Content-type: text/plain' \ -d 'world' \ https://${HOSTNAME_FOR_HTTPS_ROUTE}/rest/default/helloCopy to Clipboard Copied! Toggle word wrap Toggle overflow
5.2.1. Using the OpenShift CA to Make REST Calls
In cases where the CA certificate is not valid, such as local OpenShift clusters or Red Hat OpenShift Container Platform development installations, you can use service-ca.crt to make REST calls.
Procedure
Get
service-ca.crtfrom Data Grid pods.oc rsync ${pod_name}:/var/run/secrets/kubernetes.io/serviceaccount/..data/service-ca.crt .$ oc rsync ${pod_name}:/var/run/secrets/kubernetes.io/serviceaccount/..data/service-ca.crt .Copy to Clipboard Copied! Toggle word wrap Toggle overflow Pass
service-ca.crtwhen you invoke REST calls.Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}