In the modern application programming interface (API)-driven world, managing and securing APIs is critical. Red Hat 3scale API Management offers a comprehensive platform for controlling, monitoring, and monetizing APIs. To ensure high availability and performance, especially in large-scale environments, integrating 3scale with a highly available Redis (Redis HA) setup is essential.
This blog guides you through deploying Red Hat 3scale API Management on a Red Hat OpenShift cluster running on IBM Power (ppc64le), with an external Redis HA setup managed within the same OpenShift cluster.
Figure 1. 3scale with Redis HA
Overview of Redis HA
Redis is a popular in-memory data structure store used as a database, cache, and a message broker. High availability (HA) for Redis ensures that the service remains accessible even if one or more Redis instances fail. Typically, Redis HA is achieved through a combination of Redis Sentinel and a clustered Redis setup:
- Redis Sentinel: Monitors Redis controller, replicas, and handles automatic failover if a controller instance fails.
- Redis cluster: Distributes data across multiple Redis nodes, providing scalability and fault tolerance.
Figure 2. Redis overview
Overview of Red Hat 3scale API Management
Red Hat 3scale API Management is a robust platform that provides features such as:
- API Gateway: Controls access to APIs, enforces policies, and provides caching and rate-limiting.
- API Analytics: Monitors API usage, performance, and errors.
- API Developer Portal: Allows API consumers to discover, subscribe, and interact with your APIs.
- API Lifecycle Management: Provides tools to test and deploy APIs.
Red Hat 3scale API Management can be deployed on OpenShift, where it leverages the container orchestration capabilities of Kubernetes for scaling and managing API traffic. For more information, see Red Hat 3scale API Management Platform.
Deployment architecture
We will use an OpenShift cluster running on IBM Power (ppc64le) to deploy both Red Hat 3scale API Management and an external Redis HA setup. The Redis HA setup can be managed within the same OpenShift cluster but operates independently from the 3scale components.
Figure 3. 3scale with external Redis
Deploy 3scale with external Redis HA on OpenShift
Let’s walk you through the steps to create a project in OpenShift, set up Redis resources using a supported image (Redis:7.2.5), and deploy Red Hat 3scale API Management with HA.
Prerequisites
- A fully functioning Red Hat OpenShift cluster (for example, Red Hat OpenShift Container Platform 4.14 or later)
- OpenShift command-line interface (oc)
- A good understanding about Redis and its components including Redis Sentinel and OpenShift.
Steps
Perform the following steps to deploy 3scale with external Redis HA on OpenShift.
Step 1. Set up the Red Hat OpenShift cluster on IBM Power
Ensure your Red Hat OpenShift cluster is properly configured and operational on the IBM Power architecture. The cluster should be ready to deploy both the Red Hat 3scale API Management platform and the Redis HA components.
Step 2. Deploy Redis HA on OpenShift
You can create Redis instances using the Redis 7.2.5 Docker Power architecture supported image, which is the one you use for creating all the Redis-related components. We are going to create a Redis Controller replicas pair and Redis Sentinels for failover using the same image.
Note: Modify the following YAML file’s content to create Redis resources from the CLI, use command, oc create –f resource_name.yaml.
Perform the following steps to deploy Redis HA on OpenShift:
- Create Redis controller state.
Create a primary StatefulSet (a set of pods with consistent identities)
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis-controller
spec:
serviceName: redis-controller
replicas: 1
selector:
matchLabels:
app: redis
role: controller
template:
metadata:
labels:
app: redis
role: controller
spec:
containers:
- name: redis
image: redis:7.2.5
ports:
- containerPort: 6379
volumeMounts:
- name: data
mountPath: /data
command:
- redis-server
- "--appendonly"
- "yes"
- "--port"
- "6379"
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
Create a controller service
apiVersion: v1
kind: Service
metadata:
name: redis-controller
labels:
app: redis
role: controller
spec:
ports:
- port: 6379
name: redis
clusterIP: None
selector:
app: redis
role: controller
Figure. 4 Redis controller pod
- Create Redis replica deployments.
Create a replica StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis-replica
spec:
serviceName: redis-replica
replicas: 2
selector:
matchLabels:
app: redis
role: replica
template:
metadata:
labels:
app: redis
role: replica
spec:
containers:
- name: redis
image: redis:7.2.5
ports:
- containerPort: 6379
volumeMounts:
- name: data
mountPath: /data
command:
- redis-server
- "--replicaof"
- "redis-controller"
- "6379"
- "--port"
- "6379"
- "--appendonly"
- "yes"
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
Create a replica service
apiVersion: v1
kind: Service
metadata:
name: redis-replica
labels:
app: redis
role: replica
spec:
ports:
- port: 6379
name: redis
clusterIP: None
selector:
app: redis
role: replica
Figure.5 Redis replica pods
-
Create configmap for Redis Sentinel.
apiVersion: v1
kind: ConfigMap
metadata:
name: sentinel-config
data:
sentinel.conf: |
port 26379
sentinel resolve-hostnames yes
sentinel monitor <SENTINEL_CONF_NAME> redis-controller 6379 2
sentinel down-after-milliseconds <SENTINEL_CONF_NAME> 5000
sentinel parallel-syncs <SENTINEL_CONF_NAME> 1
sentinel failover-timeout <SENTINEL_CONF_NAME> 60000
- Create Redis Sentinel.
Create Sentinel deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis-sentinel
spec:
replicas: 3
selector:
matchLabels:
app: sentinel
template:
metadata:
labels:
app: sentinel
spec:
containers:
- name: sentinel
image: redis:7.2.5
ports:
- containerPort: 26379
volumeMounts:
- name: config
mountPath: /etc/redis
readOnly: false
- name: data
mountPath: /data
command: ["/bin/sh", "-c", "cp /etc/redis/sentinel.conf /data/sentinel.conf && chmod 777 /data/sentinel.conf && redis-sentinel /data/sentinel.conf --sentinel"]
volumes:
- name: config
configMap:
name: sentinel-config
- name: data
emptyDir: {}
Create Sentinel service
apiVersion: v1
kind: Service
metadata:
name: sentinel
labels:
app: sentinel
spec:
ports:
- port: 26379
name: sentinel
selector:
app: sentinel
- Check all Redis resources.
Check all the Redis-related resources such as Redis (controller, replicas, and Sentinel) pods, deployments, services, and so on. Make sure that the connection is established between Sentinel and controller pods.
Figure6. Running pods
Figure 7. Redis Sentinel pod logs (connected with controller)
Step 3. Deploy Red Hat 3scale API Management
Perform the following steps to deploy Red Hat 3scale API Management:
- Install the Red Hat 3scale API Management operator from OperatorHub.
Create a new project, named 3scale, and install the Red Hat 3scale API Management operator from the OperatorHub and check if it is installed successfully.
Figure 8. Create a new project for 3scale
Figure 9. Search for 3scale in OperatorHub
Figure 10. 3scale operator installation
- Create Redis secrets for backend and system Redis.
The database components for HA in Red Hat 3scale API Management include:
- backend-redis: Used for statistics storage and temporary job storage.
- system-redis: Provides a temporary storage for background jobs for 3scale.
We need to create a secret to store Redis credentials. This secret will be used during the deployment of 3scale for configuring external Redis HA. Refer to backend-redis-secret and system-redis-secret for more details.
First, create a system-redis secret.
apiVersion: v1
kind: Secret
metadata:
name: system-redis
stringData:
URL: "redis://<SENTINEL_CONF_NAME>:6379/3"
SENTINEL_HOSTS: "redis://$REDIS_SENTINEL_SERVICE_NAME.$REDIS_NAMESPACE.svc.cluster.local:26379"
SENTINEL_ROLE: "controller"
NAMESPACE: "$REDIS_NAMESPACE"
type: Opaque
Then, create a backend-redis secret.
apiVersion: v1
kind: Secret
metadata:
name: backend-redis
stringData:
REDIS_STORAGE_URL: "redis://<SENTINEL_CONF_NAME>:6379/1"
REDIS_STORAGE_SENTINEL_HOSTS: "redis://$REDIS_SENTINEL_SERVICE_NAME. $REDIS_NAMESPACE.svc.cluster.local:26379"
REDIS_STORAGE_SENTINEL_ROLE: "controller"
REDIS_QUEUES_URL: "redis://<SENTINEL_CONF_NAME>:6379/2"
REDIS_QUEUES_SENTINEL_HOSTS: "redis://$REDIS_SENTINEL_SERVICE_NAME. $REDIS_NAMESPACE.svc.cluster.local:26379"
REDIS_QUEUES_SENTINEL_ROLE: "controller"
type: Opaque
- Deploy the API manager with the external Redis configuration.
Create a 3scale API Management instance. Refer to external-redis-database-configuration-for-high-availability-support-in-threescale for more details.
- Use the following YAML to deploy a 3scale API Management instance and configure it to use the external Redis HA:
kind: APIManager
metadata:
name: example-apimanager
namespace: 3scale
spec:
wildcardDomain: <your-wildcard-domain>
externalComponents:
backend:
redis: true
system:
redis: true
Replace <your-wildcard-domain> with your actual domain.
- Apply the configuration:
$ oc apply -f threescale-example.yaml
- Monitor the deployment.
Monitor the deployment to ensure that all the 3scale components are running.
$ oc get pods
$ oc get pods -l threescale_component=system-app
Figure 11. All pods in the 3scale namespace
Step 4. Configure and test the Red Hat 3scale API Management instance
Perform the following steps to configure and test the Red Hat 3scale API Management instance:
- Access the 3scale admin portal.
After the 3scale components are running, access the admin portal through the route created by OpenShift. Use the credentials created in the system-seed secret.
Figure 12. 3scale admin portal UI
- Create and secure the APIs.
Use the admin portal to create and secure the APIs. Configure the API gateway, apply rate limits, and set up access policies as needed.
Figure 13. Test the product and the API in 3scale
- Test Redis integration.
Ensure that the Red Hat 3scale API Management instance is correctly interacting with the Redis HA setup by testing the caching, rate limiting, and any other Redis-dependent features.
Figure 14. Redis pod for logs
Conclusion
By deploying a Red Hat 3scale API Management instance with an external Redis HA that is set up on an OpenShift cluster running on IBM Power, you can achieve a highly available and scalable API management solution. This setup leverages the powerful infrastructure of IBM Power and the flexibility of OpenShift, ensuring that your APIs remain accessible, secure, and performant under any conditions. This architecture is ideal for enterprises that require robust API management coupled with high availability, making it suitable for mission-critical applications and large-scale deployments.