Context
As more and more companies are going the cloud-native route, more and more of our customers ask us to run enterprise API Management platforms within their Kubernetes environment. This blog explains how to run the full Software AG webMethods API Management suite on Red Hat OpenShift. Although this blog explains the installation of the SAG API Management suite on an OpenShift cluster, you can easily run it on other Kubernetes implementations like Azure AKS or AWS EKS by changing some Helm values.
In our previous blogs, “Run Software AG webMethods API Gateway on Red Hat OpenShift”, we discussed the installation of SAG API Gateway by creating your own Docker image based on an existing SAG API Gateway installation. This blog explains how to use the SAG official trial images to install the full SAG API Management suite containing the SAG API Portal and the SAG API Gateway. It also explains how you can automatically provision your own licenses to get rid of the 90 days limitation of the trial license.
SAG API Management on OpenShift
This blog has an accompanying GIT repository which contains the Helm charts needed for the installation. This GIT repository contains more detailed installation and configuration instructions. This GIT repository can be found https://github.com/I8C/sag-apim-ocp.
The accompanying GIT repository contains the Helm charts to:
- Install the SAG API Gateway
- Install the SAG API Portal
- Configure OpenShift Routes
- Enable/Disable TLS
- Install your own licenses.
- Use PersistentVolumes or EmptyVolumes
- Register SMTP server
- Set default passwords
Prerequisites
This setup is tested with SAG API Management version 10.7. on a RedHat OpenShift cluster version 4.7.
Make sure:
- you have cluster admin credentials (need to set the SCC)
- that you have Helm 3 installed on your local machine.
- you have installed the OpenShift CLI.
- your cluster has enough available RAM depending on which components you want to install (API Gateway alone requires 4GB of RAM!).
You must first register your Docker Hub account so the account can pull the necessary Docker images from the Docker store. These images are free to use and include a 90 day evaluation trial license. You can register your account by going to the following locations and click the *Proceed to Checkout* button:
Installation Steps
STEP 0 : Initialize OpenShift
- Create Project:
|
1 2 |
OC_PROJECT=sag-api-management oc new-project $OC_PROJECT |
- Make sure that the service account which runs our pods has access to the privileged SCC:
|
1 |
oc adm policy add-scc-to-user privileged \ system:serviceaccount:$OC_PROJECT:default |
STEP 1 : Create Docker Secret
The cluster must be able to download the image from DockerHub. Therefore, create a secret for Docker hub access. This dockerhub account must also already be registered to have a proper license.
The name of the registry secret must match with the Helm variable image.registrySecret of your specific Helm Values- file.
|
1 2 3 4 5 6 |
oc create secret docker-registry regsecret \ --docker-server=https://index.docker.io/v1/ \ --docker-username=<your-docker-hub-id> \ --docker-password="<your-pass>" \ --docker-email="your-email" |
The name of the secret regsecret is configured in the Helm configuration so the images are downloaded with the proper Docker Hub credentials.
STEP 2 : Install API Gateway
First, make sure you added the correct configuration, depending on your environment, in the Helm value file.
|
1 2 3 |
helm install sag-apigateway ./charts/sag-apigateway \ -f ./charts/sag-apigateway/values.yaml |
The first time, doing a clean install, it can take some time before the API Gateway Pod is started. This is because the Elasticsearch cluster needs to be initialized. Once this is done, restarts or Pod recreations will be much faster.
STEP 3 : Install API Portal
Same as with the API Gateway installation, you have to make sure the Helm configuration file (Value file) contains the correct configuration.
|
1 2 3 |
helm install sag-apiportal ./charts/sag-apiportal \ -f ./charts/sag-apiportal/values.yaml |
Test
API Gateway
- Get your API Gateway UI endpoint
|
1 |
oc get route sag-apigateway-gateway -o jsonpath='{.spec.host}' |
- Add http:// or https:// (depends on whether you enabled tls or not in your route) before the endpoint and open this URL in a browser:
API Portal
- Get your API Portal UI endpoint
|
1 |
oc get route sag-apiportal-portal -o jsonpath='{.spec.host}' |
- Add http:// or https:// (depends on whether you enabled tls or not in your route) before the endpoint and open this URL in a browser:
Uninstall
To uninstall the API Gateway and API Portal:
|
1 2 |
helm uninstall sag-apigateway helm uninstall sag-apiportal |
Closing
This blog is a good start for deploying the SAG webMethods API Management platform on OpenShift but it certainly does not deliver an enterprise ready platform.To make it enterprise ready:
- Use a PostgreSQL database installed in HA mode
- Use an ElasticSearch cluster with minimal 3 master nodes
- Setup Zookooper as an ensemble of at least 3 nodes
- Schedule regular backups
Notes:
- The official trial images change frequently with new patch releases. Therefore, it is advisable to upload the official images first to your own container image registry and use only those images from your registry within your Kubernetes cluster. This assures stability and control over the used software versions.
- This blog explains the setup of the SAG API Management suite for demo purposes and not for full production installations.
Author: Bert Meuris 
