Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

Install Red Hat 3scale and configure tenants with 7 simple commands

September 9, 2019
Henrique Viecili
Related topics:
DevOps
Related products:
Red Hat 3scale API Management

Share:

    A couple weeks ago I was faced with the challenge of installing Red Hat 3scale and configuring its tenants using solely the command line — no GUI allowed. This is a rather interesting use case, so I decided to write this article and show how to do it with just seven commands!

    (By the way, I also decided to include Red Hat Single Sign-On (SSO) in the mix because I want my APIs to use OpenID Connect (OIDC) for authentication. But I'll leave those commands to a future article.)

    Requirements

    With the challenge at hand, I knew that if I were to succeed I would have to make good use of the 3scale Master API and some ingenuity. But before jumping into the solution, here are the basic requirements that need to be in place:

    • Access via the oc CLI to an OpenShift cluster with rights to create projects (or have at least two projects created for you, one for the management and one for each tenant).
    • 3scale OpenShift Templates to install 3scale components (amp.yml and apicast.yml).
    • Images and ImageStreams for 3scale.

    Disclaimer: I am using Red Hat OpenShift 3.11 with 3scale v2.5. Newer versions of 3scale (2.6+) on OpenShift 4.x introduce the option of using the 3scale Operator for installation, which is quite different from what is described here.

    Commands

    So, here we go. Let's install 3scale and the tenant!

    Note: In the next sections, whenever you see ${A_PLACEHOLDER_NAME}, it means something that needs to be replaced by a value, either self-explanatory or defined in a previous step.

    Command #0: Ensure you've got the basics

    # the templates
    git clone https://github.com/3scale/3scale-amp-openshift-templates
    # the access with CLI
    oc login ${YOUR_OCP_MASTER_CONSOLE_URL}
    # the projects created
    oc new-project 3scale-management-project
    oc new-project 3scale-tenant-project

    Command #1: Install 3scale (management)

    The command below is a minimal command to install 3scale. Many other configuration parameters are available, and I highly recommend reading the installation guide. For the purposes of this use case, it is sufficient.

    The MASTER_NAME (=3scale-master) parameter is used as a prefix to create the URL of the 3scale Master API. In this case, the final URL should look like 3scale-master.apps.ocp.example.com

    oc new-app --file amp.yml \
      -p WILDCARD_DOMAIN=apps.ocp.example.com \
      -p MASTER_NAME=3scale-master \
      -n 3scale-management-project

    IMPORTANT: The output of the command above will contain some generated tokens and secrets; take note of them. The remaining commands will use the MASTER_ACCESS_TOKEN but you may need the other values in the future.

    Once the installation triggered by the previous command completes, you can start creating the tenant with the next commands.

    Command #2: Create the tenant via the Master API

    The parameters below will use the variable TENANT_NAME to represent the name of the tenant and other parameters will be derived from it. You should replace/define it with the name you want for the tenant, for example, devblog.

    curl -X POST \
      https://3scale-master.apps.ocp.example.com/master/api/providers.xml \
      -d "access_token=${MASTER_ACCESS_TOKEN}" \
      -d "org_name=${TENANT_NAME}-tenant" \
      -d "username=${TENANT_NAME}-tenant-admin" \
      --data-urlencode "email=${TENANT_NAME}@example.com" \
      -d "password=${A_PASSWORD}"

    The Master API should return a successful response containing the XML representation of the new tenant configuration. Look for the following data within the payload:

    • TENANT_ACCESS_TOKEN from the value of the element /signup/access_token/value
    • TENANT_ACCOUNT_ID from the value of the element /signup/account/id
    • TENANT_USER_ID from the value of the element /signup/users/user[0]/id

    Command #3: Activate the tenant

    By default, new tenants are not created active. Run the command below to activate it.

    curl -X PUT \
      "https://3scale-master.apps.ocp.example.com/admin/api/accounts/${TENANT_ACCOUNT_ID}/users/${TENANT_USER_ID}/activate.xml" \
      -d "access_token=${MASTER_ACCESS_TOKEN}"

    Command #4: Create the tenant's Admin Portal route

    This command creates the route to configure the gateway (apicast) so it can communicate to its API Manager.

    oc create route edge ${TENANT_NAME}-admin \
      --service=system-provider \
      --hostname=${TENANT_NAME}-tenant-admin.apps.ocp.example.com \
      --insecure-policy=Allow \
      -n 3scale-management-project

    You can access the tenant's Admin Portal through this new URL with the credentials (username/password) provided in Command #2.

    Command #5: Create the secret with the AMP management URL

    oc secret new-basicauth apicast-configuration-url-secret \
      --password=https://${TENANT_ACCESS_TOKEN}@${TENANT_NAME}-tenant-admin.apps.ocp.example.com \
      -n 3scale-tenant-project

    Command #6: Install the tenant's API gateway (apicast)

    The command below installs only the apicast gateway pods. As this tenant won't handle production workloads, it uses the minimal configuration parameters recommended for non-production deployments.

    oc new-app -f apicast.yml \
      -p CONFIGURATION_LOADER=lazy \
      -p DEPLOYMENT_ENVIRONMENT=staging \
      -p CONFIGURATION_CACHE=0 \
      -n 3scale-tenant-project

    Command #7: Expose your tenant's API gateway

    Now you just need to create the route (URL) to expose your apicast service (the gateway) to its clients.

    oc create route edge \
      --service=apicast \
      --hostname=${TENANT_NAME}-tenant.apps.ocp.example.com \
      --insecure-policy=Allow \
      -n 3scale-tenant-project

    The APIs you create for this tenant will be exposed through this new URL.

    To create more tenants, just repeat commands #2 to #7.

    Conclusion

    As we move toward automating all the things, it is important to challenge ourselves not to use GUIs and instead do things the harder but more repeatable way. Getting the set of commands is just the first step for automation. Next, we can compile them in the form of a script, or even better, an Ansible playbook. The automation that such capability provides means not only that new tenants can be easily created, but also that the whole environment can be rebuilt from code.

    Although these commands show a simple configuration of 3scale, the gist was extracted from a real-life consulting engagement when each tenant represents one of the multiple environments of a software delivery lifecycle — like development, testing, integration, pre-production, and production. Ultimately, this is part of a bigger picture where our customers need to have the full API lifecycle as code so it can be automated.

    Last updated: September 6, 2019

    Recent Posts

    • Alternatives to creating bootc images from scratch

    • How to update OpenStack Services on OpenShift

    • How to integrate vLLM inference into your macOS and iOS apps

    • How Insights events enhance system life cycle management

    • Meet the Red Hat Node.js team at PowerUP 2025

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue