API Caller FAQ

Owned by Marvin Huaco (Unlicensed)
Last updated: May 05, 2020
3 min read

 

Why does the service account "default" need "edit" role in openshift?

Every service account has an associated username that can be granted roles. The user in this case, is default, which is also linked to the project name.

system:serviceaccount:<project>:<username>

The service account provides a flexible way to control API access making it possible to perform the following:

·         Replication controllers make API calls to create or delete pods.

·         Applications inside containers can make API calls for discovery purposes.

·         External applications can make API calls for monitoring or integration purposes.

The level of access provided to serviceaccount/default was to grant access to ConfigMap and secret, which in return inject containers with configuration data.

 

Can a client download API caller from dockerhub openlegacy repository using their own docker hub account?

Yes, Openlegacy through the approval process can grant access to client’s docker hub accounts.

 

Where can I locate release notes for API Caller ?

Api Caller release notes can be found by clicking on the link below.

https://openlegacy.atlassian.net/wiki/spaces/OV45

 

What are the enterprise versions of postgress that are supported by API Caller?

Any postgres engine that is above 11.6 is supported.

 

We need information in order to scale corresponding container PODs based on requests from the mainframe. When the mainframe calls the API in proxy, what are the containers used during such invocation?

The mainframe is only invoking the proxy, and it is only needed to scale the proxy pod.

 

What is the memory size, and CPU recommendation for PODs?

Scaling based on CPU usage would be the quickest way to scale; however, you can also refer to the link below for Industry standard based usage and needs.

https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/
https://docs.openshift.com/container-platform/4.3/scalability_and_performance/recommended-cluster-scaling-practices.html

 

In the iam.users table what are the possible values for roles?

At moment, the users table has two roles the ADMIN and USER role. The Admin role can create and delete users while the USER role can only use the app.  

 

In the iam.users table there is a password field containing an encrypted password. Can the password be added manually into table and how can the password be encrypted?

We recommend using the API caller to create accounts and reset passwords.

 

We are using the postgress account ol-user for the API caller container to connect Postgress database api-caller. Can you also please clarify on the database role that is required for “ol-user” in postgress database server?

All privileges/ full control is required, due to the need to still alter tables on updates and not losing the power of schema/data migration. The user will only have full control to the database that is being used not the whole RDS.

 

We observe that API Caller container is creating these tables automatically using the postgress account “ol-user”, is this true that we dont have to pre-create these tables in Aurora postgress and the container will create them?

CREATE SCHEMA IF NOT EXISTS iam;CREATE TABLE IF NOT EXISTS iam.users
( id uuid ,
username text NOT NULL UNIQUE,
password text NOT NULL,
roles text[] NOT NULL,
PRIMARY KEY (id)
);

CREATE SCHEMA IF NOT EXISTS api_caller;CREATE TABLE IF NOT EXISTS api_caller.endpoint(
id UUID PRIMARY KEY NOT NULL,
status VARCHAR(20) NOT NULL,
definition JSON NOT NULL
);

Yes, the initial implementation of the API caller creates a single schema, which include its tables.

We use flyway for schema creation and data migration, they will be created automatically and versioned. each new deploy of new versions will contain upgrade scripts internally without the need of having to pre-create them yourselves.