Activity: Set up Red Hat Service Interconnect on OpenShift

Module 1

You can set up Virtual Application Networks with Red Hat Service Interconnect by either using the command line interface or the OpenShift operator.

In this exercise, we’ll use the operator on the OpenShift cluster and the command line interface on the RHEL side just to explore both options. You could also use automation tools such as Ansible to automate the creation of the Virtual Application Network on both sides.

Verify database access from Travels Service

  1. As a first step, verify whether the travels services has connectivity to the database. You will use the integrated terminal on the right to perform these checks as guided.

  2. In the upper terminal, log in to the OpenShift cluster using the command below. Click the clipboard icon clipboard to copy.

    oc login -u admin -p {ocp_cluster_openshift_cluster_admin_password} https://172.30.0.1:443

    Type y when you are prompted with Use insecure connections? (y/n).
    You should see a Login successful message

  3. From the OpenShift Terminal (upper terminal), run the following command to check if the travels service and all other services (cars, discounts etc) are able to access the on-prem database.

    curl travels.travel-agency.svc.cluster.local:8000/travels/Prague && echo

  4. You will receive a response {"error":"Travel Quote for Prague not found"} indicating that the database is not accessible, and the service is unable to get a travel quote for Prague.

Set up a Red Hat Service Interconnect Site

You will set up a Virtual Application Network using Red Hat Service Interconnect in the subsequent steps to help the core services (on OpenShift) access the on-premises database.

  1. Navigate to the {ocp_cluster_openshift_cluster_console_url}/k8s/cluster/projects/travel-db/openshift-site-plugin[OpenShift Console, window="console"], and log in with username admin and password {ocp_cluster_openshift_cluster_admin_password}

  2. Navigate to Home → Projects → travel-db, if you are not already in the travel-db project.

    projects tab

  3. From the travel-db project, click on the Service Interconnect tab or click on this {ocp_cluster_openshift_cluster_console_url}/k8s/cluster/projects/travel-db/openshift-site-plugin[link, window="console"] to navigate directly.

  4. Click on Create site.

    site button
    What is a site?

    A site represents a place where you have real running workloads. Each site contains an application service router which helps its workloads connect with workloads in remote sites. Ex: A namespace is a site

  5. In the Create site wizard, keep the default values.

    1. Note that the Enable link access is checked, indicating that this site will allow ingress connections from other sites.

    2. Click on Submit to set up the VAN routers in the travel-db namespace.

      create site
      What is a router?

      Layer 7 application routers form the backbone of a VAN in the same way that conventional network routers form the backbone of a VPN. However, instead of routing IP packets between network endpoints, Layer 7 application routers route messages between application endpoints (called Layer 7 application addresses).

  6. You will see a message indicating that the Service Interconnect site is being created. In a few seconds, the warning message will disappear, and the site will be created.

    site create warning

  7. The warning message disappears once the site is created.

    site created

    You will also notice a Ready status displayed in the Details tab, confirming that the site is ready.

    site ready

Set up a Red Hat Service Interconnect Listener

What is a Listener?

A listener creates a local connection point that links to connectors in remote sites using routing keys. On Kubernetes, it’s implemented as a Service; on Docker, Podman, and Linux, it’s a listening socket on a local network interface. The listener exposes a host/port for local clients while using the routing key to connect with remote sites.

connector image

  1. Click on {ocp_cluster_openshift_cluster_console_url}/k8s/cluster/projects/travel-db/openshift-site-plugin[Create listener, window="console"] to set up a listener in the travel-db namespace.

    listener button

  2. Input the following details and click Submit

    • Name: mysqldb

    • Port: 3306

    • Routing key: appconn

    • Host: mysqldb

    • TLS secret: leave this blank for now, as you will instead create a token at a later step.

      listener form

Set up an Access Token

What is an Access Token?

An access token is a short-lived credential for creating a link between sites. It contains a URL and secret code from an access grant. Tokens have limited validity - by default, they can be used only once and expire after 15 minutes.

What is an Access Grant?

A site wishing to accept a link (site 1) creates an access grant. It uses the access grant to issue a corresponding access token and transfers it to a remote site (site 2). Site 2 submits the access token to site 1 for redemption. If the token is valid, site 1 sends site 2 the TLS host, port, and credentials required to create a link to site 1

This image explains this concept in more detail.

token redemption

  1. Click on {ocp_cluster_openshift_cluster_console_url}/k8s/cluster/projects/travel-db/openshift-site-plugin[Generate a token, window="console"].

    token button

  2. You are presented with the Issue Access Token wizard. In the Configuration step, enter the following values, and click the Create button.

    • FileName: my-grant

    • Redemptions: 1

    • Code: leave this blank

    • Valid for: 60 minutes

      create access token

  3. You will be presented with the Create token - How to step.

    1. You can ignore the rest of the steps since you will use a script to directly convert the grant and transfer it to the on-premises RHEL server without the need for downloading the file.

    2. If you would like to inspect how the token looks, you can still proceed to download and open the file.

    3. Click on Done.

      token done screen

  4. From the OpenShift Terminal (upper terminal), run the following command to deploy the Red Hat Service Interconnect Network Console.

    oc apply -f https://raw.githubusercontent.com/app-connectivity-workshop/scripts/refs/heads/main/m1/network_console_deploy.yaml -n travel-db

    You will use this console to visualize the network later. Since it takes a few seconds to initialize, go ahead and deploy it now. While it is getting deployed, proceed to the next steps to save time.