Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 1. Upgrading 3scale API Management 2.3 to 2.4

As a 3scale API Management administrator, upgrade your installation from version 2.3 to 2.4. Optionally, you can change the impersonation of administrator data.

Warning

This process can cause disruption in the service. Make sure to have a maintenance window.

1.1. Prerequisites
Copy link

  • 3scale API Management 2.3 deployed in a project.

  • Tool prerequisites:

    • jq

1.2. Upgrading 3scale API Management
Copy link

To upgrade 3scale API Management from 2.3 to 2.4 follow the steps in the order listed below:

  1. Section 1.2.1, “Creating ConfigMaps”
  2. Section 1.2.2, “Creating the system master route”
  3. Section 1.2.3, “Migrating the system database secret”
  4. Section 1.2.4.2, “Creating the -redis secrets”
  5. Section 1.2.5, “Patching DeploymentConfigs”
  6. Section 1.2.6, “Patching image streams”
  7. Section 1.2.7, “Adding the entry for Service Discovery”
  8. Section 1.2.8, “Configuring additional DeploymentConfigs”

1.2.1. Creating ConfigMaps
Copy link

Create files that contain the details of the ConfigMaps to be sourced for the new OpenShift elements.

  1. Configure the required variables: 

    export $(oc set env dc/system-app --list|grep THREESCALE_SUPERDOMAIN|sort -u)
export $(oc set env dc/system-app --list|grep APICAST_REGISTRY_URL|sort -u)
APP_LABEL=$(oc get dc backend-listener -o json | jq .spec.template.metadata.labels.app -r)
AMP_RELEASE=2.4.0
    Copy to Clipboard Toggle word wrap

  2. Confirm that the variables are properly configured: 

    echo $THREESCALE_SUPERDOMAIN
echo $APICAST_REGISTRY_URL
echo $APP_LABEL
echo $AMP_RELEASE
    Copy to Clipboard Toggle word wrap

  3. Create the system-environment ConfigMap:

    1. Compose a file called system-environment.yml. 

      cat<<EOF> system-environment.yml

apiVersion: v1
data:
  AMP_RELEASE: ${AMP_RELEASE}
  APICAST_REGISTRY_URL: ${APICAST_REGISTRY_URL}
  FORCE_SSL: "true"
  PROVIDER_PLAN: enterprise
  RAILS_ENV: production
  RAILS_LOG_LEVEL: info
  RAILS_LOG_TO_STDOUT: "true"
  SSL_CERT_DIR: /etc/pki/tls/certs
  THINKING_SPHINX_PORT: "9306"
  THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE: VERIFY_NONE
  THREESCALE_SUPERDOMAIN: ${THREESCALE_SUPERDOMAIN}
kind: ConfigMap
metadata:
  creationTimestamp: null
  labels:
    app: ${APP_LABEL}
    3scale.component: system
  name: system-environment
EOF
      Copy to Clipboard Toggle word wrap

    2. Create the new system-environment ConfigMap: 

      oc create -f system-environment.yml
      Copy to Clipboard Toggle word wrap

  4. Create the backend-environment ConfigMap:

    1. Get the value of the backend-listener DeploymentConfig: 

      export $(oc set env dc/backend-listener --list|grep RACK_ENV|sort -u)
      Copy to Clipboard Toggle word wrap

    2. Compose a new file called backend-environment.yml. 

      cat<<EOF>backend-environment.yml
apiVersion: v1
data:
  RACK_ENV: ${RACK_ENV}
kind: ConfigMap
metadata:
  creationTimestamp: null
  labels:
    app: ${APP_LABEL}
    3scale.component: backend
  name: backend-environment
EOF
      Copy to Clipboard Toggle word wrap

    3. Create the new backend-environment ConfigMap: 

      oc create -f backend-environment.yml
      Copy to Clipboard Toggle word wrap

  5. Create the apicast-environment ConfigMap:

    1. Compose a new file called apicast-environment.yml. 

      cat<<EOT>apicast-environment.yml
apiVersion: v1
data:
  APICAST_MANAGEMENT_API: status
  APICAST_RESPONSE_CODES: "true"
  OPENSSL_VERIFY: "false"
kind: ConfigMap
metadata:
  name: apicast-environment
EOT
      Copy to Clipboard Toggle word wrap

    2. Create the new apicast-environment ConfigMap: 

      oc create -f apicast-environment.yml
      Copy to Clipboard Toggle word wrap

1.2.2. Creating the system master route
Copy link

To create the system master route:

  1. Configure MASTER_NAME with the value of the MASTER_DOMAIN environment variable: 

    export $(oc set env dc/system-app --list|grep MASTER_DOMAIN|sort -u)
MASTER_NAME=$MASTER_DOMAIN
    Copy to Clipboard Toggle word wrap

  2. Confirm that MASTER_NAME is properly set: 

    echo $MASTER_NAME
    Copy to Clipboard Toggle word wrap

  3. Create the system-master route and delete the system-master-admin route: 

    oc create route edge system-master --service=system-master --hostname=${MASTER_NAME}.${THREESCALE_SUPERDOMAIN} --port=http
oc delete route system-master-admin
    Copy to Clipboard Toggle word wrap

1.2.3. Migrating the system database secret
Copy link

To migrate the system database secret into the new system-database OpenShift secret:

  1. Get the existing MySQL environment variables: 

    export $(oc set env dc/system-mysql --list|grep MYSQL_ROOT_PASSWORD)
export $(oc set env dc/system-mysql --list | grep MYSQL_DATABASE)
    Copy to Clipboard Toggle word wrap

  2. Get the APP_LABEL environment variable: 

    APP_LABEL=$(oc get dc backend-listener -o json | jq .spec.template.metadata.labels.app -r)
    Copy to Clipboard Toggle word wrap

  3. Confirm that you have correctly set the following environment variables: 

    echo ${MYSQL_ROOT_PASSWORD}
echo ${MYSQL_DATABASE}
echo ${APP_LABEL}
    Copy to Clipboard Toggle word wrap

  4. Create the file containing the system-database secret: 

    cat > system-database.yml <<EOF

apiVersion: v1
kind: Secret
metadata:
  creationTimestamp: null
  labels:
    3scale.component: system
    app: ${APP_LABEL}
  name: system-database
stringData:
  URL: mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}
type: Opaque
EOF
    Copy to Clipboard Toggle word wrap

  5. Create the secret: 

    oc create -f system-database.yml
    Copy to Clipboard Toggle word wrap

1.2.4. Creating new secrets
Copy link

To continue with the upgrade process, you must create:

1.2.4.1. Creating the system-master-apicast secret
Copy link

  1. Get the value of APICAST_ACCESS_TOKEN: 

    export APICAST_ACCESS_TOKEN=$(oc set env --list dc/apicast-production|sort -u|grep THREESCALE_PORTAL_ENDPOINT|cut -d@ -f1|cut -d/ -f3)
    Copy to Clipboard Toggle word wrap

  2. Compose a new file called system-master-apicast.yml: 

    cat<<EOF> system-master-apicast.yml
apiVersion: v1
kind: Secret
metadata:
  creationTimestamp: null
  labels:
    app: ${APP_LABEL}
    3scale.component: system
  name: system-master-apicast
stringData:
  ACCESS_TOKEN: ${APICAST_ACCESS_TOKEN}
  BASE_URL: http://${APICAST_ACCESS_TOKEN}@system-master:3000
  PROXY_CONFIGS_ENDPOINT: http://${APICAST_ACCESS_TOKEN}@system-master:3000/master/api/proxy/configs
type: Opaque
EOF
    Copy to Clipboard Toggle word wrap

  3. Create the new system-master-apicast secret: 

    oc create -f system-master-apicast.yml
    Copy to Clipboard Toggle word wrap

Back to Section 1.2.4, “Creating new secrets”.

1.2.4.2. Creating the -redis secrets
Copy link

  1. Create the system-redis secret:

    1. Compose a file called system-redis.yml with the following content: 

      cat > system-redis.yml <<EOF

apiVersion: v1
kind: Secret
metadata:
  creationTimestamp: null
  labels:
      3scale.component: system
      app: ${APP_LABEL}
  name: system-redis
stringData:
  URL: redis://system-redis:6379/1
  type: Opaque
EOF
      Copy to Clipboard Toggle word wrap

    2. Create the system-redis secret with the information contained in the file: 

      oc create -f system-redis.yml
      Copy to Clipboard Toggle word wrap

  2. Create the backend-redis secret:

    1. Compose a file called backend-redis.yml with this content: 

      cat > backend-redis.yml <<EOF

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  creationTimestamp: null
  labels:
      3scale.component: backend
      app: ${APP_LABEL}
  name: backend-redis
stringData:
  REDIS_QUEUES_SENTINEL_HOSTS: ""
  REDIS_QUEUES_SENTINEL_ROLE: ""
  REDIS_QUEUES_URL: redis://backend-redis:6379/1
  REDIS_STORAGE_SENTINEL_HOSTS: ""
  REDIS_STORAGE_SENTINEL_ROLE: ""
  REDIS_STORAGE_URL: redis://backend-redis:6379/0
EOF
      Copy to Clipboard Toggle word wrap

    2. Create the backend-redis secret with the information contained in the file: 

      oc create -f backend-redis.yml
      Copy to Clipboard Toggle word wrap

  3. Create the apicast-redis secret:

    1. Compose a file called apicast-redis.yml with this content: 

      cat<<EOT>apicast-redis.yml
apiVersion: v1
stringData:
  PRODUCTION_URL: redis://system-redis:6379/1
  STAGING_URL: redis://system-redis:6379/2
kind: Secret
metadata:
  labels:
    3scale.component: apicast
    app: ${APP_LABEL}
  name: apicast-redis
EOT
      Copy to Clipboard Toggle word wrap

    2. Create the apicast-redis secret with the information contained in the file: 

      oc create -f apicast-redis.yml
      Copy to Clipboard Toggle word wrap

Back to Section 1.2.4, “Creating new secrets”.

1.2.4.3. Creating the backend- secrets
Copy link

  1. Create the backend-listener secret:

    1. Compose a file called backend-listener.yml with this content: 

      cat<<EOT>backend-listener.yml
apiVersion: v1
stringData:
  route_endpoint: https://backend-3scale.${THREESCALE_SUPERDOMAIN}
  service_endpoint: http://backend-listener:3000
kind: Secret
metadata:
  name: backend-listener
EOT
      Copy to Clipboard Toggle word wrap

    2. Create the backend-listener secret with the information contained in the file: 

      oc create -f backend-listener.yml
      Copy to Clipboard Toggle word wrap

  2. Create the backend-internal-api secret:

    1. Obtain the values from the 2.3 environment: 

      export $(oc set env dc backend-listener --list|grep CONFIG_INTERNAL_API_USER)
export $(oc set env dc backend-listener --list|grep CONFIG_INTERNAL_API_PASSWORD)
      Copy to Clipboard Toggle word wrap

    2. Check the value of the variables: 

      echo $CONFIG_INTERNAL_API_USER $CONFIG_INTERNAL_API_PASSWORD
      Copy to Clipboard Toggle word wrap

    3. Create the secret: 

      oc create secret generic backend-internal-api --from-literal=password=${CONFIG_INTERNAL_API_PASSWORD} --from-literal=username=${CONFIG_INTERNAL_API_USER}
      Copy to Clipboard Toggle word wrap

Back to Section 1.2.4, “Creating new secrets”.

1.2.4.4. Creating the system- secrets
Copy link

  1. Create the system-memcache secret:

    1. Compose a file called system-memcache.yml with this content: 

      cat<<EOT>system-memcache.yml
apiVersion: v1
stringData:
  SERVERS: system-memcache:11211
kind: Secret
metadata:
  name: system-memcache
EOT
      Copy to Clipboard Toggle word wrap

    2. Create the system-memcache secret with the information contained in the file: 

      oc create -f system-memcache.yml
      Copy to Clipboard Toggle word wrap

  2. Create the system-recaptcha secret:

    1. Compose a file called system-recaptcha.yml with this content: 

      cat<<EOT>system-recaptcha.yml
apiVersion: v1
stringData:
  PRIVATE_KEY: ""
  PUBLIC_KEY: ""
kind: Secret
metadata:
  name: system-recaptcha
EOT
      Copy to Clipboard Toggle word wrap

    2. Create the system-recaptcha secret with the information contained in the file: 

      oc create -f system-recaptcha.yml
      Copy to Clipboard Toggle word wrap

  3. Create the system-events-hook secret:

    1. Get the values from the 2.3 environment: 

      export $(oc set env dc backend-worker --list|grep CONFIG_EVENTS_HOOK_SHARED_SECRET)
      Copy to Clipboard Toggle word wrap

    2. Confirm the value of the variables: 

      echo ${CONFIG_EVENTS_HOOK_SHARED_SECRET}
      Copy to Clipboard Toggle word wrap

    3. Create the secret: 

      oc create secret generic system-events-hook --from-literal=PASSWORD=${CONFIG_EVENTS_HOOK_SHARED_SECRET} --from-literal=URL=http://system-master:3000/master/events/import
      Copy to Clipboard Toggle word wrap

  4. Create the system-seed secret:

    1. Get the values from the 2.3 environment: 

      export $(oc set env dc system-app --list|grep ADMIN_ACCESS_TOKEN|uniq)
export $(oc set env dc system-app --list|grep MASTER_ACCESS_TOKEN|uniq)
export $(oc set env dc system-app --list|grep USER_PASSWORD|uniq)
export $(oc set env dc system-app --list|grep USER_LOGIN|uniq)
export $(oc set env dc system-app --list|grep MASTER_DOMAIN|uniq)
export $(oc set env dc system-app --list|grep MASTER_PASSWORD|uniq)
export $(oc set env dc system-app --list|grep MASTER_USER|uniq)
export $(oc set env dc system-app --list|grep TENANT_NAME|uniq)
      Copy to Clipboard Toggle word wrap

    2. Confirm the value of the variables: 

      echo ${ADMIN_ACCESS_TOKEN} ${MASTER_ACCESS_TOKEN} ${USER_PASSWORD} ${USER_LOGIN} ${MASTER_DOMAIN} ${MASTER_PASSWORD} ${MASTER_USER} ${TENANT_NAME}
      Copy to Clipboard Toggle word wrap

    3. Create the secret: 

      oc create secret generic system-seed --from-literal=ADMIN_ACCESS_TOKEN=${ADMIN_ACCESS_TOKEN} --from-literal=MASTER_ACCESS_TOKEN=${MASTER_ACCESS_TOKEN} --from-literal=ADMIN_PASSWORD=${USER_PASSWORD} --from-literal=ADMIN_USER=${USER_LOGIN} --from-literal=MASTER_DOMAIN=${MASTER_DOMAIN} --from-literal=MASTER_PASSWORD=${MASTER_PASSWORD} --from-literal=MASTER_USER=${MASTER_USER} --from-literal=TENANT_NAME=${TENANT_NAME}
      Copy to Clipboard Toggle word wrap

  5. Create the system-app secret:

    1. Obtain the values from the 2.3 environment: 

      export $(oc set env dc system-app --list|grep SECRET_KEY_BASE|uniq)
      Copy to Clipboard Toggle word wrap

    2. Confirm the value of the variables: 

      echo ${SECRET_KEY_BASE}
      Copy to Clipboard Toggle word wrap

    3. Create the secret: 

      oc create secret generic system-app --from-literal=SECRET_KEY_BASE=${SECRET_KEY_BASE}
      Copy to Clipboard Toggle word wrap

Back to Section 1.2.4, “Creating new secrets”.

1.2.5. Patching DeploymentConfigs
Copy link

  1. Patch the backend-cron DeploymentConfig: 

    oc patch dc/backend-cron -p '{"spec":{"template":{"spec":{"containers":[{"name":"backend-cron","env":[{"name":"CONFIG_REDIS_PROXY","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"RACK_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RACK_ENV","name":"backend-environment"}}}]}],"initContainers":[{"name":"backend-redis-svc","command":["/opt/app/entrypoint.sh","sh","-c","until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;\ndone"],"env":[{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}}]}]}}}}'
    Copy to Clipboard Toggle word wrap

  2. Patch the backend-listener DeploymentConfig: 

    oc patch dc/backend-listener -p '{"spec":{"template":{"spec":{"containers":[{"name":"backend-listener","env":[{"name":"CONFIG_REDIS_PROXY","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"RACK_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RACK_ENV","name":"backend-environment"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]}]}}}}'
    Copy to Clipboard Toggle word wrap

  3. Patch the backend-worker DeploymentConfig: 

    oc patch dc/backend-worker -p '{"spec":{"template":{"spec":{"containers":[{"name":"backend-worker","env":[{"name":"CONFIG_REDIS_PROXY","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"RACK_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RACK_ENV","name":"backend-environment"}}},{"name":"CONFIG_EVENTS_HOOK","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-events-hook"}}},{"name":"CONFIG_EVENTS_HOOK_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}}]}],"initContainers":[{"name":"backend-redis-svc","command":["/opt/app/entrypoint.sh","sh","-c","until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;\ndone"],"env":[{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}}]}]}}}}'
    Copy to Clipboard Toggle word wrap

  4. Patch the system-app DeploymentConfig containers: 

    oc patch dc/system-app -p '{"spec":{"strategy":{"activeDeadlineSeconds":21600,"resources":{},"rollingParams":{"pre":{"execNewPod":{"env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"THINKING_SPHINX_ADDRESS","value":"system-sphinx"},{"name":"THINKING_SPHINX_CONFIGURATION_FILE","value":"/tmp/sphinx.conf"},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"SMTP_ADDRESS","valueFrom":{"configMapKeyRef":{"key":"address","name":"smtp"}}},{"name":"SMTP_USER_NAME","valueFrom":{"configMapKeyRef":{"key":"username","name":"smtp"}}},{"name":"SMTP_PASSWORD","valueFrom":{"configMapKeyRef":{"key":"password","name":"smtp"}}},{"name":"SMTP_DOMAIN","valueFrom":{"configMapKeyRef":{"key":"domain","name":"smtp"}}},{"name":"SMTP_PORT","valueFrom":{"configMapKeyRef":{"key":"port","name":"smtp"}}},{"name":"SMTP_AUTHENTICATION","valueFrom":{"configMapKeyRef":{"key":"authentication","name":"smtp"}}},{"name":"SMTP_OPENSSL_VERIFY_MODE","valueFrom":{"configMapKeyRef":{"key":"openssl.verify.mode","name":"smtp"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]}}}},"template":{"spec":{"containers":[{"name":"system-master","env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]},{"name":"system-provider","env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]},{"name":"system-developer","env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]}],"volumes":[{"configMap":{"defaultMode":420,"items":[{"key":"zync.yml","path":"zync.yml"},{"key":"rolling_updates.yml","path":"rolling_updates.yml"},{"key":"service_discovery.yml","path":"service_discovery.yml"}],"name":"system"},"name":"system-config"}]}}}}'
    Copy to Clipboard Toggle word wrap

  5. Update the system-sidekiq DeploymentConfig to gather the database information of system from the new secret: 

    oc patch dc/system-sidekiq -p '{"spec":{"template":{"spec":{"containers":[{"name":"system-sidekiq","env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]}],"initContainers":[{"name":"check-svc","command":["bash","-c","bundle exec sh -c \"until rake boot:redis && curl --output /dev/null --silent --fail --head http://system-master:3000/status; do sleep $SLEEP_SECONDS; done\""],"env":[{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}}]}],"volumes":[{"configMap":{"defaultMode":420,"items":[{"key":"zync.yml","path":"zync.yml"},{"key":"rolling_updates.yml","path":"rolling_updates.yml"},{"key":"service_discovery.yml","path":"service_discovery.yml"}]},"name":"system-config"}]}}}}'
    Copy to Clipboard Toggle word wrap

  6. Update the system-sphinx DeploymentConfig to gather the database information of system from the new secret: 

    oc patch dc/system-sphinx -p '{"spec":{"template":{"spec":{"containers":[{"name":"system-sphinx","env":[{"name":"DATABASE_URL","value":"","valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}}]}]}}}}'
    Copy to Clipboard Toggle word wrap

  7. Patch the apicast-staging DeploymentConfig containers: 

    oc patch dc/apicast-staging -p '{"spec":{"template": {"spec": { "containers": [ {"name": "apicast-staging", "env": [ { "name": "THREESCALE_PORTAL_ENDPOINT", "value":null,"valueFrom": { "secretKeyRef": { "key": "PROXY_CONFIGS_ENDPOINT", "name": "system-master-apicast" } } }, { "name": "BACKEND_ENDPOINT_OVERRIDE", "value":null,"valueFrom": { "secretKeyRef": { "key": "service_endpoint", "name": "backend-listener" } } }, { "name": "APICAST_MANAGEMENT_API", "value":null,"valueFrom": { "configMapKeyRef": { "key": "APICAST_MANAGEMENT_API", "name": "apicast-environment" } } }, { "name": "OPENSSL_VERIFY", "value":null,"valueFrom": { "configMapKeyRef": { "key": "OPENSSL_VERIFY", "name": "apicast-environment" } } }, { "name": "APICAST_RESPONSE_CODES", "value":null,"valueFrom": { "configMapKeyRef": { "key": "APICAST_RESPONSE_CODES", "name": "apicast-environment" } } }, { "name": "APICAST_CONFIGURATION_LOADER", "value": "lazy" }, { "name": "APICAST_CONFIGURATION_CACHE", "value": "0" }, { "name": "THREESCALE_DEPLOYMENT_ENV", "value": "staging" }, { "name": "REDIS_URL", "value":null,"valueFrom": { "secretKeyRef": { "key": "STAGING_URL", "name": "apicast-redis" } } } ]}]}}}}'
    Copy to Clipboard Toggle word wrap

  8. Patch the apicast-production DeploymentConfig containers: 

    oc patch dc/apicast-production -p '{"spec":{"template":{"spec": { "containers": [ {"name":"apicast-production", "env": [ { "name": "THREESCALE_PORTAL_ENDPOINT", "value":null,"valueFrom": { "secretKeyRef": { "key": "PROXY_CONFIGS_ENDPOINT", "name": "system-master-apicast" } } }, { "name": "BACKEND_ENDPOINT_OVERRIDE", "value":null,"valueFrom": { "secretKeyRef": { "key": "service_endpoint", "name": "backend-listener" } } }, { "name": "APICAST_MANAGEMENT_API", "value":null,"valueFrom": { "configMapKeyRef": { "key": "APICAST_MANAGEMENT_API", "name": "apicast-environment" } } }, { "name": "OPENSSL_VERIFY", "value":null,"valueFrom": { "configMapKeyRef": { "key": "OPENSSL_VERIFY", "name": "apicast-environment" } } }, { "name": "APICAST_RESPONSE_CODES", "value":null,"valueFrom": { "configMapKeyRef": { "key": "APICAST_RESPONSE_CODES", "name": "apicast-environment" } } }, { "name": "APICAST_CONFIGURATION_LOADER", "value": "boot" }, { "name": "APICAST_CONFIGURATION_CACHE", "value": "300" }, { "name": "THREESCALE_DEPLOYMENT_ENV", "value": "production" }, { "name": "REDIS_URL", "value":null,"valueFrom": { "secretKeyRef": { "key": "PRODUCTION_URL", "name": "apicast-redis" } } } ]}]}}}}'
    Copy to Clipboard Toggle word wrap

  9. Patch the apicast-wildcard-router DeploymentConfig containers: 

    oc patch dc/apicast-wildcard-router -p '{"spec":{"template":{"spec":{"containers":[{"name":"apicast-wildcard-router","env":[{"name":"API_HOST","value":null,"valueFrom":{"secretKeyRef":{"key":"BASE_URL","name":"system-master-apicast"}}}]}]}}}}'
    Copy to Clipboard Toggle word wrap

1.2.6. Patching image streams
Copy link

  1. Patch the amp-system image stream:

    • If 3scale API Management is deployed with Oracle Database,

      1. Update the system image 2.4.0 image stream: 

        oc patch imagestream/amp-system --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP system 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/system"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
        Copy to Clipboard Toggle word wrap

      2. Update the build configuration for 3scale-amp-oracle to fetch from the 2.4 tag: 

        oc patch bc 3scale-amp-system-oracle --type json -p '[{"op": "replace", "path": "/spec/strategy/dockerStrategy/from/name", "value": "amp-system:2.4.0"}]'
        Copy to Clipboard Toggle word wrap

      3. Run the build: 

        oc start-build 3scale-amp-system-oracle --from-dir=.
        Copy to Clipboard Toggle word wrap

    • If 3scale API Management is deployed with a different database, use the following commands: 

      oc patch imagestream/amp-system --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP system 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/system"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
oc patch imagestream/amp-system --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP system (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.4.0"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'
      Copy to Clipboard Toggle word wrap

  2. Patch the amp-apicast image stream: 

    oc patch imagestream/amp-apicast --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP APIcast 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/apicast-gateway"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
oc patch imagestream/amp-apicast --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP APIcast (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.4.0"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'
    Copy to Clipboard Toggle word wrap

  3. Patch the amp-backend image stream: 

    oc patch imagestream/amp-backend --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Backend 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/backend"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
oc patch imagestream/amp-backend --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Backend (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.4.0"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'
    Copy to Clipboard Toggle word wrap

  4. Patch the amp-zync image stream: 

    oc patch imagestream/amp-zync --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Zync 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/zync"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
oc patch imagestream/amp-zync --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Zync (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.4.0"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'
    Copy to Clipboard Toggle word wrap

1.2.7. Adding the entry for Service Discovery
Copy link

As part of the upgrade process, add the ConfigMap entry for Service Discovery. Service Discovery is a feature that allows you to add APIs for management by recognizing the discoverable running services in an OpenShift cluster

  1. Edit the system ConfigMap to add the entry: 

    oc edit configmap system
    Copy to Clipboard Toggle word wrap

  2. Add the entry: 

    service_discovery.yml: |
     production:
       enabled: <%= cluster_token_file_exists = File.exists?(cluster_token_file_path = '/var/run/secrets/kubernetes.io/serviceaccount/token') %>
       server_scheme: 'https'
       server_host: 'kubernetes.default.svc.cluster.local'
       server_port: 443
       bearer_token: "<%= File.read(cluster_token_file_path) if cluster_token_file_exists %>"
       authentication_method: service_account # can be service_account|oauth
       oauth_server_type: builtin # can be builtin|rh_sso
       client_id:
       client_secret:
       timeout: 1
       open_timeout: 1
       max_retry: 5
       verify_ssl: <%= OpenSSL::SSL::VERIFY_NONE %> # 0
    Copy to Clipboard Toggle word wrap

You can continue with additional configurations to import services by referring to the Service Discovery guide.

1.2.8. Configuring additional DeploymentConfigs
Copy link

  1. Patch the system-memcache DeploymentConfig: 

    oc patch dc/system-memcache --patch='{"spec":{"template":{"spec":{"containers":[{"name": "memcache", "image":"registry.access.redhat.com/3scale-amp20/memcached"}]}}}}'
    Copy to Clipboard Toggle word wrap

  2. Delete the system-resque DeploymentConfig: 

    oc delete dc/system-resque
    Copy to Clipboard Toggle word wrap

  3. Set environment variables to increase system-sidekiq concurrency to the recommended levels: 

    oc set env dc/system-sidekiq RAILS_MAX_THREADS=25
    Copy to Clipboard Toggle word wrap

  4. Set environment variable to update the visible release version: 

    oc set env dc/system-app AMP_RELEASE=2.4.0
    Copy to Clipboard Toggle word wrap

As 3scale API Management is open source, impersonation data is publicly disclosed. For this reason, you might want to change some data:

  • The unique username for the impersonation of administrators.
  • The domain of the email of the impersonation for the administrator user.

As an example, assume that username:<your-username> and domain:<example.com>. To change the impersonation of the administrator, you need to follow these steps:

  1. Create a file locally called system-impersonation-secret.yml with the following content: 

    cat > system-impersonation-secret.yml <<EOF

apiVersion: v1
kind: Secret
metadata:
  creationTimestamp: null
  labels:
    3scale.component: system
    app: ${APP_LABEL}
  name: system-impersonation
stringData:
  username: "<your-username>"
  domain: "<example.com>"
type: Opaque
EOF
    Copy to Clipboard Toggle word wrap
  2. Change <your-username> and <example.com> to the chosen user name and domain.

  3. Create a secret: 

    oc create -f system-impersonation-secret.yml
    Copy to Clipboard Toggle word wrap

  4. Set the environment variables from this secret with: 

    oc set env --from=secret/system-impersonation --prefix=IMPERSONATION_ADMIN dc/system-app
    Copy to Clipboard Toggle word wrap

  5. Redeploy system-app: 

    oc rollout latest system-app
    Copy to Clipboard Toggle word wrap

  6. Connect to the system-master container of system-app deployment: 

    oc rsh -c system-master dc/system-app
    Copy to Clipboard Toggle word wrap

  7. In this container execute, changing <your-username> and <example.com> accordingly: 

    bundle exec rake "impersonation_admin_user:update[<your-username>,<example.com>]"
    Copy to Clipboard Toggle word wrap

    You should be able to impersonate a tenant from the user interface now.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat