SupportConsoleDevelopersStart a trialContact

Chapter 1. Upgrading 3scale API Management 2.3 to 2.4

As a 3scale API Management administrator, upgrade your installation from version 2.3 to 2.4. Optionally, you can change the impersonation of administrator data.

Warning

This process can cause disruption in the service. Make sure to have a maintenance window.

1.1. Prerequisites

  • 3scale API Management 2.3 deployed in a project.

  • Tool prerequisites:

    • jq

1.2. Upgrading 3scale API Management

To upgrade 3scale API Management from 2.3 to 2.4 follow the steps in the order listed below:

  1. Section 1.2.1, “Creating ConfigMaps”
  2. Section 1.2.2, “Creating the system master route”
  3. Section 1.2.3, “Migrating the system database secret”
  4. Section 1.2.4.2, “Creating the -redis secrets”
  5. Section 1.2.5, “Patching DeploymentConfigs”
  6. Section 1.2.6, “Patching image streams”
  7. Section 1.2.7, “Adding the entry for Service Discovery”
  8. Section 1.2.8, “Configuring additional DeploymentConfigs”

1.2.1. Creating ConfigMaps

Create files that contain the details of the ConfigMaps to be sourced for the new OpenShift elements.

  1. Configure the required variables: 

    export $(oc set env dc/system-app --list|grep THREESCALE_SUPERDOMAIN|sort -u)
export $(oc set env dc/system-app --list|grep APICAST_REGISTRY_URL|sort -u)
APP_LABEL=$(oc get dc backend-listener -o json | jq .spec.template.metadata.labels.app -r)
AMP_RELEASE=2.4.0

  2. Confirm that the variables are properly configured: 

    echo $THREESCALE_SUPERDOMAIN
echo $APICAST_REGISTRY_URL
echo $APP_LABEL
echo $AMP_RELEASE

  3. Create the system-environment ConfigMap:

    1. Compose a file called system-environment.yml. 

      cat<<EOF> system-environment.yml

apiVersion: v1
data:
  AMP_RELEASE: ${AMP_RELEASE}
  APICAST_REGISTRY_URL: ${APICAST_REGISTRY_URL}
  FORCE_SSL: "true"
  PROVIDER_PLAN: enterprise
  RAILS_ENV: production
  RAILS_LOG_LEVEL: info
  RAILS_LOG_TO_STDOUT: "true"
  SSL_CERT_DIR: /etc/pki/tls/certs
  THINKING_SPHINX_PORT: "9306"
  THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE: VERIFY_NONE
  THREESCALE_SUPERDOMAIN: ${THREESCALE_SUPERDOMAIN}
kind: ConfigMap
metadata:
  creationTimestamp: null
  labels:
    app: ${APP_LABEL}
    3scale.component: system
  name: system-environment
EOF

    2. Create the new system-environment ConfigMap: 

      oc create -f system-environment.yml

  4. Create the backend-environment ConfigMap:

    1. Get the value of the backend-listener DeploymentConfig: 

      export $(oc set env dc/backend-listener --list|grep RACK_ENV|sort -u)

    2. Compose a new file called backend-environment.yml. 

      cat<<EOF>backend-environment.yml
apiVersion: v1
data:
  RACK_ENV: ${RACK_ENV}
kind: ConfigMap
metadata:
  creationTimestamp: null
  labels:
    app: ${APP_LABEL}
    3scale.component: backend
  name: backend-environment
EOF

    3. Create the new backend-environment ConfigMap: 

      oc create -f backend-environment.yml

  5. Create the apicast-environment ConfigMap:

    1. Compose a new file called apicast-environment.yml. 

      cat<<EOT>apicast-environment.yml
apiVersion: v1
data:
  APICAST_MANAGEMENT_API: status
  APICAST_RESPONSE_CODES: "true"
  OPENSSL_VERIFY: "false"
kind: ConfigMap
metadata:
  name: apicast-environment
EOT

    2. Create the new apicast-environment ConfigMap: 

      oc create -f apicast-environment.yml

1.2.2. Creating the system master route

To create the system master route:

  1. Configure MASTER_NAME with the value of the MASTER_DOMAIN environment variable: 

    export $(oc set env dc/system-app --list|grep MASTER_DOMAIN|sort -u)
MASTER_NAME=$MASTER_DOMAIN

  2. Confirm that MASTER_NAME is properly set: 

    echo $MASTER_NAME

  3. Create the system-master route and delete the system-master-admin route: 

    oc create route edge system-master --service=system-master --hostname=${MASTER_NAME}.${THREESCALE_SUPERDOMAIN} --port=http
oc delete route system-master-admin

1.2.3. Migrating the system database secret

To migrate the system database secret into the new system-database OpenShift secret:

  1. Get the existing MySQL environment variables: 

    export $(oc set env dc/system-mysql --list|grep MYSQL_ROOT_PASSWORD)
export $(oc set env dc/system-mysql --list | grep MYSQL_DATABASE)

  2. Get the APP_LABEL environment variable: 

    APP_LABEL=$(oc get dc backend-listener -o json | jq .spec.template.metadata.labels.app -r)

  3. Confirm that you have correctly set the following environment variables: 

    echo ${MYSQL_ROOT_PASSWORD}
echo ${MYSQL_DATABASE}
echo ${APP_LABEL}

  4. Create the file containing the system-database secret: 

    cat > system-database.yml <<EOF

apiVersion: v1
kind: Secret
metadata:
  creationTimestamp: null
  labels:
    3scale.component: system
    app: ${APP_LABEL}
  name: system-database
stringData:
  URL: mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}
type: Opaque
EOF

  5. Create the secret: 

    oc create -f system-database.yml

1.2.4. Creating new secrets

To continue with the upgrade process, you must create:

1.2.4.1. Creating the system-master-apicast secret

  1. Get the value of APICAST_ACCESS_TOKEN: 

    export APICAST_ACCESS_TOKEN=$(oc set env --list dc/apicast-production|sort -u|grep THREESCALE_PORTAL_ENDPOINT|cut -d@ -f1|cut -d/ -f3)

  2. Compose a new file called system-master-apicast.yml: 

    cat<<EOF> system-master-apicast.yml
apiVersion: v1
kind: Secret
metadata:
  creationTimestamp: null
  labels:
    app: ${APP_LABEL}
    3scale.component: system
  name: system-master-apicast
stringData:
  ACCESS_TOKEN: ${APICAST_ACCESS_TOKEN}
  BASE_URL: http://${APICAST_ACCESS_TOKEN}@system-master:3000
  PROXY_CONFIGS_ENDPOINT: http://${APICAST_ACCESS_TOKEN}@system-master:3000/master/api/proxy/configs
type: Opaque
EOF

  3. Create the new system-master-apicast secret: 

    oc create -f system-master-apicast.yml

Back to Section 1.2.4, “Creating new secrets”.

1.2.4.2. Creating the -redis secrets

  1. Create the system-redis secret:

    1. Compose a file called system-redis.yml with the following content: 

      cat > system-redis.yml <<EOF

apiVersion: v1
kind: Secret
metadata:
  creationTimestamp: null
  labels:
      3scale.component: system
      app: ${APP_LABEL}
  name: system-redis
stringData:
  URL: redis://system-redis:6379/1
  type: Opaque
EOF

    2. Create the system-redis secret with the information contained in the file: 

      oc create -f system-redis.yml

  2. Create the backend-redis secret:

    1. Compose a file called backend-redis.yml with this content: 

      cat > backend-redis.yml <<EOF

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  creationTimestamp: null
  labels:
      3scale.component: backend
      app: ${APP_LABEL}
  name: backend-redis
stringData:
  REDIS_QUEUES_SENTINEL_HOSTS: ""
  REDIS_QUEUES_SENTINEL_ROLE: ""
  REDIS_QUEUES_URL: redis://backend-redis:6379/1
  REDIS_STORAGE_SENTINEL_HOSTS: ""
  REDIS_STORAGE_SENTINEL_ROLE: ""
  REDIS_STORAGE_URL: redis://backend-redis:6379/0
EOF

    2. Create the backend-redis secret with the information contained in the file: 

      oc create -f backend-redis.yml

  3. Create the apicast-redis secret:

    1. Compose a file called apicast-redis.yml with this content: 

      cat<<EOT>apicast-redis.yml
apiVersion: v1
stringData:
  PRODUCTION_URL: redis://system-redis:6379/1
  STAGING_URL: redis://system-redis:6379/2
kind: Secret
metadata:
  labels:
    3scale.component: apicast
    app: ${APP_LABEL}
  name: apicast-redis
EOT

    2. Create the apicast-redis secret with the information contained in the file: 

      oc create -f apicast-redis.yml

Back to Section 1.2.4, “Creating new secrets”.

1.2.4.3. Creating the backend- secrets

  1. Create the backend-listener secret:

    1. Compose a file called backend-listener.yml with this content: 

      cat<<EOT>backend-listener.yml
apiVersion: v1
stringData:
  route_endpoint: https://backend-3scale.${THREESCALE_SUPERDOMAIN}
  service_endpoint: http://backend-listener:3000
kind: Secret
metadata:
  name: backend-listener
EOT

    2. Create the backend-listener secret with the information contained in the file: 

      oc create -f backend-listener.yml

  2. Create the backend-internal-api secret:

    1. Obtain the values from the 2.3 environment: 

      export $(oc set env dc backend-listener --list|grep CONFIG_INTERNAL_API_USER)
export $(oc set env dc backend-listener --list|grep CONFIG_INTERNAL_API_PASSWORD)

    2. Check the value of the variables: 

      echo $CONFIG_INTERNAL_API_USER $CONFIG_INTERNAL_API_PASSWORD

    3. Create the secret: 

      oc create secret generic backend-internal-api --from-literal=password=${CONFIG_INTERNAL_API_PASSWORD} --from-literal=username=${CONFIG_INTERNAL_API_USER}

Back to Section 1.2.4, “Creating new secrets”.

1.2.4.4. Creating the system- secrets

  1. Create the system-memcache secret:

    1. Compose a file called system-memcache.yml with this content: 

      cat<<EOT>system-memcache.yml
apiVersion: v1
stringData:
  SERVERS: system-memcache:11211
kind: Secret
metadata:
  name: system-memcache
EOT

    2. Create the system-memcache secret with the information contained in the file: 

      oc create -f system-memcache.yml

  2. Create the system-recaptcha secret:

    1. Compose a file called system-recaptcha.yml with this content: 

      cat<<EOT>system-recaptcha.yml
apiVersion: v1
stringData:
  PRIVATE_KEY: ""
  PUBLIC_KEY: ""
kind: Secret
metadata:
  name: system-recaptcha
EOT

    2. Create the system-recaptcha secret with the information contained in the file: 

      oc create -f system-recaptcha.yml

  3. Create the system-events-hook secret:

    1. Get the values from the 2.3 environment: 

      export $(oc set env dc backend-worker --list|grep CONFIG_EVENTS_HOOK_SHARED_SECRET)

    2. Confirm the value of the variables: 

      echo ${CONFIG_EVENTS_HOOK_SHARED_SECRET}

    3. Create the secret: 

      oc create secret generic system-events-hook --from-literal=PASSWORD=${CONFIG_EVENTS_HOOK_SHARED_SECRET} --from-literal=URL=http://system-master:3000/master/events/import

  4. Create the system-seed secret:

    1. Get the values from the 2.3 environment: 

      export $(oc set env dc system-app --list|grep ADMIN_ACCESS_TOKEN|uniq)
export $(oc set env dc system-app --list|grep MASTER_ACCESS_TOKEN|uniq)
export $(oc set env dc system-app --list|grep USER_PASSWORD|uniq)
export $(oc set env dc system-app --list|grep USER_LOGIN|uniq)
export $(oc set env dc system-app --list|grep MASTER_DOMAIN|uniq)
export $(oc set env dc system-app --list|grep MASTER_PASSWORD|uniq)
export $(oc set env dc system-app --list|grep MASTER_USER|uniq)
export $(oc set env dc system-app --list|grep TENANT_NAME|uniq)

    2. Confirm the value of the variables: 

      echo ${ADMIN_ACCESS_TOKEN} ${MASTER_ACCESS_TOKEN} ${USER_PASSWORD} ${USER_LOGIN} ${MASTER_DOMAIN} ${MASTER_PASSWORD} ${MASTER_USER} ${TENANT_NAME}

    3. Create the secret: 

      oc create secret generic system-seed --from-literal=ADMIN_ACCESS_TOKEN=${ADMIN_ACCESS_TOKEN} --from-literal=MASTER_ACCESS_TOKEN=${MASTER_ACCESS_TOKEN} --from-literal=ADMIN_PASSWORD=${USER_PASSWORD} --from-literal=ADMIN_USER=${USER_LOGIN} --from-literal=MASTER_DOMAIN=${MASTER_DOMAIN} --from-literal=MASTER_PASSWORD=${MASTER_PASSWORD} --from-literal=MASTER_USER=${MASTER_USER} --from-literal=TENANT_NAME=${TENANT_NAME}

  5. Create the system-app secret:

    1. Obtain the values from the 2.3 environment: 

      export $(oc set env dc system-app --list|grep SECRET_KEY_BASE|uniq)

    2. Confirm the value of the variables: 

      echo ${SECRET_KEY_BASE}

    3. Create the secret: 

      oc create secret generic system-app --from-literal=SECRET_KEY_BASE=${SECRET_KEY_BASE}

Back to Section 1.2.4, “Creating new secrets”.

1.2.5. Patching DeploymentConfigs

  1. Patch the backend-cron DeploymentConfig: 

    oc patch dc/backend-cron -p '{"spec":{"template":{"spec":{"containers":[{"name":"backend-cron","env":[{"name":"CONFIG_REDIS_PROXY","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"RACK_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RACK_ENV","name":"backend-environment"}}}]}],"initContainers":[{"name":"backend-redis-svc","command":["/opt/app/entrypoint.sh","sh","-c","until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;\ndone"],"env":[{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}}]}]}}}}'

  2. Patch the backend-listener DeploymentConfig: 

    oc patch dc/backend-listener -p '{"spec":{"template":{"spec":{"containers":[{"name":"backend-listener","env":[{"name":"CONFIG_REDIS_PROXY","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"RACK_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RACK_ENV","name":"backend-environment"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]}]}}}}'

  3. Patch the backend-worker DeploymentConfig: 

    oc patch dc/backend-worker -p '{"spec":{"template":{"spec":{"containers":[{"name":"backend-worker","env":[{"name":"CONFIG_REDIS_PROXY","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"RACK_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RACK_ENV","name":"backend-environment"}}},{"name":"CONFIG_EVENTS_HOOK","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-events-hook"}}},{"name":"CONFIG_EVENTS_HOOK_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}}]}],"initContainers":[{"name":"backend-redis-svc","command":["/opt/app/entrypoint.sh","sh","-c","until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;\ndone"],"env":[{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}}]}]}}}}'

  4. Patch the system-app DeploymentConfig containers: 

    oc patch dc/system-app -p '{"spec":{"strategy":{"activeDeadlineSeconds":21600,"resources":{},"rollingParams":{"pre":{"execNewPod":{"env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"THINKING_SPHINX_ADDRESS","value":"system-sphinx"},{"name":"THINKING_SPHINX_CONFIGURATION_FILE","value":"/tmp/sphinx.conf"},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"SMTP_ADDRESS","valueFrom":{"configMapKeyRef":{"key":"address","name":"smtp"}}},{"name":"SMTP_USER_NAME","valueFrom":{"configMapKeyRef":{"key":"username","name":"smtp"}}},{"name":"SMTP_PASSWORD","valueFrom":{"configMapKeyRef":{"key":"password","name":"smtp"}}},{"name":"SMTP_DOMAIN","valueFrom":{"configMapKeyRef":{"key":"domain","name":"smtp"}}},{"name":"SMTP_PORT","valueFrom":{"configMapKeyRef":{"key":"port","name":"smtp"}}},{"name":"SMTP_AUTHENTICATION","valueFrom":{"configMapKeyRef":{"key":"authentication","name":"smtp"}}},{"name":"SMTP_OPENSSL_VERIFY_MODE","valueFrom":{"configMapKeyRef":{"key":"openssl.verify.mode","name":"smtp"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]}}}},"template":{"spec":{"containers":[{"name":"system-master","env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]},{"name":"system-provider","env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]},{"name":"system-developer","env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]}],"volumes":[{"configMap":{"defaultMode":420,"items":[{"key":"zync.yml","path":"zync.yml"},{"key":"rolling_updates.yml","path":"rolling_updates.yml"},{"key":"service_discovery.yml","path":"service_discovery.yml"}],"name":"system"},"name":"system-config"}]}}}}'

  5. Update the system-sidekiq DeploymentConfig to gather the database information of system from the new secret: 

    oc patch dc/system-sidekiq -p '{"spec":{"template":{"spec":{"containers":[{"name":"system-sidekiq","env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]}],"initContainers":[{"name":"check-svc","command":["bash","-c","bundle exec sh -c \"until rake boot:redis && curl --output /dev/null --silent --fail --head http://system-master:3000/status; do sleep $SLEEP_SECONDS; done\""],"env":[{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}}]}],"volumes":[{"configMap":{"defaultMode":420,"items":[{"key":"zync.yml","path":"zync.yml"},{"key":"rolling_updates.yml","path":"rolling_updates.yml"},{"key":"service_discovery.yml","path":"service_discovery.yml"}]},"name":"system-config"}]}}}}'

  6. Update the system-sphinx DeploymentConfig to gather the database information of system from the new secret: 

    oc patch dc/system-sphinx -p '{"spec":{"template":{"spec":{"containers":[{"name":"system-sphinx","env":[{"name":"DATABASE_URL","value":"","valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}}]}]}}}}'

  7. Patch the apicast-staging DeploymentConfig containers: 

    oc patch dc/apicast-staging -p '{"spec":{"template": {"spec": { "containers": [ {"name": "apicast-staging", "env": [ { "name": "THREESCALE_PORTAL_ENDPOINT", "value":null,"valueFrom": { "secretKeyRef": { "key": "PROXY_CONFIGS_ENDPOINT", "name": "system-master-apicast" } } }, { "name": "BACKEND_ENDPOINT_OVERRIDE", "value":null,"valueFrom": { "secretKeyRef": { "key": "service_endpoint", "name": "backend-listener" } } }, { "name": "APICAST_MANAGEMENT_API", "value":null,"valueFrom": { "configMapKeyRef": { "key": "APICAST_MANAGEMENT_API", "name": "apicast-environment" } } }, { "name": "OPENSSL_VERIFY", "value":null,"valueFrom": { "configMapKeyRef": { "key": "OPENSSL_VERIFY", "name": "apicast-environment" } } }, { "name": "APICAST_RESPONSE_CODES", "value":null,"valueFrom": { "configMapKeyRef": { "key": "APICAST_RESPONSE_CODES", "name": "apicast-environment" } } }, { "name": "APICAST_CONFIGURATION_LOADER", "value": "lazy" }, { "name": "APICAST_CONFIGURATION_CACHE", "value": "0" }, { "name": "THREESCALE_DEPLOYMENT_ENV", "value": "staging" }, { "name": "REDIS_URL", "value":null,"valueFrom": { "secretKeyRef": { "key": "STAGING_URL", "name": "apicast-redis" } } } ]}]}}}}'

  8. Patch the apicast-production DeploymentConfig containers: 

    oc patch dc/apicast-production -p '{"spec":{"template":{"spec": { "containers": [ {"name":"apicast-production", "env": [ { "name": "THREESCALE_PORTAL_ENDPOINT", "value":null,"valueFrom": { "secretKeyRef": { "key": "PROXY_CONFIGS_ENDPOINT", "name": "system-master-apicast" } } }, { "name": "BACKEND_ENDPOINT_OVERRIDE", "value":null,"valueFrom": { "secretKeyRef": { "key": "service_endpoint", "name": "backend-listener" } } }, { "name": "APICAST_MANAGEMENT_API", "value":null,"valueFrom": { "configMapKeyRef": { "key": "APICAST_MANAGEMENT_API", "name": "apicast-environment" } } }, { "name": "OPENSSL_VERIFY", "value":null,"valueFrom": { "configMapKeyRef": { "key": "OPENSSL_VERIFY", "name": "apicast-environment" } } }, { "name": "APICAST_RESPONSE_CODES", "value":null,"valueFrom": { "configMapKeyRef": { "key": "APICAST_RESPONSE_CODES", "name": "apicast-environment" } } }, { "name": "APICAST_CONFIGURATION_LOADER", "value": "boot" }, { "name": "APICAST_CONFIGURATION_CACHE", "value": "300" }, { "name": "THREESCALE_DEPLOYMENT_ENV", "value": "production" }, { "name": "REDIS_URL", "value":null,"valueFrom": { "secretKeyRef": { "key": "PRODUCTION_URL", "name": "apicast-redis" } } } ]}]}}}}'

  9. Patch the apicast-wildcard-router DeploymentConfig containers: 

    oc patch dc/apicast-wildcard-router -p '{"spec":{"template":{"spec":{"containers":[{"name":"apicast-wildcard-router","env":[{"name":"API_HOST","value":null,"valueFrom":{"secretKeyRef":{"key":"BASE_URL","name":"system-master-apicast"}}}]}]}}}}'

1.2.6. Patching image streams

  1. Patch the amp-system image stream:

    • If 3scale API Management is deployed with Oracle Database,

      1. Update the system image 2.4.0 image stream: 

        oc patch imagestream/amp-system --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP system 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/system"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'

      2. Update the build configuration for 3scale-amp-oracle to fetch from the 2.4 tag: 

        oc patch bc 3scale-amp-system-oracle --type json -p '[{"op": "replace", "path": "/spec/strategy/dockerStrategy/from/name", "value": "amp-system:2.4.0"}]'

      3. Run the build: 

        oc start-build 3scale-amp-system-oracle --from-dir=.

    • If 3scale API Management is deployed with a different database, use the following commands: 

      oc patch imagestream/amp-system --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP system 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/system"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
oc patch imagestream/amp-system --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP system (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.4.0"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'

  2. Patch the amp-apicast image stream: 

    oc patch imagestream/amp-apicast --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP APIcast 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/apicast-gateway"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
oc patch imagestream/amp-apicast --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP APIcast (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.4.0"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'

  3. Patch the amp-backend image stream: 

    oc patch imagestream/amp-backend --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Backend 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/backend"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
oc patch imagestream/amp-backend --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Backend (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.4.0"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'

  4. Patch the amp-zync image stream: 

    oc patch imagestream/amp-zync --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Zync 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/zync"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
oc patch imagestream/amp-zync --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Zync (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.4.0"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'

1.2.7. Adding the entry for Service Discovery

As part of the upgrade process, add the ConfigMap entry for Service Discovery. Service Discovery is a feature that allows you to add APIs for management by recognizing the discoverable running services in an OpenShift cluster

  1. Edit the system ConfigMap to add the entry: 

    oc edit configmap system

  2. Add the entry: 

    service_discovery.yml: |
     production:
       enabled: <%= cluster_token_file_exists = File.exists?(cluster_token_file_path = '/var/run/secrets/kubernetes.io/serviceaccount/token') %>
       server_scheme: 'https'
       server_host: 'kubernetes.default.svc.cluster.local'
       server_port: 443
       bearer_token: "<%= File.read(cluster_token_file_path) if cluster_token_file_exists %>"
       authentication_method: service_account # can be service_account|oauth
       oauth_server_type: builtin # can be builtin|rh_sso
       client_id:
       client_secret:
       timeout: 1
       open_timeout: 1
       max_retry: 5
       verify_ssl: <%= OpenSSL::SSL::VERIFY_NONE %> # 0

You can continue with additional configurations to import services by referring to the Service Discovery guide.

1.2.8. Configuring additional DeploymentConfigs

  1. Patch the system-memcache DeploymentConfig: 

    oc patch dc/system-memcache --patch='{"spec":{"template":{"spec":{"containers":[{"name": "memcache", "image":"registry.access.redhat.com/3scale-amp20/memcached"}]}}}}'

  2. Delete the system-resque DeploymentConfig: 

    oc delete dc/system-resque

  3. Set environment variables to increase system-sidekiq concurrency to the recommended levels: 

    oc set env dc/system-sidekiq RAILS_MAX_THREADS=25

  4. Set environment variable to update the visible release version: 

    oc set env dc/system-app AMP_RELEASE=2.4.0

1.3. Changing Administrator Impersonation (Optional)

As 3scale API Management is open source, impersonation data is publicly disclosed. For this reason, you might want to change some data:

  • The unique username for the impersonation of administrators.
  • The domain of the email of the impersonation for the administrator user.

As an example, assume that username:<your-username> and domain:<example.com>. To change the impersonation of the administrator, you need to follow these steps:

  1. Create a file locally called system-impersonation-secret.yml with the following content: 

    cat > system-impersonation-secret.yml <<EOF

apiVersion: v1
kind: Secret
metadata:
  creationTimestamp: null
  labels:
    3scale.component: system
    app: ${APP_LABEL}
  name: system-impersonation
stringData:
  username: "<your-username>"
  domain: "<example.com>"
type: Opaque
EOF
  2. Change <your-username> and <example.com> to the chosen user name and domain.

  3. Create a secret: 

    oc create -f system-impersonation-secret.yml

  4. Set the environment variables from this secret with: 

    oc set env --from=secret/system-impersonation --prefix=IMPERSONATION_ADMIN dc/system-app

  5. Redeploy system-app: 

    oc rollout latest system-app

  6. Connect to the system-master container of system-app deployment: 

    oc rsh -c system-master dc/system-app

  7. In this container execute, changing <your-username> and <example.com> accordingly: 

    bundle exec rake "impersonation_admin_user:update[<your-username>,<example.com>]"

    You should be able to impersonate a tenant from the user interface now.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.