Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

此内容没有您所选择的语言版本。

Chapter 1. Upgrade 3scale 2.1 to 2.2

Perform the steps in this document to upgrade Red Hat 3scale API Management on-premises deployment from version 2.1 to 2.2.

1.1. Prerequisites:
复制链接

  • 3scale On-Premises 2.1
  • OpenShift CLI
  • 3scale AMP 2.2 templates
  • Access and permissions to your OpenShift server and project
  • A persistent volume with enough space to hold a backup of the MySQL database
Warning

This process can cause disruption in the service. Make sure to have a maintenance window.

1.2. Select the Project
复制链接

  1. Take a backup of your OpenShift cluster.

  2. From a terminal session, log in to your OpenShift cluster: 

    oc login https://<YOUR_OPENSHIFT_CLUSTER>:8443
    Copy to Clipboard Toggle word wrap

  3. Select the project that you want to upgrade: 

    oc project <YOUR_AMP_21_PROJECT>
    Copy to Clipboard Toggle word wrap

1.3. Gather the Needed Values
复制链接

You need the following parameters for the new 3scale API Management 2.2 Multitenancy feature. You may choose to either specify new values for these parameters or keep the default ones.

Expand
ParameterDescription

MASTER_USER

Username for the Master Admin Portal. Default: "master"

MASTER_PASSWORD

Password for the Master Admin Portal. Automatically generated if not specified

MASTER_ACCESS_TOKEN

Access Token for master automatically generated during the upgrade. However, MASTER_ACCESS_TOKEN is not added to the system seed by default.

APICAST_REGISTRY_URL

The URL to point to APIcast policies registry management. Default: http://apicast-staging:8090/policies

  1. Gather the following values from the system components of your current 2.1 deployment:

    • DATABASE_URL
    • THREESCALE_SUPERDOMAIN
    • TENANT_NAME
    • APICAST_ACCESS_TOKEN
    • ADMIN_ACCESS_TOKEN
    • USER_LOGIN
    • USER_PASSWORD
    • EVENTS_SHARED_SECRET
    • APICAST_BACKEND_ROOT_ENDPOINT
    • CONFIG_INTERNAL_API_USER
    • CONFIG_INTERNAL_API_PASSWORD
    • SECRET_KEY_BASE
    • BACKEND_ROUTE

  2. Export them from the current deployment into the active shell: 

    export `oc env dc/system-app --list | grep -E '^(DATABASE_URL|THREESCALE_SUPERDOMAIN|TENANT_NAME|APICAST_ACCESS_TOKEN|ADMIN_ACCESS_TOKEN|USER_LOGIN|USER_PASSWORD|EVENTS_SHARED_SECRET|APICAST_BACKEND_ROOT_ENDPOINT|CONFIG_INTERNAL_API_USER|CONFIG_INTERNAL_API_PASSWORD|SECRET_KEY_BASE|BACKEND_ROUTE)=' | tr "\n" ' ' `
    Copy to Clipboard Toggle word wrap

  3. Optionally, to query individual values from the OpenShift CLI, run the following oc get command, where <variable_name> is the name of the variable you want to query: 

    oc get "-o=custom-columns=NAMES:.spec.template.spec.containers[0].env[?(.name==\"<variable_name>\")].value" dc/system-app
    Copy to Clipboard Toggle word wrap

  4. Gather the following values from the system-mysql component of your current 2.1 deployment:

    • MYSQL_USER
    • MYSQL_PASSWORD
    • MYSQL_DATABASE
    • MYSQL_ROOT_PASSWORD

  5. Export these values from the current deployment into the active shell: 

    export `oc env dc/system-mysql --list | grep -E '^(MYSQL_USER|MYSQL_PASSWORD|MYSQL_DATABASE|MYSQL_ROOT_PASSWORD)=' | tr "\n" ' ' `
    Copy to Clipboard Toggle word wrap

  6. Optionally, to query individual values from the OpenShift CLI, run the following oc get command, where <variable_name> is the name of the variable you want to query: 

    oc get "-o=custom-columns=NAMES:.spec.template.spec.containers[0].env[?(.name==\"<variable_name>\")].value" dc/system-mysql
    Copy to Clipboard Toggle word wrap

  7. Gather the following values from the APIcast component of your current 2.1 deployment:

    • APICAST_MANAGEMENT_API
    • OPENSSL_VERIFY
    • APICAST_RESPONSE_CODES

  8. Export these values from the current deployment into the active shell: 

    export `oc env dc/apicast-production --list | grep -E '^(APICAST_MANAGEMENT_API|OPENSSL_VERIFY|APICAST_RESPONSE_CODES)=' | tr "\n" ' ' `
    Copy to Clipboard Toggle word wrap

  9. Optionally, to query individual values from the OpenShift CLI, run the following oc get command, where <variable_name> is the name of the variable you want to query: 

    oc get "-o=custom-columns=NAMES:.spec.template.spec.containers[0].env[?(.name==\"<variable_name>\")].value" dc/apicast-production
    Copy to Clipboard Toggle word wrap

1.4. Configure New Variable Values
复制链接

  1. Set the value for the new version of the AMP release: 

    export AMP_RELEASE=2.2.0
    Copy to Clipboard Toggle word wrap

  2. Set the values for the new optional parameters introduced in AMP 2.2. These parameters are described in the beginning of the gather needed values section. Use the export command, replacing the values in the parenthesis: 

    export MASTER_ACCESS_TOKEN=<MASTER_ACCESS_TOKEN>
export APICAST_REGISTRY_URL=<APICAST_REGISTRY_URL>
    Copy to Clipboard Toggle word wrap

    Regarding MASTER_USER and MASTER_PASSWORD, consider the following:

    • If you want to use the default values, no action is required.

    • If you have specified values for these environment variables, export them with the following commands: 

      export MASTER_USER=<MASTER_USER>
export MASTER_PASSWORD=<MASTER_PASSWORD>
      Copy to Clipboard Toggle word wrap

  3. Confirm that the necessary values gathered in the gather needed values section are exported to the active shell and that the new values are set in this section: 

    echo AMP_RELEASE=$AMP_RELEASE

echo DATABASE_URL=$DATABASE_URL
echo THREESCALE_SUPERDOMAIN=$THREESCALE_SUPERDOMAIN
echo TENANT_NAME=$TENANT_NAME
echo APICAST_ACCESS_TOKEN=$APICAST_ACCESS_TOKEN
echo ADMIN_ACCESS_TOKEN=$ADMIN_ACCESS_TOKEN
echo USER_LOGIN=$USER_LOGIN
echo USER_PASSWORD=$USER_PASSWORD
echo EVENTS_SHARED_SECRET=$EVENTS_SHARED_SECRET
echo APICAST_BACKEND_ROOT_ENDPOINT=$APICAST_BACKEND_ROOT_ENDPOINT
echo CONFIG_INTERNAL_API_USER=$CONFIG_INTERNAL_API_USER
echo CONFIG_INTERNAL_API_PASSWORD=$CONFIG_INTERNAL_API_PASSWORD
echo SECRET_KEY_BASE=$SECRET_KEY_BASE
echo BACKEND_ROUTE=$BACKEND_ROUTE

echo MYSQL_USER=$MYSQL_USER
echo MYSQL_PASSWORD=$MYSQL_PASSWORD
echo MYSQL_DATABASE=$MYSQL_DATABASE
echo MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD

echo APICAST_MANAGEMENT_API=$APICAST_MANAGEMENT_API
echo OPENSSL_VERIFY=$OPENSSL_VERIFY
echo APICAST_RESPONSE_CODES=$APICAST_RESPONSE_CODES

echo MASTER_USER=$MASTER_USER
echo MASTER_PASSWORD=$MASTER_PASSWORD
echo MASTER_ACCESS_TOKEN=$MASTER_ACCESS_TOKEN
echo APICAST_REGISTRY_URL=$APICAST_REGISTRY_URL
    Copy to Clipboard Toggle word wrap

1.5. Upgrade the database pod
复制链接

To upgrade the database, create a backup of the pod and deploy a new pod.

1.5.1. Create the backup
复制链接

  1. Create a persistent volume with enough storage to hold the MySQL database.

  2. To create a persistent volume claim with enough storage to hold the MySQL database, run the following command, replacing the <size> value with an appropriate size for your database: 

    echo "apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mysql-backup
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: <size>" | oc create -f -
    Copy to Clipboard Toggle word wrap

    This command crates a persistent volume claim named mysql-backup.

  3. To create a pod to house the backup database, run the following command: 

    echo "apiVersion: v1
kind: Pod
metadata:
  name: mysql-backup
  labels:
    name: mysql-backup
spec:
  containers:
  - name: mysql-backup
    image: registry.access.redhat.com/rhscl/mysql-57-rhel7:5.7-5
    args:
    - sleep
    - infinity
    volumeMounts:
      - mountPath: /backup
        name: mysql-backup
  volumes:
  - name: mysql-backup
    persistentVolumeClaim:
      claimName: mysql-backup" | oc create -f -
    Copy to Clipboard Toggle word wrap

  4. Wait until the pod is created and log in to it using the following oc rsh command and take the backup: 

    oc rsh mysql-backup /opt/rh/rh-mysql57/root/usr/bin/mysqldump -h system-mysql -u ${MYSQL_USER} -p${MYSQL_PASSWORD} system -r /backup/backup.sql
    Copy to Clipboard Toggle word wrap

  5. To verify the contents of your backup, check the backup file size against the original file size by running the following oc rsh command: 

    oc rsh mysql-backup ls -lha /backup/backup.sql
    Copy to Clipboard Toggle word wrap
Note

If in the next steps you experience a failure, you can redeploy your database from your backup by using the following oc rsh command: 

oc rsh mysql-backup /bin/bash -c "/usr/bin/cat /backup/backup.sql | /opt/rh/rh-mysql57/root/usr/bin/mysql -h system-mysql -uroot -p${MYSQL_ROOT_PASSWORD} system"
Copy to Clipboard Toggle word wrap

1.5.2. Perform the upgrade
复制链接

  1. Delete the system service with the following oc delete command. Note that your application will be down from this point because the application loses connection with the database: 

    oc delete service system-mysql
    Copy to Clipboard Toggle word wrap

  2. To patch the MySQL DeploymentConfig, run the following oc patch command: 

    oc patch dc/system-mysql -p "spec:
  template:
    spec:
      containers:
      - name: system-mysql
        image: registry.access.redhat.com/rhscl/mysql-57-rhel7:5.7-5
        args:
          - /opt/rh/rh-mysql57/root/usr/libexec/mysqld
          - '--datadir=/var/lib/mysql/data/'
"
    Copy to Clipboard Toggle word wrap
  3. Ensure that the new pod is deployed successfully before continuing.

  4. To fetch the new pod details, run the following oc get commands:

    1. To fetch the pod name: 

      oc get pods -l deploymentconfig=system-mysql
      Copy to Clipboard Toggle word wrap

    2. To fetch the pod IP address: 

      oc get pods  -o=custom-columns=IP:.status.podIP -l deploymentconfig=system-mysql
      Copy to Clipboard Toggle word wrap

  5. Log in to the pod using the following oc rsh command, substitute the <pod_name> and <pod_ip> with the name and IP address from the preceding steps: 

    oc rsh <pod_name> /opt/rh/rh-mysql57/root/usr/bin/mysql_upgrade -h <pod_ip> -u root -p${MYSQL_ROOT_PASSWORD}
    Copy to Clipboard Toggle word wrap

  6. To patch the mysql Deployment Config with the changes done on the 2.2 version, run the following oc patch command: 

    oc patch dc/system-mysql -p "
metadata:
  labels:
    app: System
spec:
  template:
    spec:
      containers:
      - name: system-mysql
        args:
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            memory: 2Gi
          requests:
            cpu: 250m
            memory: 512Mi
"
    Copy to Clipboard Toggle word wrap

1.5.3. Change the MySQL character set and collation
复制链接

  1. To create the mysql-extra-conf ConfigMap with the mysql-charset.cnf config file, run the following oc create command: 

    echo "kind: ConfigMap
apiVersion: v1
metadata:
  name: mysql-extra-conf
data:
  mysql-charset.cnf: |
    [client]
    default-character-set = utf8

    [mysql]
    default-character-set = utf8

    [mysqld]
    character-set-server = utf8
    collation-server = utf8_unicode_ci" | oc create -f -
    Copy to Clipboard Toggle word wrap

  2. To create the mysql-main-conf ConfigMap, run the following oc create command: 

    echo 'kind: ConfigMap
apiVersion: v1
metadata:
  name: mysql-main-conf
data:
  my.cnf: |
    !include /etc/my.cnf
    !includedir /etc/my-extra.d' | oc create -f -
    Copy to Clipboard Toggle word wrap

  3. To configure system-mysql starting with the created configmaps on last steps, run the following oc patch command: 

    oc patch dc/system-mysql -p "spec:
  template:
    spec:
      containers:
        - name: system-mysql
          env:
            - name: MYSQL_USER
              value: "${MYSQL_USER}"
            - name: MYSQL_PASSWORD
              value: "${MYSQL_PASSWORD}"
            - name: MYSQL_DATABASE
              value: "${MYSQL_DATABASE}"
            - name: MYSQL_ROOT_PASSWORD
              value: "${MYSQL_ROOT_PASSWORD}"
            - name: MYSQL_LOWER_CASE_TABLE_NAMES
              value: '1'
            - name: MYSQL_DEFAULTS_FILE
              value: "/etc/my-extra/my.cnf"
          volumeMounts:
            - name: 'mysql-storage'
              mountPath: /var/lib/mysql/data
            - name: 'mysql-extra-conf'
              mountPath: /etc/my-extra.d
            - name: 'mysql-main-conf'
              mountPath: /etc/my-extra
      volumes:
        - name: 'mysql-storage'
          persistentVolumeClaim:
            claimName: 'mysql-storage'
        - name: 'mysql-extra-conf'
          configMap:
            name: 'mysql-extra-conf'
        - name: 'mysql-main-conf'
          configMap:
            name: 'mysql-main-conf'
"
    Copy to Clipboard Toggle word wrap

  4. Wait until the deployment is complete on system-mysql and run the following oc get command to fetch the new MySQL pod name: 

    oc get pods -l deploymentconfig=system-mysql
    Copy to Clipboard Toggle word wrap

  5. To fetch the new MySQL pod IP address, run the following oc get command: 

    oc get pods  -o=custom-columns=IP:.status.podIP -l deploymentconfig=system-mysql
    Copy to Clipboard Toggle word wrap

  6. To change the character set on the database and all the tables, run the oc rsh command, specifying the previously fetched <pod_name> and <pod_ip>: 

    oc rsh <pod_name> /bin/bash -c "echo ALTER DATABASE system CHARACTER SET utf8 COLLATE utf8_general_ci | mysql -h <pod_ip> -u root -p${MYSQL_ROOT_PASSWORD} --default-character-set=utf8"
oc rsh <pod_name> /bin/bash -c "/opt/rh/rh-mysql57/root/usr/bin/mysql -h <pod_ip> -u root -p${MYSQL_ROOT_PASSWORD} --default-character-set=utf8 -B -N -e 'SHOW TABLES' system | awk '{print \"SET foreign_key_checks = 0; ALTER TABLE\", \$1, \"CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci; SET foreign_key_checks = 1; \"}' | /opt/rh/rh-mysql57/root/usr/bin/mysql -h <pod_ip> -u root -p${MYSQL_ROOT_PASSWORD} --default-character-set=utf8 system"
    Copy to Clipboard Toggle word wrap

  7. To create the system-mysql service, run the following oc create command: 

    echo "kind: Service
apiVersion: v1
metadata:
  name: 'system-mysql'
spec:
  ports:
    - name: system-mysql
      protocol: TCP
      port: 3306
      targetPort: 3306
      nodePort: 0
  selector:
    name: 'system-mysql'" | oc create -f -
    Copy to Clipboard Toggle word wrap

1.5.4. Delete the backups
复制链接

  1. Verify the updated database and ensure that the pods are running.

  2. To delete the backup pod and persistent volume claim, run the following oc delete command: 

    oc delete pod/mysql-backup
oc delete pvc/mysql-backup
    Copy to Clipboard Toggle word wrap

1.6. Create new routes and services for system
复制链接

After you have configured the new variable values, run the following oc create command to create new routes and services: 

echo "
apiVersion: v1
kind: Service
metadata:
  name: system-master
  annotations:
    service.alpha.openshift.io/dependencies: '[{\"name\": \"system-developer\", \"kind\": \"Service\"}]'
spec:
  ports:
  - port: 3000
    protocol: TCP
    targetPort: master
    name: http
  selector:
    name: system-app
" | oc create -f -
Copy to Clipboard Toggle word wrap 
echo "
apiVersion: v1
kind: Route
metadata:
  name: system-master-admin-route
spec:
  host: master-account-admin.${THREESCALE_SUPERDOMAIN}
  to:
    kind: Service
    name: system-master
  port:
    targetPort: http
  tls:
    termination: edge
    insecureEdgeTerminationPolicy: Allow
" | oc create -f -
Copy to Clipboard Toggle word wrap

1.7. Patch System Components
复制链接

Continue your in-place upgrade using the oc patch command. The oc patch command allows you to patch your deployment configurations, image streams and ConfigMaps.

In this section of the upgrade, you must patch the system config map. You must also patch deployment configurations for the following pods:

  • system-app
  • system-resque
  • system-sidekiq
  • system-sphinx

Follow these steps to patch config maps and deployment configurations:

  1. To patch the system ConfigMap, run the following oc patch command: 

    oc patch cm/system -p "
data:
  zync.yml: |
    production:
      endpoint: 'http://zync:8080'
      authentication:
        token: \"<%= ENV.fetch('ZYNC_AUTHENTICATION_TOKEN') %>\"
      connect_timeout: 5
      send_timeout: 5
      receive_timeout: 10
      root_url:
  rolling_updates.yml: |
    production:
      old_charts: false
      new_provider_documentation: false
      proxy_pro: false
      instant_bill_plan_change: false
      service_permissions: true
      async_apicast_deploy: false
      duplicate_application_id: true
      duplicate_user_key: true
      plan_changes_wizard: false
      require_cc_on_signup: false
      apicast_per_service: true
      new_notification_system: true
      cms_api: false
      apicast_v2: true
      forum: false
      published_service_plan_signup: true
      apicast_oidc: true
      policies: true"
    Copy to Clipboard Toggle word wrap

  2. To patch the system-resque deployment configuration, consider the following:

    • If you want to use the default values for MASTER_USER and MASTER_PASSWORD environment variables, do not describe them in the oc patch command below.

    • Alternatively, if you want to specify values for MASTER_USER and MASTER_PASSWORD, include them in the oc patch command below. 

      oc patch dc/system-resque -p "
metadata:
  labels:
    app: System
spec:
  template:
    spec:
      containers:
      - env:
        - name: RAILS_ENV
          value: \"production\"
        - name: DATABASE_URL
          value: \"${DATABASE_URL}\"
        - name: FORCE_SSL
          value: \"true\"
        - name: THREESCALE_SUPERDOMAIN
          value: \"${THREESCALE_SUPERDOMAIN}\"
        - name: MASTER_USER
          value: \"${MASTER_USER}\"
        - name: MASTER_PASSWORD
          value: \"${MASTER_PASSWORD}\"
        - name: TENANT_NAME
          value: \"${TENANT_NAME}\"
        - name: APICAST_ACCESS_TOKEN
          value: \"${APICAST_ACCESS_TOKEN}\"
        - name: ADMIN_ACCESS_TOKEN
          value: \"${ADMIN_ACCESS_TOKEN}\"
        - name: PROVIDER_PLAN
          value: 'enterprise'
        - name: USER_LOGIN
          value: \"${USER_LOGIN}\"
        - name: USER_PASSWORD
          value: \"${USER_PASSWORD}\"
        - name: RAILS_LOG_TO_STDOUT
          value: \"true\"
        - name: RAILS_LOG_LEVEL
          value: \"info\"
        - name: THINKING_SPHINX_ADDRESS
          value: \"system-sphinx\"
        - name: THINKING_SPHINX_PORT
          value: \"9306\"
        - name: THINKING_SPHINX_CONFIGURATION_FILE
          value: \"/tmp/sphinx.conf\"
        - name: EVENTS_SHARED_SECRET
          value: \"${EVENTS_SHARED_SECRET}\"
        - name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
          value: \"VERIFY_NONE\"
        - name: APICAST_BACKEND_ROOT_ENDPOINT
          value: \"${APICAST_BACKEND_ROOT_ENDPOINT}\"
        - name: CONFIG_INTERNAL_API_USER
          value: \"${CONFIG_INTERNAL_API_USER}\"
        - name: CONFIG_INTERNAL_API_PASSWORD
          value: \"${CONFIG_INTERNAL_API_PASSWORD}\"
        - name: SECRET_KEY_BASE
          value: \"${SECRET_KEY_BASE}\"
        - name: AMP_RELEASE
          value: \"${AMP_RELEASE}\"
        - name: ZYNC_AUTHENTICATION_TOKEN
          valueFrom:
            secretKeyRef:
              name: zync
              key: ZYNC_AUTHENTICATION_TOKEN
        - name: SMTP_ADDRESS
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: address
        - name: SMTP_USER_NAME
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: username
        - name: SMTP_PASSWORD
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: password
        - name: SMTP_DOMAIN
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: domain
        - name: SMTP_PORT
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: port
        - name: SMTP_AUTHENTICATION
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: authentication
        - name: SMTP_OPENSSL_VERIFY_MODE
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: openssl.verify.mode
        - name: BACKEND_ROUTE
          value: \"${BACKEND_ROUTE}\"
        - name: SSL_CERT_DIR
          value: \"/etc/pki/tls/certs\"
        - name: APICAST_REGISTRY_URL
          value: \"${APICAST_REGISTRY_URL}\"
        image: registry.access.redhat.com/3scale-amp22/system:1.7
        imagePullPolicy: IfNotPresent
        name: system-resque
        resources:
          limits:
            cpu: 150m
            memory: 450Mi
          requests:
            cpu: 100m
            memory: 300Mi
      - env:
        - name: RAILS_ENV
          value: \"production\"
        - name: DATABASE_URL
          value: \"${DATABASE_URL}\"
        - name: FORCE_SSL
          value: \"true\"
        - name: THREESCALE_SUPERDOMAIN
          value: \"${THREESCALE_SUPERDOMAIN}\"
        - name: MASTER_USER
          value: \"${MASTER_USER}\"
        - name: MASTER_PASSWORD
          value: \"${MASTER_PASSWORD}\"
        - name: TENANT_NAME
          value: \"${TENANT_NAME}\"
        - name: APICAST_ACCESS_TOKEN
          value: \"${APICAST_ACCESS_TOKEN}\"
        - name: ADMIN_ACCESS_TOKEN
          value: \"${ADMIN_ACCESS_TOKEN}\"
        - name: PROVIDER_PLAN
          value: 'enterprise'
        - name: USER_LOGIN
          value: \"${USER_LOGIN}\"
        - name: USER_PASSWORD
          value: \"${USER_PASSWORD}\"
        - name: RAILS_LOG_TO_STDOUT
          value: \"true\"
        - name: RAILS_LOG_LEVEL
          value: \"info\"
        - name: THINKING_SPHINX_ADDRESS
          value: \"system-sphinx\"
        - name: THINKING_SPHINX_PORT
          value: \"9306\"
        - name: THINKING_SPHINX_CONFIGURATION_FILE
          value: \"/tmp/sphinx.conf\"
        - name: EVENTS_SHARED_SECRET
          value: \"${EVENTS_SHARED_SECRET}\"
        - name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
          value: \"VERIFY_NONE\"
        - name: APICAST_BACKEND_ROOT_ENDPOINT
          value: \"${APICAST_BACKEND_ROOT_ENDPOINT}\"
        - name: CONFIG_INTERNAL_API_USER
          value: \"${CONFIG_INTERNAL_API_USER}\"
        - name: CONFIG_INTERNAL_API_PASSWORD
          value: \"${CONFIG_INTERNAL_API_PASSWORD}\"
        - name: SECRET_KEY_BASE
          value: \"${SECRET_KEY_BASE}\"
        - name: AMP_RELEASE
          value: \"${AMP_RELEASE}\"
        - name: ZYNC_AUTHENTICATION_TOKEN
          valueFrom:
            secretKeyRef:
              name: zync
              key: ZYNC_AUTHENTICATION_TOKEN
        - name: SMTP_ADDRESS
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: address
        - name: SMTP_USER_NAME
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: username
        - name: SMTP_PASSWORD
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: password
        - name: SMTP_DOMAIN
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: domain
        - name: SMTP_PORT
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: port
        - name: SMTP_AUTHENTICATION
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: authentication
        - name: SMTP_OPENSSL_VERIFY_MODE
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: openssl.verify.mode
        - name: BACKEND_ROUTE
          value: \"${BACKEND_ROUTE}\"
        - name: SSL_CERT_DIR
          value: \"/etc/pki/tls/certs\"
        - name: APICAST_REGISTRY_URL
          value: \"${APICAST_REGISTRY_URL}\"
        image: registry.access.redhat.com/3scale-amp22/system:1.7
        imagePullPolicy: IfNotPresent
        name: system-scheduler
        resources:
          limits:
            cpu: 150m
            memory: 250Mi
          requests:
            cpu: 50m
            memory: 200Mi
"
      Copy to Clipboard Toggle word wrap

  3. To patch the system-sidekiq deployment configuration, consider the following:

    • If you want to use the default values for MASTER_USER and MASTER_PASSWORD environment variables, do not describe them in the oc patch command below.

    • Alternatively, if you want to specify values for MASTER_USER and MASTER_PASSWORD, include them in the oc patch command below. 

      oc patch dc/system-sidekiq -p "
spec:
  template:
    spec:
      containers:
      - name: system-sidekiq
        volumeMounts:
"
      Copy to Clipboard Toggle word wrap 
      oc patch dc/system-sidekiq -p "
metadata:
  labels:
    app: System
spec:
  template:
    spec:
      containers:
      - env:
        - name: RAILS_ENV
          value: \"production\"
        - name: DATABASE_URL
          value: \"${DATABASE_URL}\"
        - name: FORCE_SSL
          value: \"true\"
        - name: THREESCALE_SUPERDOMAIN
          value: \"${THREESCALE_SUPERDOMAIN}\"
        - name: MASTER_USER
          value: \"${MASTER_USER}\"
        - name: MASTER_PASSWORD
          value: \"${MASTER_PASSWORD}\"
        - name: TENANT_NAME
          value: \"${TENANT_NAME}\"
        - name: APICAST_ACCESS_TOKEN
          value: \"${APICAST_ACCESS_TOKEN}\"
        - name: ADMIN_ACCESS_TOKEN
          value: \"${ADMIN_ACCESS_TOKEN}\"
        - name: PROVIDER_PLAN
          value: 'enterprise'
        - name: USER_LOGIN
          value: \"${USER_LOGIN}\"
        - name: USER_PASSWORD
          value: \"${USER_PASSWORD}\"
        - name: RAILS_LOG_TO_STDOUT
          value: \"true\"
        - name: RAILS_LOG_LEVEL
          value: \"info\"
        - name: THINKING_SPHINX_ADDRESS
          value: \"system-sphinx\"
        - name: THINKING_SPHINX_PORT
          value: \"9306\"
        - name: THINKING_SPHINX_CONFIGURATION_FILE
          value: \"/tmp/sphinx.conf\"
        - name: EVENTS_SHARED_SECRET
          value: \"${EVENTS_SHARED_SECRET}\"
        - name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
          value: \"VERIFY_NONE\"
        - name: APICAST_BACKEND_ROOT_ENDPOINT
          value: \"${APICAST_BACKEND_ROOT_ENDPOINT}\"
        - name: CONFIG_INTERNAL_API_USER
          value: \"${CONFIG_INTERNAL_API_USER}\"
        - name: CONFIG_INTERNAL_API_PASSWORD
          value: \"${CONFIG_INTERNAL_API_PASSWORD}\"
        - name: SECRET_KEY_BASE
          value: \"${SECRET_KEY_BASE}\"
        - name: AMP_RELEASE
          value: \"${AMP_RELEASE}\"
        - name: ZYNC_AUTHENTICATION_TOKEN
          valueFrom:
            secretKeyRef:
              name: zync
              key: ZYNC_AUTHENTICATION_TOKEN
        - name: SMTP_ADDRESS
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: address
        - name: SMTP_USER_NAME
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: username
        - name: SMTP_PASSWORD
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: password
        - name: SMTP_DOMAIN
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: domain
        - name: SMTP_PORT
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: port
        - name: SMTP_AUTHENTICATION
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: authentication
        - name: SMTP_OPENSSL_VERIFY_MODE
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: openssl.verify.mode
        - name: BACKEND_ROUTE
          value: \"${BACKEND_ROUTE}\"
        - name: SSL_CERT_DIR
          value: \"/etc/pki/tls/certs\"
        - name: APICAST_REGISTRY_URL
          value: \"${APICAST_REGISTRY_URL}\"
        image: registry.access.redhat.com/3scale-amp22/system:1.7
        volumeMounts:
        - name: system-storage
          mountPath: /opt/system/public/system
        - name: system-config
          mountPath: /opt/system-extra-configs
        - name: system-tmp
          mountPath: /tmp
        image: registry.access.redhat.com/3scale-amp22/system:1.7
        imagePullPolicy: IfNotPresent
        name: system-sidekiq
        resources:
          limits:
            cpu: 1000m
            memory: 2Gi
          requests:
            cpu: 100m
            memory: 500Mi
      volumes:
        - name: system-tmp
          emptyDir:
            medium: Memory
        - name: system-storage
          persistentVolumeClaim:
            claimName: system-storage
        - name: system-config
          configMap:
            name: system
            items:
            - key: zync.yml
              path: zync.yml
            - key: rolling_updates.yml
              path: rolling_updates.yml
"
      Copy to Clipboard Toggle word wrap

  4. To patch the system-app deployment configuration, consider the following:

    • If you want to use the default values for MASTER_USER and MASTER_PASSWORD environment variables, do not describe them in the oc patch command below.

    • Alternatively, if you want to specify values for MASTER_USER and MASTER_PASSWORD, include them in the oc patch command below. 

      oc patch dc/system-app -p "
spec:
  template:
    spec:
      containers:
      - name: system-provider
        volumeMounts:
      - name: system-developer
        volumeMounts:
"
      Copy to Clipboard Toggle word wrap 
      oc patch dc/system-app -p "
metadata:
  labels:
    app: System
spec:
  strategy:
    rollingParams:
      pre:
        execNewPod:
          containerName: system-master
          env:
          - name: RAILS_ENV
            value: \"production\"
          - name: DATABASE_URL
            value: \"${DATABASE_URL}\"
          - name: FORCE_SSL
            value: \"true\"
          - name: THREESCALE_SUPERDOMAIN
            value: \"${THREESCALE_SUPERDOMAIN}\"
          - name: MASTER_USER
            value: \"${MASTER_USER}\"
          - name: MASTER_PASSWORD
            value: \"${MASTER_PASSWORD}\"
          - name: TENANT_NAME
            value: \"${TENANT_NAME}\"
          - name: APICAST_ACCESS_TOKEN
            value: \"${APICAST_ACCESS_TOKEN}\"
          - name: ADMIN_ACCESS_TOKEN
            value: \"${ADMIN_ACCESS_TOKEN}\"
          - name: PROVIDER_PLAN
            value: 'enterprise'
          - name: USER_LOGIN
            value: \"${USER_LOGIN}\"
          - name: USER_PASSWORD
            value: \"${USER_PASSWORD}\"
          - name: RAILS_LOG_TO_STDOUT
            value: \"true\"
          - name: RAILS_LOG_LEVEL
            value: \"info\"
          - name: THINKING_SPHINX_ADDRESS
            value: \"system-sphinx\"
          - name: THINKING_SPHINX_PORT
            value: \"9306\"
          - name: THINKING_SPHINX_CONFIGURATION_FILE
            value: \"/tmp/sphinx.conf\"
          - name: EVENTS_SHARED_SECRET
            value: \"${EVENTS_SHARED_SECRET}\"
          - name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
            value: \"VERIFY_NONE\"
          - name: APICAST_BACKEND_ROOT_ENDPOINT
            value: \"${APICAST_BACKEND_ROOT_ENDPOINT}\"
          - name: CONFIG_INTERNAL_API_USER
            value: \"${CONFIG_INTERNAL_API_USER}\"
          - name: CONFIG_INTERNAL_API_PASSWORD
            value: \"${CONFIG_INTERNAL_API_PASSWORD}\"
          - name: SECRET_KEY_BASE
            value: \"${SECRET_KEY_BASE}\"
          - name: AMP_RELEASE
            value: \"${AMP_RELEASE}\"
          - name: ZYNC_AUTHENTICATION_TOKEN
            valueFrom:
              secretKeyRef:
                name: zync
                key: ZYNC_AUTHENTICATION_TOKEN
          - name: SMTP_ADDRESS
            valueFrom:
              configMapKeyRef:
                name: smtp
                key: address
          - name: SMTP_USER_NAME
            valueFrom:
              configMapKeyRef:
                name: smtp
                key: username
          - name: SMTP_PASSWORD
            valueFrom:
              configMapKeyRef:
                name: smtp
                key: password
          - name: SMTP_DOMAIN
            valueFrom:
              configMapKeyRef:
                name: smtp
                key: domain
          - name: SMTP_PORT
            valueFrom:
              configMapKeyRef:
                name: smtp
                key: port
          - name: SMTP_AUTHENTICATION
            valueFrom:
              configMapKeyRef:
                name: smtp
                key: authentication
          - name: SMTP_OPENSSL_VERIFY_MODE
            valueFrom:
              configMapKeyRef:
                name: smtp
                key: openssl.verify.mode
          - name: BACKEND_ROUTE
            value: \"${BACKEND_ROUTE}\"
          - name: SSL_CERT_DIR
            value: \"/etc/pki/tls/certs\"
          - name: APICAST_REGISTRY_URL
            value: \"${APICAST_REGISTRY_URL}\"
          command:
          - bash
          - -c
          - bundle exec rake boot openshift:deploy MASTER_ACCESS_TOKEN="${MASTER_ACCESS_TOKEN}"
      post:
        execNewPod:
          containerName: system-master
  template:
    spec:
      containers:
      - args:
        env:
        - name: RAILS_ENV
          value: \"production\"
        - name: DATABASE_URL
          value: \"${DATABASE_URL}\"
        - name: FORCE_SSL
          value: \"true\"
        - name: THREESCALE_SUPERDOMAIN
          value: \"${THREESCALE_SUPERDOMAIN}\"
        - name: MASTER_USER
          value: \"${MASTER_USER}\"
        - name: MASTER_PASSWORD
          value: \"${MASTER_PASSWORD}\"
        - name: TENANT_NAME
          value: \"${TENANT_NAME}\"
        - name: APICAST_ACCESS_TOKEN
          value: \"${APICAST_ACCESS_TOKEN}\"
        - name: ADMIN_ACCESS_TOKEN
          value: \"${ADMIN_ACCESS_TOKEN}\"
        - name: PROVIDER_PLAN
          value: 'enterprise'
        - name: USER_LOGIN
          value: \"${USER_LOGIN}\"
        - name: USER_PASSWORD
          value: \"${USER_PASSWORD}\"
        - name: RAILS_LOG_TO_STDOUT
          value: \"true\"
        - name: RAILS_LOG_LEVEL
          value: \"info\"
        - name: THINKING_SPHINX_ADDRESS
          value: \"system-sphinx\"
        - name: THINKING_SPHINX_PORT
          value: \"9306\"
        - name: THINKING_SPHINX_CONFIGURATION_FILE
          value: \"/tmp/sphinx.conf\"
        - name: EVENTS_SHARED_SECRET
          value: \"${EVENTS_SHARED_SECRET}\"
        - name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE
          value: \"VERIFY_NONE\"
        - name: APICAST_BACKEND_ROOT_ENDPOINT
          value: \"${APICAST_BACKEND_ROOT_ENDPOINT}\"
        - name: CONFIG_INTERNAL_API_USER
          value: \"${CONFIG_INTERNAL_API_USER}\"
        - name: CONFIG_INTERNAL_API_PASSWORD
          value: \"${CONFIG_INTERNAL_API_PASSWORD}\"
        - name: SECRET_KEY_BASE
          value: \"${SECRET_KEY_BASE}\"
        - name: AMP_RELEASE
          value: \"${AMP_RELEASE}\"
        - name: ZYNC_AUTHENTICATION_TOKEN
          valueFrom:
            secretKeyRef:
              name: zync
              key: ZYNC_AUTHENTICATION_TOKEN
        - name: SMTP_ADDRESS
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: address
        - name: SMTP_USER_NAME
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: username
        - name: SMTP_PASSWORD
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: password
        - name: SMTP_DOMAIN
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: domain
        - name: SMTP_PORT
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: port
        - name: SMTP_AUTHENTICATION
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: authentication
        - name: SMTP_OPENSSL_VERIFY_MODE
          valueFrom:
            configMapKeyRef:
              name: smtp
              key: openssl.verify.mode
        - name: BACKEND_ROUTE
          value: \"${BACKEND_ROUTE}\"
        - name: SSL_CERT_DIR
          value: \"/etc/pki/tls/certs\"
        - name: APICAST_REGISTRY_URL
          value: \"${APICAST_REGISTRY_URL}\"
        image: registry.access.redhat.com/3scale-amp22/system:1.7
        imagePullPolicy: IfNotPresent
        args: [ 'env', 'TENANT_MODE=master', 'PORT=3002', 'container-entrypoint', 'bundle', 'exec', 'unicorn', '-c', 'config/unicorn.rb' ]
        command:
        name: system-master
        resources:
          limits:
            cpu: 1000m
            memory: 800Mi
          requests:
            cpu: 50m
            memory: 600Mi
        livenessProbe:
          timeoutSeconds: 10
          initialDelaySeconds: 20
          tcpSocket:
            port: master
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /check.txt
            port: master
            scheme: HTTP
            httpHeaders:
            - name: X-Forwarded-Proto
              value: https
          initialDelaySeconds: 30
          timeoutSeconds: 10
          periodSeconds: 30
        ports:
        - containerPort: 3002
          protocol: TCP
          name: master
        volumeMounts:
        - name: system-storage
          mountPath: /opt/system/public/system
        - name: system-config
          mountPath: /opt/system-extra-configs
      - name: system-provider
        env:
        - name: MASTER_USER
          value: ${MASTER_USER}
        - name: MASTER_PASSWORD
          value: ${MASTER_PASSWORD}
        - name: AMP_RELEASE
          value: ${AMP_RELEASE}
        - name: APICAST_REGISTRY_URL
          value: ${APICAST_REGISTRY_URL}
        image: registry.access.redhat.com/3scale-amp22/system:1.7
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 1000m
            memory: 800Mi
          requests:
            cpu: 50m
            memory: 600Mi
        command:
        args: [ 'env', 'TENANT_MODE=provider', 'PORT=3000', 'container-entrypoint', 'bundle', 'exec', 'unicorn', '-c', 'config/unicorn.rb' ]
        volumeMounts:
        - name: system-storage
          mountPath: /opt/system/public/system
        - name: system-config
          mountPath: /opt/system-extra-configs
      - name: system-developer
        env:
        - name: MASTER_USER
          value: ${MASTER_USER}
        - name: MASTER_PASSWORD
          value: ${MASTER_PASSWORD}
        - name: AMP_RELEASE
          value: ${AMP_RELEASE}
        - name: APICAST_REGISTRY_URL
          value: ${APICAST_REGISTRY_URL}
        image: registry.access.redhat.com/3scale-amp22/system:1.7
        imagePullPolicy: IfNotPresent
        command:
        args: [ 'env', 'PORT=3001', 'container-entrypoint', 'bundle', 'exec', 'unicorn', '-c', 'config/unicorn.rb' ]
        volumeMounts:
        - name: system-storage
          readOnly: true
          mountPath: /opt/system/public/system
        - name: system-config
          mountPath: /opt/system-extra-configs
  triggers:
    - type: ConfigChange
    - type: ImageChange
      imageChangeParams:
        automatic: true
        containerNames:
        - system-provider
        - system-developer
        - system-master
        from:
          kind: ImageStreamTag
          name: amp-system:latest
"
      Copy to Clipboard Toggle word wrap

  5. To patch the amp-system image, run the following oc patch command: 

    oc patch is/amp-system -p "
spec:
  tags:
    - name: 2.2.0
      annotations:
        openshift.io/display-name: AMP system 2.2.0
      from:
        kind: DockerImage
        name: 'registry.access.redhat.com/3scale-amp22/system:1.7'
    - name: latest
      from:
        kind: ImageStreamTag
        name: 2.2.0
"
    Copy to Clipboard Toggle word wrap

  6. To patch the system-sphinx deployment configuration, run the following oc patch command: 

    oc patch dc/system-sphinx -p "
metadata:
  labels:
    app: System
spec:
  template:
    spec:
      containers:
      - imagePullPolicy: IfNotPresent
        image: registry.access.redhat.com/3scale-amp22/system:1.7
        name: system-sphinx
        resources:
          limits:
            cpu: 1000m
            memory: 512Mi
          requests:
            cpu: 80m
            memory: 250Mi
"
    Copy to Clipboard Toggle word wrap

  7. To patch the system-redis deployment configuration, run the following oc patch command: 

    oc patch dc/system-redis -p '
metadata:
  labels:
    app: System
spec:
  template:
    spec:
      containers:
      - imagePullPolicy: IfNotPresent
        name: system-redis
        command:
          - "/opt/rh/rh-redis32/root/usr/bin/redis-server"
        args:
          -  "/etc/redis.d/redis.conf"
          -  "--daemonize"
          -  "no"
        resources:
          limits:
            memory: 32Gi
            cpu: 500m
          requests:
            cpu: 150m
            memory: 256Mi
        volumeMounts:
        - name: system-redis-storage
          mountPath: "/var/lib/redis/data"
        - name: redis-config
          mountPath: /etc/redis.d/
'
    Copy to Clipboard Toggle word wrap

  8. To patch the system-memcache deployment configuration, run the following oc patch command: 

    oc patch dc/system-memcache -p "
metadata:
  labels:
    app: System
spec:
  template:
    spec:
      containers:
      - imagePullPolicy: IfNotPresent
        name: memcache
        resources:
          limits:
            cpu: 250m
            memory: 96Mi
          requests:
            cpu: 50m
            memory: 64Mi
"
    Copy to Clipboard Toggle word wrap

1.8. Patch Backend Components
复制链接

  1. To patch the backend-cron deployment configuration, run the following oc patch command: 

    oc patch dc/backend-cron -p "
metadata:
  labels:
    app: Backend
spec:
  template:
    spec:
      containers:
      - name: backend-cron
        env:
        - name: CONFIG_REDIS_PROXY
          value: redis://backend-redis:6379/0
        - name: CONFIG_REDIS_SENTINEL_HOSTS
          value: ""
        - name: CONFIG_REDIS_SENTINEL_ROLE
          value: ""
        - name: CONFIG_QUEUES_MASTER_NAME
          value: redis://backend-redis:6379/1
        - name: CONFIG_QUEUES_SENTINEL_HOSTS
          value: ""
        - name: CONFIG_QUEUES_SENTINEL_ROLE
          value: ""
        - name: RACK_ENV
          value: "production"
        image: registry.access.redhat.com/3scale-amp22/backend:1.6
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 150m
            memory: 80Mi
          requests:
            cpu: 50m
            memory: 40Mi
"
    Copy to Clipboard Toggle word wrap

  2. To patch the backend-worker deployment configuration, run the following oc patch command: 

    oc patch dc/backend-worker -p "
metadata:
  labels:
    app: Backend
spec:
  template:
    spec:
      containers:
      - name: backend-worker
        env:
          - name: CONFIG_REDIS_PROXY
            value: redis://backend-redis:6379/0
          - name: CONFIG_REDIS_SENTINEL_HOSTS
          - name: CONFIG_REDIS_SENTINEL_ROLE
          - name: CONFIG_QUEUES_MASTER_NAME
            value: redis://backend-redis:6379/1
          - name: CONFIG_QUEUES_SENTINEL_HOSTS
          - name: CONFIG_QUEUES_SENTINEL_ROLE
          - name: RACK_ENV
            value: \"production\"
          - name: PUMA_WORKERS
            value: \"16\"
          - name: CONFIG_EVENTS_HOOK
            value: http://system-master:3000/master/events/import
          - name: CONFIG_EVENTS_HOOK_SHARED_SECRET
            value: ${EVENTS_SHARED_SECRET}
        image: registry.access.redhat.com/3scale-amp22/backend:1.6
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 1000m
            memory: 300Mi
          requests:
            cpu: 150m
            memory: 50Mi
"
    Copy to Clipboard Toggle word wrap

  3. To patch the backend-listener deployment configuration, run the following oc patch command: 

    oc patch dc/backend-listener -p "
metadata:
  labels:
    app: Backend
spec:
  template:
    spec:
      containers:
      - name: backend-listener
        env:
          - name: CONFIG_REDIS_PROXY
            value: redis://backend-redis:6379/0
          - name: CONFIG_REDIS_SENTINEL_HOSTS
          - name: CONFIG_REDIS_SENTINEL_ROLE
            value: ""
          - name: CONFIG_QUEUES_MASTER_NAME
            value: redis://backend-redis:6379/1
          - name: CONFIG_QUEUES_SENTINEL_HOSTS
          - name: CONFIG_QUEUES_SENTINEL_ROLE
            value: ""
          - name: RACK_ENV
            value: \"production\"
          - name: CONFIG_INTERNAL_API_USER
            value: \"${CONFIG_INTERNAL_API_USER}\"
          - name: CONFIG_INTERNAL_API_PASSWORD
            value: \"${CONFIG_INTERNAL_API_PASSWORD}\"
          - name: PUMA_WORKERS
            value: \"16\"
        image: registry.access.redhat.com/3scale-amp22/backend:1.6
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 1000m
            memory: 700Mi
          requests:
            cpu: 500m
            memory: 550Mi
"
    Copy to Clipboard Toggle word wrap

  4. To patch the amp-backend image stream, run the following oc patch command: 

    oc patch is/amp-backend -p "
spec:
  tags:
    - name: 2.2.0
      annotations:
        openshift.io/display-name: AMP backend
      from:
        kind: DockerImage
        name: 'registry.access.redhat.com/3scale-amp22/backend:1.6'
    - name: latest
      from:
        kind: ImageStreamTag
        name: 2.2.0
"
    Copy to Clipboard Toggle word wrap

  5. To patch the backend-redis deployment configuration, run the following oc patch command: 

    oc patch dc/backend-redis -p '
metadata:
  labels:
    app: Backend
spec:
  template:
    spec:
      containers:
      - name: backend-redis
        command:
          - "/opt/rh/rh-redis32/root/usr/bin/redis-server"
        args:
          -  "/etc/redis.d/redis.conf"
          -  "--daemonize"
          -  "no"
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 2000m
            memory: 32Gi
          requests:
            cpu: 1000m
            memory: 1024Mi
        volumeMounts:
        - name: backend-redis-storage
          mountPath: "/var/lib/redis/data"
        - name: redis-config
          mountPath: /etc/redis.d/
'
    Copy to Clipboard Toggle word wrap

1.9. Patch APIcast
复制链接

  1. To patch the apicast-staging deployment configuration, run the following oc patch command: 

    oc patch dc/apicast-staging -p "
metadata:
  labels:
    app: APIcast
spec:
  template:
    spec:
      containers:
      - name: apicast-staging
        env:
        - name: THREESCALE_PORTAL_ENDPOINT
          value: \"http://${APICAST_ACCESS_TOKEN}@system-master:3000/master/api/proxy/configs\"
        - name: APICAST_CONFIGURATION_LOADER
          value: \"lazy\"
        - name: APICAST_CONFIGURATION_CACHE
          value: \"0\"
        - name: THREESCALE_DEPLOYMENT_ENV
          value: \"sandbox\"
        - name: APICAST_MANAGEMENT_API
          value: \"${APICAST_MANAGEMENT_API}\"
        - name: BACKEND_ENDPOINT_OVERRIDE
          value: http://backend-listener:3000
        - name: OPENSSL_VERIFY
          value: \"${OPENSSL_VERIFY}\"
        - name: APICAST_RESPONSE_CODES
          value: \"${APICAST_RESPONSE_CODES}\"
        - name: REDIS_URL
          value: \"redis://system-redis:6379/2\"
        image: registry.access.redhat.com/3scale-amp22/apicast-gateway:1.8
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 100m
            memory: 128Mi
          requests:
            cpu: 50m
            memory: 64Mi
"
    Copy to Clipboard Toggle word wrap

  2. To patch the apicast-production deployment configuration, run the following oc patch command: 

    oc patch dc/apicast-production -p "
metadata:
  labels:
    app: APIcast
spec:
  template:
    spec:
      containers:
      - name: apicast-production
        env:
        - name: THREESCALE_PORTAL_ENDPOINT
          value: \"http://${APICAST_ACCESS_TOKEN}@system-master:3000/master/api/proxy/configs\"
        - name: APICAST_CONFIGURATION_LOADER
          value: \"boot\"
        - name: APICAST_CONFIGURATION_CACHE
          value: \"300\"
        - name: THREESCALE_DEPLOYMENT_ENV
          value: \"production\"
        - name: APICAST_MANAGEMENT_API
          value: \"${APICAST_MANAGEMENT_API}\"
        - name: BACKEND_ENDPOINT_OVERRIDE
          value: http://backend-listener:3000
        - name: OPENSSL_VERIFY
          value: \"${APICAST_OPENSSL_VERIFY}\"
        - name: APICAST_RESPONSE_CODES
          value: \"${APICAST_RESPONSE_CODES}\"
        - name: REDIS_URL
          value: \"redis://system-redis:6379/1\"
        image: registry.access.redhat.com/3scale-amp22/apicast-gateway:1.8
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 1000m
            memory: 128Mi
          requests:
            cpu: 500m
            memory: 64Mi
"
    Copy to Clipboard Toggle word wrap

  3. To patch the amp-apicast image stream, run the following oc patch command: 

    oc patch is/amp-apicast -p "
spec:
  tags:
    - name: 2.2.0
      annotations:
        openshift.io/display-name: AMP apicast
      from:
        kind: DockerImage
        name: 'registry.access.redhat.com/3scale-amp22/apicast-gateway:1.8'
    - name: latest
      from:
        kind: ImageStreamTag
        name: 2.2.0
"
    Copy to Clipboard Toggle word wrap

  4. To patch the apicast-wildcard-router deployment configuration, run the following oc patch command: 

    oc patch dc/apicast-wildcard-router -p "
metadata:
  labels:
    app: APIcast
spec:
  template:
    spec:
      containers:
      - name: apicast-wildcard-router
        env:
        - name: API_HOST
          value: \"http://${APICAST_ACCESS_TOKEN}@system-master:3000\"
        image: registry.access.redhat.com/3scale-amp22/wildcard-router:1.6
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 500m
            memory: 64Mi
          requests:
            cpu: 120m
            memory: 32Mi
"
    Copy to Clipboard Toggle word wrap

  5. To patch the amp-wildcard-router image stream, run the following oc patch command: 

    oc patch is/amp-wildcard-router -p "
spec:
  tags:
    - name: 2.2.0
      annotations:
        openshift.io/display-name: AMP wildcard router
      from:
        kind: DockerImage
        name: 'registry.access.redhat.com/3scale-amp22/wildcard-router:1.6'
    - name: latest
      from:
        kind: ImageStreamTag
        name: 2.2.0
"
    Copy to Clipboard Toggle word wrap

1.10. Patch Zync components
复制链接

  1. To patch the zync-database deployment configuration, run the following oc patch command: 

    oc patch dc/zync-database -p "
metadata:
  labels:
    app: Zync
spec:
  template:
    spec:
      containers:
      - name: postgresql
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            memory: 2Gi
            cpu: 250m
          requests:
            cpu: 50m
            memory: 250Mi
"
    Copy to Clipboard Toggle word wrap

  2. To patch the zync deployment configuration, run the following oc patch command: 

    oc patch dc/zync -p "
metadata:
  labels:
    app: Zync
spec:
  template:
    spec:
      containers:
      - name: zync
        image: 'registry.access.redhat.com/3scale-amp22/zync:1.6'
        resources:
          limits:
            cpu: 1
            memory: 512Mi
          requests:
            cpu: 150m
            memory: 250Mi
"
    Copy to Clipboard Toggle word wrap

  3. To patch the zync image stream, run the following oc patch command: 

    oc patch is/amp-zync -p "
spec:
  tags:
    - name: 2.2.0
      annotations:
        openshift.io/display-name: AMP zync
      from:
        kind: DockerImage
        name: 'registry.access.redhat.com/3scale-amp22/zync:1.6'
    - name: latest
      from:
        kind: ImageStreamTag
        name: 2.2.0
"
    Copy to Clipboard Toggle word wrap

1.11. Verify Upgrade
复制链接

After you have performed the upgrade procedure, verify the success of your upgrade operation by checking the version number in the lower-right corner of your 3scale Admin Portal.

Note

It may take some time for your redeployment operations to complete in OpenShift.

返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat