1.2. 在基于模板的安装中将 2.7 升级到 2.8
按照本节中的步骤,在基于模板的安装中将 3scale 2.7 升级到 2.8。
要开始升级,请转至部署了 3scale 的项目。
$ oc project <3scale-project>
然后,按照以下顺序执行这些步骤:
- 第 1.2.1 节 “创建 3scale 项目的备份”
-
第 1.2.2 节 “将
smtpConfigMap 迁移到system-smtpsecret” -
第 1.2.3 节 “更新
system-appDeploymentConfig 的pre-hook pod命令” -
第 1.2.4 节 “修补
system-appDeploymentConfig 的pre-hook pod环境” -
第 1.2.5 节 “修补
system-appDeploymentConfig 容器的环境” -
第 1.2.6 节 “修补
system-sidekiqDeploymentConfig 容器的环境” - 第 1.2.7 节 “迁移特定于 S3 的配置”
- 第 1.2.8 节 “更新 3scale 版本号”
- 第 1.2.9 节 “升级 3scale 镜像”
-
第 1.2.10 节 “删除
smtpConfigMap”
1.2.1. 创建 3scale 项目的备份
前一步
无。
当前步骤
此步骤列出了创建 3scale 项目的备份所需的操作。
根据与 3scale 一起使用的数据库,使用以下值之一设置 ${SYSTEM_DB}:
-
如果数据库是 MySQL,则为
SYSTEM_DB=system-mysql。 -
如果数据库是 PostgreSQL,则为
SYSTEM_DB=system-postgresql。
-
如果数据库是 MySQL,则为
使用现有 DeploymentConfig 创建备份文件:
$ THREESCALE_DC_NAMES="apicast-production apicast-staging backend-cron backend-listener backend-redis backend-worker system-app system-memcache ${SYSTEM_DB} system-redis system-sidekiq system-sphinx zync zync-database zync-que" for component in ${THREESCALE_DC_NAMES}; do oc get --export -o yaml dc ${component} > ${component}_dc.yml ; done备份通过
export all命令导出的项目中所有现有 OpenShift 资源:$ oc get -o yaml --export all > threescale-project-elements.yaml
使用没有使用
export all命令导出的额外元素创建备份文件:$ for object in rolebindings serviceaccounts secrets imagestreamtags cm rolebindingrestrictions limitranges resourcequotas pvc templates cronjobs statefulsets hpa deployments replicasets poddisruptionbudget endpoints do oc get -o yaml --export $object > $object.yaml done
- 验证所有生成的文件是否都为空,并且所有这些文件都具有预期内容。
1.2.2. 将 smtp ConfigMap 迁移到 system-smtp secret
当前步骤
此步骤的目标是将 system 的 SMTP 配置从 ConfigMap 迁移到 Secret。此迁移涉及与邮件相关的方面,因为 SMTP 配置包含一些敏感信息。为保护此信息,secret 比 ConfigMap 更安全。
收集
app标签的当前值:$ DEPLOYED_APP_LABEL=$(oc get dc backend-listener -o json | jq .spec.template.metadata.labels.app -r)
您可以运行以下命令来验证 DEPLOYED_APP_LABEL 是否不为空:
$ echo ${DEPLOYED_APP_LABEL}
收集
smtpConfigMap 的当前内容:$ CFGMAP_DATA_CONTENTS=$(oc get configmap smtp -o json | jq -r .data)
您可以运行以下命令来验证 CFGMAP_DATA_CONTENTS 是否不为空:
$ echo ${CFGMAP_DATA_CONTENTS}您可以运行以下命令确认 CFGMAP_DATA_CONTENTS 的值:
$ oc get configmap smtp -o json | jq -r .data
使用
smtpConfigMap 的内容创建system-smtpsecret:$ cat <<EOF | oc create -f - { "apiVersion": "v1", "kind": "Secret", "metadata": { "creationTimestamp": null, "labels": { "app": "${DEPLOYED_APP_LABEL}", "threescale_component": "system", "threescale_component_element": "smtp" }, "name": "system-smtp" }, "stringData": ${CFGMAP_DATA_CONTENTS} } EOF通过执行以下方法确认
system-smtpsecret 已创建:$ oc get secret system-smtp -o yaml
验证
system-smtpsecret 和smtpConfigMap 中所有数据键和相关值都相同。system-smtpsecret 中的数据值采用 base64 编码,因此必须对其进行解码才能查看实际值。例如,如果 secret 数据中的一个键名为 mykey,您可以复制与该键关联的值,并使用以下命令查看实际值:$ oc get secret system-smtp -o json | jq -r .data.mykey | base64 -d
如果键关联的值是空字符串,则上一个命令的结果将没有输出。
1.2.3. 更新 system-app DeploymentConfig 的 pre-hook pod 命令
当前步骤
若要从 3scale 获取最新的功能,此步骤解释了如何更新 system-app DeploymentConfig 中的 pre-hook pod 命令。
在
system-appDeploymentConfig 中,将 pre-hook pod 命令更新至此发行版本所需的新 pod 命令:oc patch dc/system-app -p '{"spec":{"strategy":{"rollingParams":{"pre":{"execNewPod":{"command":["bash","-c","bundle exec rake boot openshift:deploy"]}}}}}}'验证
pre-hook pod命令是否已更改为新值:oc get dc system-app -o json | jq .spec.strategy.rollingParams.pre.execNewPod.command
以上命令的结果应该是:
[ "bash", "-c", "bundle exec rake boot openshift:deploy" ]
1.2.4. 修补 system-app DeploymentConfig 的 pre-hook pod 环境
当前步骤
此步骤将环境变量添加到 pre-hook pod 环境中的 system-app DeploymentConfig。此添加可确保与 SMTP 相关的环境变量指向 新创建的 system-smtp secret。此添加保证了与 修改 pre-hook pod 命令 相关的变量会被正确配置。
对
system-appDeploymentConfig 中的pre-hook pod环境变量进行补丁:oc get dc system-app -o json | jq 'del(.spec.strategy.rollingParams.pre.execNewPod.env[] | select(.name == "SMTP_ADDRESS" // .name == "SMTP_USER_NAME" // .name == "SMTP_PASSWORD" // .name == "SMTP_DOMAIN" // .name == "SMTP_PORT" // .name == "SMTP_AUTHENTICATION" // .name == "SMTP_OPENSSL_VERIFY_MODE")) | .spec.strategy.rollingParams.pre.execNewPod.env += [{"name":"SMTP_ADDRESS","valueFrom":{"secretKeyRef":{"key":"address","name":"system-smtp"}}},{"name":"SMTP_USER_NAME","valueFrom":{"secretKeyRef":{"key":"username","name":"system-smtp"}}},{"name":"SMTP_PASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"system-smtp"}}},{"name":"SMTP_DOMAIN","valueFrom":{"secretKeyRef":{"key":"domain","name":"system-smtp"}}},{"name":"SMTP_PORT","valueFrom":{"secretKeyRef":{"key":"port","name":"system-smtp"}}},{"name":"SMTP_AUTHENTICATION","valueFrom":{"secretKeyRef":{"key":"authentication","name":"system-smtp"}}},{"name":"SMTP_OPENSSL_VERIFY_MODE","valueFrom":{"secretKeyRef":{"key":"openssl.verify.mode","name":"system-smtp"}}},{"name":"MASTER_ACCESS_TOKEN","valueFrom":{"secretKeyRef":{"key":"MASTER_ACCESS_TOKEN","name":"system-seed"}}}]' | oc apply -f -根据这些操作点验证
pre-hook pod环境是否已修补:检查 MASTER_ACCESS_TOKEN 是否已设置为
system-apppre-hook pod 中的 secret 引用:oc get dc system-app -o json | jq '.spec.strategy.rollingParams.pre.execNewPod.env | map(select(.name == "MASTER_ACCESS_TOKEN")) | length'
预期输出:
1您可以确认 MASTER_ACCESS_TOKEN 已正确设置指向
system-seedsecret:oc get dc system-app -o json | jq '.spec.strategy.rollingParams.pre.execNewPod.env | map(select(.name == "MASTER_ACCESS_TOKEN"))'
预期输出:
[ { "name": "MASTER_ACCESS_TOKEN", "valueFrom": { "secretKeyRef": { "key": "MASTER_ACCESS_TOKEN", "name": "system-seed" } } } ]
检查
system-apppre-hook pod 中所有 SMTP_* env vars 是否已设置为 secret 引用:oc get dc system-app -o json | jq '.spec.strategy.rollingParams.pre.execNewPod.env | map(select(.name | contains("SMTP")))'以下输出列表中的每个环境变量都应该是
system-smtpsecret 密钥的引用:- SMTP_ADDRESS
- SMTP_USER_NAME
- SMTP_PASSWORD
- SMTP_DOMAIN
- SMTP_PORT
- SMTP_AUTHENTICATION
- SMTP_OPENSSL_VERIFY_MODE
1.2.5. 修补 system-app DeploymentConfig 容器的环境
当前步骤
此流程在 system-app 容器环境中添加和修改环境变量。它确保与 SMTP 相关的环境变量指向新创建的 system-smtp secret。
修补
system-appDeploymentConfig 中的容器环境变量:oc patch dc/system-app -p '{"spec":{"template":{"spec":{"containers":[{"name":"system-master","env":[{"name":"SMTP_ADDRESS","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"address","name":"system-smtp"}}},{"name":"SMTP_USER_NAME","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"username","name":"system-smtp"}}},{"name":"SMTP_PASSWORD","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"password","name":"system-smtp"}}},{"name":"SMTP_DOMAIN","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"domain","name":"system-smtp"}}},{"name":"SMTP_PORT","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"port","name":"system-smtp"}}},{"name":"SMTP_AUTHENTICATION","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"authentication","name":"system-smtp"}}},{"name":"SMTP_OPENSSL_VERIFY_MODE","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"openssl.verify.mode","name":"system-smtp"}}}]},{"name":"system-provider","env":[{"name":"SMTP_ADDRESS","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"address","name":"system-smtp"}}},{"name":"SMTP_USER_NAME","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"username","name":"system-smtp"}}},{"name":"SMTP_PASSWORD","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"password","name":"system-smtp"}}},{"name":"SMTP_DOMAIN","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"domain","name":"system-smtp"}}},{"name":"SMTP_PORT","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"port","name":"system-smtp"}}},{"name":"SMTP_AUTHENTICATION","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"authentication","name":"system-smtp"}}},{"name":"SMTP_OPENSSL_VERIFY_MODE","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"openssl.verify.mode","name":"system-smtp"}}}]},{"name":"system-developer","env":[{"name":"SMTP_ADDRESS","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"address","name":"system-smtp"}}},{"name":"SMTP_USER_NAME","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"username","name":"system-smtp"}}},{"name":"SMTP_PASSWORD","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"password","name":"system-smtp"}}},{"name":"SMTP_DOMAIN","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"domain","name":"system-smtp"}}},{"name":"SMTP_PORT","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"port","name":"system-smtp"}}},{"name":"SMTP_AUTHENTICATION","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"authentication","name":"system-smtp"}}},{"name":"SMTP_OPENSSL_VERIFY_MODE","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"openssl.verify.mode","name":"system-smtp"}}}]}]}}}}'验证所有 SMTP_* env vars 是否已设置为此处列出的
system-app容器的 secret 引用:system-developeroc get dc system-app -o json | jq '.spec.template.spec.containers | map(select(.name == "system-developer"))[].env | map(select(.name | contains("SMTP")))'system-provideroc get dc system-app -o json | jq '.spec.template.spec.containers | map(select(.name == "system-provider"))[].env | map(select(.name | contains("SMTP")))'system-masteroc get dc system-app -o json | jq '.spec.template.spec.containers | map(select(.name == "system-master"))[].env | map(select(.name | contains("SMTP")))'在这些容器中,以下输出列表中的环境变量应该是
system-smtpsecret 密钥的引用:- SMTP_ADDRESS
- SMTP_USER_NAME
- SMTP_PASSWORD
- SMTP_DOMAIN
- SMTP_PORT
- SMTP_AUTHENTICATION
- SMTP_OPENSSL_VERIFY_MODE
1.2.6. 修补 system-sidekiq DeploymentConfig 容器的环境
当前步骤
此流程在 system-sidekiq pod 环境中添加和修改环境变量。此处列出的步骤可确保与 SMTP 相关的环境变量指向新创建的 system-smtp secret。
修补
system-sidekiqDeploymentConfig 的环境变量:oc patch dc/system-sidekiq -p '{"spec":{"template":{"spec":{"containers":[{"name":"system-sidekiq","env":[{"name":"SMTP_ADDRESS","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"address","name":"system-smtp"}}},{"name":"SMTP_USER_NAME","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"username","name":"system-smtp"}}},{"name":"SMTP_PASSWORD","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"password","name":"system-smtp"}}},{"name":"SMTP_DOMAIN","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"domain","name":"system-smtp"}}},{"name":"SMTP_PORT","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"port","name":"system-smtp"}}},{"name":"SMTP_AUTHENTICATION","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"authentication","name":"system-smtp"}}},{"name":"SMTP_OPENSSL_VERIFY_MODE","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"openssl.verify.mode","name":"system-smtp"}}}]}]}}}}'确认所有 SMTP_* 环境变量都已设置为 secret 引用:
oc get dc system-sidekiq -o json | jq '.spec.template.spec.containers | map(select(.name == "system-sidekiq"))[].env | map(select(.name | contains("SMTP")))'以下输出列表中的每个环境变量都应该是
system-smtpsecret 密钥的引用:- SMTP_ADDRESS
- SMTP_USER_NAME
- SMTP_PASSWORD
- SMTP_DOMAIN
- SMTP_PORT
- SMTP_AUTHENTICATION
- SMTP_OPENSSL_VERIFY_MODE
后续步骤
-
如果您使用
amp-s3模板,使用 Amazon Simple Storage Service (Amazon S3)部署 3scale 2.7,第 1.2.2 节 “将smtpConfigMap 迁移到system-smtpsecret”。 -
如果您还没有在 3scale 2.7 中安装
amp-s3模板, 第 1.2.8 节 “更新 3scale 版本号”
1.2.7. 迁移特定于 S3 的配置
如果您在 3scale 2.7 中安装了 amp-s3 模板,请按照此步骤的说明操作。否则,请在下一步中继续升级: 第 1.2.8 节 “更新 3scale 版本号”
当前步骤
此步骤列出了将特定于 S3 的配置从 system-environment ConfigMap 迁移到 aws-auth secret 的任务。
将值添加到现有
aws-authsecret 中:oc patch secret aws-auth --patch "{\"stringData\": $(oc get configmap system-environment -o json | jq '.data | {"AWS_BUCKET": .AWS_BUCKET, "AWS_REGION": .AWS_REGION } ')}"确认密钥及其值已添加到
aws-authsecret 中。这些值是 base64 编码:oc get secret aws-auth -o yaml
修补
system-appDeploymentConfig 中的 pre-hook pod 环境变量:oc get dc system-app -o json | jq 'del(.spec.strategy.rollingParams.pre.execNewPod.env[] | select(.name == "AWS_BUCKET" // .name == "AWS_REGION")) | .spec.strategy.rollingParams.pre.execNewPod.env += [{"name":"AWS_BUCKET","valueFrom":{"secretKeyRef":{"key":"AWS_BUCKET","name":"aws-auth"}}},{"name":"AWS_REGION","valueFrom":{"secretKeyRef":{"key":"AWS_REGION","name":"aws-auth"}}},{"name":"AWS_PROTOCOL","valueFrom":{"secretKeyRef":{"key":"AWS_PROTOCOL","name":"aws-auth", "optional": true}}},{"name":"AWS_HOSTNAME","valueFrom":{"secretKeyRef":{"key":"AWS_HOSTNAME","name":"aws-auth", "optional": true}}},{"name":"AWS_PATH_STYLE","valueFrom":{"secretKeyRef":{"key":"AWS_PATH_STYLE","name":"aws-auth", "optional": true}}}]' | oc apply -f -检查所有 AWS_* 环境变量是否已设置为
system-apppre-hook pod 中的 secret 引用:oc get dc system-app -o json | jq '.spec.strategy.rollingParams.pre.execNewPod.env | map(select(.name | contains("AWS")))'以下输出列表中的每个环境变量都应该是对
aws-authsecret 密钥的引用:- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_BUCKET
- AWS_REGION
- AWS_PROTOCOL
- AWS_HOSTNAME
- AWS_PATH_STYLE
修补
system-appDeploymentConfig 中的容器环境变量:oc patch dc/system-app -p '{"spec":{"template":{"spec":{"containers":[{"name":"system-master","env":[{"name":"AWS_BUCKET","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"AWS_BUCKET","name":"aws-auth"}}},{"name":"AWS_REGION","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"AWS_REGION","name":"aws-auth"}}},{"name":"AWS_PROTOCOL","valueFrom":{"secretKeyRef":{"key":"AWS_PROTOCOL","name":"aws-auth", "optional": true}}},{"name":"AWS_HOSTNAME","valueFrom":{"secretKeyRef":{"key":"AWS_HOSTNAME","name":"aws-auth", "optional": true}}},{"name":"AWS_PATH_STYLE","valueFrom":{"secretKeyRef":{"key":"AWS_PATH_STYLE","name":"aws-auth", "optional": true}}}]},{"name":"system-provider","env":[{"name":"AWS_BUCKET","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"AWS_BUCKET","name":"aws-auth"}}},{"name":"AWS_REGION","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"AWS_REGION","name":"aws-auth"}}},{"name":"AWS_PROTOCOL","valueFrom":{"secretKeyRef":{"key":"AWS_PROTOCOL","name":"aws-auth", "optional": true}}},{"name":"AWS_HOSTNAME","valueFrom":{"secretKeyRef":{"key":"AWS_HOSTNAME","name":"aws-auth", "optional": true}}},{"name":"AWS_PATH_STYLE","valueFrom":{"secretKeyRef":{"key":"AWS_PATH_STYLE","name":"aws-auth", "optional": true}}}]},{"name":"system-developer","env":[{"name":"AWS_BUCKET","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"AWS_BUCKET","name":"aws-auth"}}},{"name":"AWS_REGION","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"AWS_REGION","name":"aws-auth"}}},{"name":"AWS_PROTOCOL","valueFrom":{"secretKeyRef":{"key":"AWS_PROTOCOL","name":"aws-auth", "optional": true}}},{"name":"AWS_HOSTNAME","valueFrom":{"secretKeyRef":{"key":"AWS_HOSTNAME","name":"aws-auth", "optional": true}}},{"name":"AWS_PATH_STYLE","valueFrom":{"secretKeyRef":{"key":"AWS_PATH_STYLE","name":"aws-auth", "optional": true}}}]}]}}}}'验证所有 AWS_* 环境变量是否已设置为
system-app的三个容器中的 secret 引用。system-developer:oc get dc system-app -o json | jq '.spec.template.spec.containers | map(select(.name == "system-developer"))[].env | map(select(.name | contains("AWS")))'system-master:oc get dc system-app -o json | jq '.spec.template.spec.containers | map(select(.name == "system-master"))[].env | map(select(.name | contains("AWS")))'system-provideroc get dc system-app -o json | jq '.spec.template.spec.containers | map(select(.name == "system-provider"))[].env | map(select(.name | contains("AWS")))'对于所有三个容器,以下输出列表中的每个环境变量都应该是
aws-authsecret 密钥的引用:- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_BUCKET
- AWS_REGION
- AWS_PROTOCOL
- AWS_HOSTNAME
- AWS_PATH_STYLE
修补
system-sidekiqDeploymentConfig 中的容器环境变量:oc patch dc/system-sidekiq -p '{"spec":{"template":{"spec":{"containers":[{"name":"system-sidekiq","env":[{"name":"AWS_BUCKET","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"AWS_BUCKET","name":"aws-auth"}}},{"name":"AWS_REGION","valueFrom":{"configMapKeyRef":null,"secretKeyRef":{"key":"AWS_REGION","name":"aws-auth"}}},{"name":"AWS_PROTOCOL","valueFrom":{"secretKeyRef":{"key":"AWS_PROTOCOL","name":"aws-auth", "optional": true}}},{"name":"AWS_HOSTNAME","valueFrom":{"secretKeyRef":{"key":"AWS_HOSTNAME","name":"aws-auth", "optional": true}}},{"name":"AWS_PATH_STYLE","valueFrom":{"secretKeyRef":{"key":"AWS_PATH_STYLE","name":"aws-auth", "optional": true}}}]}]}}}}'验证所有 AWS_* 环境变量是否已设置为 secret 引用:
oc get dc system-sidekiq -o json | jq '.spec.template.spec.containers | map(select(.name == "system-sidekiq"))[].env | map(select(.name | contains("AWS")))'以下输出列表中的每个环境变量都应该是对
aws-authsecret 密钥的引用:- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_BUCKET
- AWS_REGION
- AWS_PROTOCOL
- AWS_HOSTNAME
- AWS_PATH_STYLE
删除未使用的
system-environmentConfigMap 键:oc patch configmap system-environment --patch '{"data": {"AWS_BUCKET": null, "AWS_REGION": null}}'
1.2.8. 更新 3scale 版本号
前一步
-
如果您在 3scale 2.7 中安装了
amp-s3模板,第 1.2.2 节 “将smtpConfigMap 迁移到system-smtpsecret”。 -
如果您还没有在 3scale 2.7 中安装
amp-s3模板, 第 1.2.6 节 “修补system-sidekiqDeploymentConfig 容器的环境”
当前步骤
此步骤在 system-environment ConfigMap 中将 3scale 发行版本号从 2.7 更新至 2.8。AMP_RELEASE 是某些 DeploymentConfig 容器环境中引用的 ConfigMap 条目。
要修补 AMP_RELEASE,请运行以下命令:
oc patch cm system-environment --patch '{"data": {"AMP_RELEASE": "2.8"}}'验证 system-environment ConfigMap 中的 AMP_RELEASE 键是否具有
2.8值:oc get cm system-environment -o json | jq .data.AMP_RELEASE
1.2.9. 升级 3scale 镜像
当前步骤
此步骤更新升级过程所需的 3scale 镜像。
对
amp-system镜像流进行补丁:要修补
amp-system镜像流,您需要考虑用于 3scale 部署的数据库。- 如果 3scale 使用 Oracle 数据库部署,请执行以下步骤以使用 Oracle 数据库构建系统镜像 :1、2、4、8 和 9。
如果数据库与 Oracle DB 不同,请使用以下命令:
oc patch imagestream/amp-system --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP system 2.8"}, "from": { "kind": "DockerImage", "name": "registry.redhat.io/3scale-amp2/system-rhel7:3scale2.8"}, "name": "2.8", "referencePolicy": {"type": "Source"}}}]' oc patch imagestream/amp-system --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP system (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.8"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'这会触发
system-app、system-sphinx和system-sidekiqDeploymentConfig 的重新部署。等待它们重新部署、对应的新容器集就绪,并且旧容器集终止。
对
amp-apicast镜像流进行补丁:oc patch imagestream/amp-apicast --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP APIcast 2.8"}, "from": { "kind": "DockerImage", "name": "registry.redhat.io/3scale-amp2/apicast-gateway-rhel8:3scale2.8"}, "name": "2.8", "referencePolicy": {"type": "Source"}}}]' oc patch imagestream/amp-apicast --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP APIcast (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.8"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'这会触发
apicast-production和apicast-stagingDeploymentConfig 的重新部署。等待它们重新部署、对应的新容器集就绪,并且旧容器集终止。对
amp-backend镜像流进行补丁:oc patch imagestream/amp-backend --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Backend 2.8"}, "from": { "kind": "DockerImage", "name": "registry.redhat.io/3scale-amp2/backend-rhel7:3scale2.8"}, "name": "2.8", "referencePolicy": {"type": "Source"}}}]' oc patch imagestream/amp-backend --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Backend (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.8"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'这会触发
backend-listener、backend-worker和backend-cronDeploymentConfig 的重新部署。等待它们重新部署、对应的新容器集就绪,并且旧容器集终止。对
amp-zync镜像流进行补丁:oc patch imagestream/amp-zync --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Zync 2.8"}, "from": { "kind": "DockerImage", "name": "registry.redhat.io/3scale-amp2/zync-rhel7:3scale2.8"}, "name": "2.8", "referencePolicy": {"type": "Source"}}}]' oc patch imagestream/amp-zync --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Zync (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.8"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'这会触发
zync和zync-queDeploymentConfig 的重新部署。等待它们重新部署、对应的新容器集就绪,并且旧容器集终止。对
system-memcachedImageStream 进行补丁:oc patch imagestream/system-memcached --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "System 2.8 Memcached"}, "from": { "kind": "DockerImage", "name": "registry.redhat.io/3scale-amp2/memcached-rhel7:3scale2.8"}, "name": "2.8", "referencePolicy": {"type": "Source"}}}]' oc patch imagestream/system-memcached --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "System Memcached (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.8"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'这会触发
system-memcacheDeploymentConfig 的重新部署。等待它重新部署、对应的新容器集就绪,并且旧容器集终止。对
zync-database-postgresql镜像流进行补丁:oc patch imagestream/zync-database-postgresql --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "Zync 2.8 PostgreSQL"}, "from": { "kind": "DockerImage", "name": "registry.redhat.io/rhscl/postgresql-10-rhel7"}, "name": "2.8", "referencePolicy": {"type": "Source"}}}]' oc patch imagestream/zync-database-postgresql --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "Zync PostgreSQL (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.8"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'此 patch 命令更新
zync-database-postgresql镜像流,使其包含 2.8 标签。您可以通过执行以下内容来验证 2.8 标签是否已创建:oc get is/zync-database-postgresql
然后,检查
tags列是否显示2.8标签。-
如果镜像有新的更新,此补丁还可能触发
zync-databaseDeploymentConfig 的重新部署。如果发生这种情况,请等待新容器集重新部署并就绪,并且旧容器集终止。
如果 3scale 2.7 安装中存在一个或多个 DeploymentConfig,请点适用 DeploymentConfig 的链接来获取如何继续的更多信息:
验证 DeploymentConfig 的所有镜像 URL 包含新的镜像 registry URL,并在各个 URL 地址末尾添加一个哈希:
$ THREESCALE_DC_NAMES="apicast-production apicast-staging backend-cron backend-listener backend-redis backend-worker system-app system-memcache system-mysql system-redis system-sidekiq system-sphinx zync zync-database zync-que" for component in ${THREESCALE_DC_NAMES}; do echo -n "${component} image: " && oc get dc $component -o json | jq .spec.template.spec.containers[0].image ; done
1.2.9.1. 现有 DeploymentConfig 的额外步骤
1.2.9.1.1. backend-redis DeploymentConfig
如果当前 3scale 安装中存在 backend-redis DeploymentConfig,请修补 backend-redis 镜像流:
oc patch imagestream/backend-redis --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "Backend 2.8 Redis"}, "from": { "kind": "DockerImage", "name": "registry.redhat.io/rhscl/redis-32-rhel7:3.2"}, "name": "2.8", "referencePolicy": {"type": "Source"}}}]'
oc patch imagestream/backend-redis --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "Backend Redis (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.8"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'-
此补丁更新了
backend-redis镜像流,使其包含2.8标签。使用以下命令,如果tags列显示了2.8,您可以确认标签已创建:
oc get is/backend-redis
-
如果镜像上有新的更新,此补丁还可能触发
backend-redisDeploymentConfig 的重新部署。如果发生这种情况,请等待新容器集重新部署并就绪,并且旧容器集终止。
继续 升级 3scale 镜像。
1.2.9.1.2. system-redis DeploymentConfig
如果当前 3scale 安装中存在 system-redis DeploymentConfig,请修补 system-redis 镜像流:
oc patch imagestream/system-redis --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "System 2.8 Redis"}, "from": { "kind": "DockerImage", "name": "registry.redhat.io/rhscl/redis-32-rhel7:3.2"}, "name": "2.8", "referencePolicy": {"type": "Source"}}}]'
oc patch imagestream/system-redis --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "System Redis (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.8"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'-
此补丁更新了
system-redis镜像流,使其包含2.8标签。使用以下命令,如果tags列显示了2.8,您可以确认标签已创建:
oc get is/system-redis
-
如果镜像有新的更新,此补丁还可能触发
system-redisDeploymentConfig 的重新部署。如果发生这种情况,请等待新容器集重新部署并就绪,并且旧容器集终止。
继续 升级 3scale 镜像。
1.2.9.1.3. system-mysql DeploymentConfig
如果当前 3scale 安装中存在 system-mysql DeploymentConfig,请修补 system-mysql 镜像流:
oc patch imagestream/system-mysql --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "System 2.8 MySQL"}, "from": { "kind": "DockerImage", "name": "registry.redhat.io/rhscl/mysql-57-rhel7:5.7"}, "name": "2.8", "referencePolicy": {"type": "Source"}}}]'
oc patch imagestream/system-mysql --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "System MySQL (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.8"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'-
此补丁更新了
system-mysql镜像流,使其包含2.8标签。使用以下命令,如果tags列显示了2.8,您可以确认标签已创建:
oc get is/system-mysql
-
如果镜像上有新的更新,此补丁还可能触发
system-mysqlDeploymentConfig 的重新部署。如果发生这种情况,请等待新容器集重新部署并就绪,并且旧容器集终止。
继续 升级 3scale 镜像。
1.2.9.1.4. system-postgresql DeploymentConfig
如果当前 3scale 安装中存在 system-postgresql DeploymentConfig,请修补 system-postgresql 镜像流:
oc patch imagestream/system-postgresql --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "System 2.8 PostgreSQL"}, "from": { "kind": "DockerImage", "name": "registry.redhat.io/rhscl/postgresql-10-rhel7
"}, "name": "2.8", "referencePolicy": {"type": "Source"}}}]'
oc patch imagestream/system-postgresql --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "System PostgreSQL (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.8"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'-
此补丁更新了
system-postgresql镜像流,使其包含2.8标签。使用以下命令,如果tags列显示了2.8,您可以确认标签已创建:
oc get is/system-postgresql
-
如果镜像有新的更新,此补丁还可能触发
system-postgresqlDeploymentConfig 的重新部署。如果发生这种情况,请等待新容器集重新部署并就绪,并且旧容器集终止。
继续 升级 3scale 镜像。
1.2.10. 删除 smtp ConfigMap
当前步骤
此步骤会删除 smtp ConfigMap,因为此 ConfigMap 已迁移到 system-smtp secret。
要删除 smtp ConfigMap,请运行以下命令:
$ oc delete cm smtp
如果命令未返回错误,则代表它可以正常工作。
后续步骤
无。执行所有列出的步骤后,基于模板的部署中的 3scale 从 2.7 升级到 2.8 现已完成。
