Release Notes for Red Hat 3scale API Management 2.11 On-premises
Document intended for use with Red Hat 3scale API Management 2.11
This document is intended for use with Red Hat 3scale API Management 2.11 On-premises.
Chapter 1. Compatibility between 3scale and OpenShift Container Platform
3scale 2.11 contains updates that enable it to work with OpenShift Container Platform (OCP) 4.9. If you plan to upgrade to OCP 4.9, you must upgrade 3scale to version 2.11 before you upgrade OCP to version 4.9. Earlier versions of 3scale do not support OCP 4.9. See Migrating 3scale.
If you are using OCP 4.9, you can install and run only version 2.11 of 3scale.
Chapter 2. New features
Red Hat 3scale API Management 2.11 provides the following new features:
3scale toolbox command line interface (CLI) commands that:
- API providers who are using Braintree can now toggle 3DS on or off (Jira 6860). See Configuring Braintree as a credit card gateway.
- Support for Redis 6 as an external database (Jira 6492).
- The length of time that a user can be logged in to 3scale (session length) is now configurable (Jira 693 and Jira 7143).
- Field definitions can now be set by means of the 3scale API (Jira 4082).
API gateway policies:
- Ability to set the Maintenance Mode Policy (downtime) depending on the subpath, backend, or another condition (Jira 6552).
- Option to accept/reject request if a policy is not executed in the policy chain (Jira 6705).
Access-Control-Max-Ageheader in CORS policy (Jira 6556). See CORS Request Handling.
APIcast configuration enhancements:
Ability to configure
proxy_cache_convert_headto determine whether
HEADrequests are converted to
GETrequests before requests are sent upstream (Jira 7016).
Ability to configure the
APICAST_LOG_LEVELenvironment variable on the 3scale operator (Jira 6452).
- APIcast environment variables are now exposed by custom resource definition (CRD) fields for the APIcast operator (Jira 5496).
- TLS is now enabled at the pod level with the APIcast operator (Jira 5499).
- Allow injection of custom policies into the APIcast operator (Jira 7031).
- Allow injection of custom environment into the APIcast operator (Jira 7033).
- Ability to configure extended metrics in the APIcast operator (Jira 7272).
- Ability to configure
- New option to disable the deployment of Prometheus rules (Jira 7137).
- Improved 3scale deployment status reporting (Jira 4753).
- Backend extension that lists application keys in response XML (Jira 7207).
- Ability to configure Jaeger and OpenTracing environment variables through the 3scale operator (Jira 7267).
3scale customer experience enhancements
- Improved display of application plans in the application plans index page (Jira 6875).
- Improved user interface (UI) for selecting the default application plan (Jira 6868).
- Renewed UI for creating applications (Jira 6876, Jira 6878, Jira 6879).
- Improved list of backends in the product overview page (Jira 6866).
- Improved list of products in the backend overview page (Jira 6877).
- Improved UI for creating backend mapping rules (Jira 6873).
Chapter 3. Technology Preview features
Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see https://access.redhat.com/support/offerings/techpreview/.
Red Hat 3scale API Management 2.11 provides the 3scale operator for application capabilities as a Technology Preview feature. The 3scale operator enables the use of custom resources (CRs) to define 3scale tenants, APIs, application plans, limits, metrics and other objects for use in a 3scale installation (Jira 3486). See Using the 3scale operator to configure and provision 3scale.
3scale operator application capabilities added in 3scale 2.11:
- Reconciliation of product CRs when a backend metric is deleted (Jira 5534).
- Custom resource definition for managing 3scale developer accounts (Jira 6501).
- Custom resource definition for managing 3scale developers who are associated with a developer account (Jira 6611).
Management of 3scale ActiveDocs by using an
ActiveDocCR (Jira 6584).
Management of custom policy definitions by using a
CustomPolicyDefinitionCR (Jira 6585).
Management of OpenAPI documents by using an
OpenAPICR (Jira 4712).
ProductCRs can now specify OpenID Connect authentication (Jira 5537). See Defining product authentication using OpenID Connect.
ProductCRs can now specify custom gateway responses and error messages (Jira 5536).
ProductCRs now support management of the policy chain (Jira 6235).
Another Technology Preview feature is the ability to add external dependencies and use them in custom policies (Jira 7488).
Chapter 4. Resolved issues
Red Hat 3scale API Management 2.11 resolves the following issues:
- Braintree errors are not surfaced in the 3scale Developer Portal (Jira 4963).
- Fix deprecated Github SSO integration for the developer portal (Jira 4441).
- System Grafana Dashboards heatmap negative values (Jira 6403).
- Search does not work for newly created services and backends until these items are indexed the next day (Jira 6205).
- Changes in product settings cannot be promoted to staging (Jira 6468).
- Pagination of products and backends shows all pages even when filtering (Jira 6385).
- Backend API metric not synced to backend as part of the backend_rewrite_storage task (Jira 6491).
- Not possible to set APIcast pod timezone using the APIcast operator(Jira 6476).
- APIManager deployment via operator fails when using SealedSecrets (Jira 6635).
- APIcast not striping standard ports for HTTP/HTTPS requests (Jira 2235).
- APIcast production pod is failing when deployed using template (Jira 5913).
- APIcast reports a release candidate version of OpenResty (Jira 6963).
- Internal error for certain calls in IP Check Policy (Jira 7076).
- TLS Termination Policy screen displays wrong form given selected options (Jira 6390).
- Wrong Content-Length header when using payload limits policy (Jira 6736).
- Importing OpenAPI fails on toolbox container image (Jira 6574).
- When copying a product from the toolbox CLI, the copied methods lose their description (Jira 6764).
- Toolbox fails when reimporting an OpenAPI spec (Jira 6906).
- Toolbox is unable to copy products with more than 500 backends (Jira 5224).
- Avoid creating stats keys containing the "0" (zero) value (Jira 6652).
- Fix infrequent exception raised in the backend component (Jira 6783).
- Empty flash error message showing in the new Account form (Jira 6633).
- Suppress warn messages on APIcast startup (Jira 5816).
- Operator backup does not work if pre-existing persistent volume is used (Jira 5677).
- HEAD requests converted to GET requests (Jira 7023).
- Fix error message for users logging into the Admin Portal (Jira 6321).
- Upstream cannot be null error in APIcast logs (Jira 5225).
APIcast logs unnecessary
warnmessages on start up (Jira 5816).
APIcast takes a long time to start up when using
- APIcast logs the private API URL instead of the public URL (Jira 6193).
- Liquid Context Debug policy is not working with APIaaP (Jira 6312).
- JWT Claim Check Policy does not work with APIaaP backend (Jira 6410).
- Add APIaaP Routing policy just before APIcast policy (Jira 6428).
APIcast is removing the
If-None-Matchheaders from requests (Jira 6704).
Importing an OAS Spec using the 3scale toolbox fails when only
staging-public-base-urlis set (Jira 6884).
first_daily_trafficevents are not updated (Jira 7227).
- Upstream Mutual TLS (mTLS) between APIcast and the backend API fails when more than a single certificate is used (Jira 7363).
- APIManager deployed with the operator is not picking up the latest images available (Jira 7435).
Chapter 5. Known issues
Known issues in Red Hat 3scale API Management 2.11:
- 3scale monitoring with Prometheus and Grafana performs inaccurately when showing values (Jira 6446).
- Sphinx searches return all records if you search by the name of the class (Jira 6405).
The NGINX Filters policy has no effect if you also add the Content Caching policy. The default behavior is that content caching is disabled. If you enable content caching, NGINX returns a
412response code when it cannot validate a request header even if you specified that header when you added the NGINX Filters policy (Jira 7514).
User names in 3scale must be 40 characters or fewer. When a user name has more than 40 characters, 3scale usually truncates it. Consider this when you do any of the following:
- Create a developer account.
- Create a provider account as the master.
- Add a user to a provider account as the provider or as the master.
- Add a user to a developer account in the Developer Portal or in the Admin Portal.
User names must be 40 characters or fewer when using Red Hat Single Sign-On to authenticate access to the Admin Portal or Developer Portal.
Chapter 6. Documentation
- Check the latest information about 3scale 2.11 supported configurations at the Red Hat 3scale API Management Supported Configurations website.
- Check the latest information about 3scale 2.11 security updates in the Red Hat Product Advisories portal.
- Advisory for RPMS: https://errata.engineering.redhat.com/advisory/74428
- Advisory for the Container Images: https://errata.engineering.redhat.com/advisory/74429
Chapter 7. Changes in 3scale
This section lists current and future 3scale changes.
7.1. Changed features
- Internal Redis databases have been upgraded from version 3.2 to version 5.x.
7.2. Deprecated features
- Support for an APIcast deployment running as a container in RHEL7 and Docker is deprecated. In future releases, 3scale will support only RHEL8. If you are running APIcast self-managed as a container, move to RHEL8 and Podman.
7.3. Removed features
- Redis 3.2 is no longer supported.
7.4. Future changes
When you use
Proxy Update, it creates a new APIcast configuration version for the staging environment with the updated settings. It is expected that this will not be the case in future releases. Customers will need to use the new
Proxy Config Promoteendpoint for this purpose.
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.