Chapter 1. Upgrading 3scale API Management 2.3 to 2.4

As a 3scale API Management administrator, upgrade your installation from version 2.3 to 2.4. Optionally, you can change the impersonation of administrator data.

Warning

This process can cause disruption in the service. Make sure to have a maintenance window.

1.1. Prerequisites

  • 3scale API Management 2.3 deployed in a project.
  • Tool prerequisites:

    • jq

1.2. Upgrading 3scale API Management

To upgrade 3scale API Management from 2.3 to 2.4 follow the steps in the order listed below:

1.2.1. Creating ConfigMaps

Create files that contain the details of the ConfigMaps to be sourced for the new OpenShift elements.

  1. Configure the required variables:

    export $(oc set env dc/system-app --list|grep THREESCALE_SUPERDOMAIN|sort -u)
    export $(oc set env dc/system-app --list|grep APICAST_REGISTRY_URL|sort -u)
    APP_LABEL=$(oc get dc backend-listener -o json | jq .spec.template.metadata.labels.app -r)
    AMP_RELEASE=2.4.0
  2. Confirm that the variables are properly configured:

    echo $THREESCALE_SUPERDOMAIN
    echo $APICAST_REGISTRY_URL
    echo $APP_LABEL
    echo $AMP_RELEASE
  3. Create the system-environment ConfigMap:

    1. Compose a file called system-environment.yml.

      cat<<EOF> system-environment.yml
      
      apiVersion: v1
      data:
        AMP_RELEASE: ${AMP_RELEASE}
        APICAST_REGISTRY_URL: ${APICAST_REGISTRY_URL}
        FORCE_SSL: "true"
        PROVIDER_PLAN: enterprise
        RAILS_ENV: production
        RAILS_LOG_LEVEL: info
        RAILS_LOG_TO_STDOUT: "true"
        SSL_CERT_DIR: /etc/pki/tls/certs
        THINKING_SPHINX_PORT: "9306"
        THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE: VERIFY_NONE
        THREESCALE_SUPERDOMAIN: ${THREESCALE_SUPERDOMAIN}
      kind: ConfigMap
      metadata:
        creationTimestamp: null
        labels:
          app: ${APP_LABEL}
          3scale.component: system
        name: system-environment
      EOF
    2. Create the new system-environment ConfigMap:

      oc create -f system-environment.yml
  4. Create the backend-environment ConfigMap:

    1. Get the value of the backend-listener DeploymentConfig:

      export $(oc set env dc/backend-listener --list|grep RACK_ENV|sort -u)
    2. Compose a new file called backend-environment.yml.

      cat<<EOF>backend-environment.yml
      apiVersion: v1
      data:
        RACK_ENV: ${RACK_ENV}
      kind: ConfigMap
      metadata:
        creationTimestamp: null
        labels:
          app: ${APP_LABEL}
          3scale.component: backend
        name: backend-environment
      EOF
    3. Create the new backend-environment ConfigMap:

      oc create -f backend-environment.yml
  5. Create the apicast-environment ConfigMap:

    1. Compose a new file called apicast-environment.yml.

      cat<<EOT>apicast-environment.yml
      apiVersion: v1
      data:
        APICAST_MANAGEMENT_API: status
        APICAST_RESPONSE_CODES: "true"
        OPENSSL_VERIFY: "false"
      kind: ConfigMap
      metadata:
        name: apicast-environment
      EOT
    2. Create the new apicast-environment ConfigMap:

      oc create -f apicast-environment.yml

1.2.2. Creating the system master route

To create the system master route:

  1. Configure MASTER_NAME with the value of the MASTER_DOMAIN environment variable:

    export $(oc set env dc/system-app --list|grep MASTER_DOMAIN|sort -u)
    MASTER_NAME=$MASTER_DOMAIN
  2. Confirm that MASTER_NAME is properly set:

    echo $MASTER_NAME
  3. Create the system-master route and delete the system-master-admin route:

    oc create route edge system-master --service=system-master --hostname=${MASTER_NAME}.${THREESCALE_SUPERDOMAIN} --port=http
    oc delete route system-master-admin

1.2.3. Migrating the system database secret

To migrate the system database secret into the new system-database OpenShift secret:

  1. Get the existing MySQL environment variables:

    export $(oc set env dc/system-mysql --list|grep MYSQL_ROOT_PASSWORD)
    export $(oc set env dc/system-mysql --list | grep MYSQL_DATABASE)
  2. Get the APP_LABEL environment variable:

    APP_LABEL=$(oc get dc backend-listener -o json | jq .spec.template.metadata.labels.app -r)
  3. Confirm that you have correctly set the following environment variables:

    echo ${MYSQL_ROOT_PASSWORD}
    echo ${MYSQL_DATABASE}
    echo ${APP_LABEL}
  4. Create the file containing the system-database secret:

    cat > system-database.yml <<EOF
    
    apiVersion: v1
    kind: Secret
    metadata:
      creationTimestamp: null
      labels:
        3scale.component: system
        app: ${APP_LABEL}
      name: system-database
    stringData:
      URL: mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}
    type: Opaque
    EOF
  5. Create the secret:

    oc create -f system-database.yml

1.2.4. Creating new secrets

To continue with the upgrade process, you must create:

1.2.4.1. Creating the system-master-apicast secret

  1. Get the value of APICAST_ACCESS_TOKEN:

    export APICAST_ACCESS_TOKEN=$(oc set env --list dc/apicast-production|sort -u|grep THREESCALE_PORTAL_ENDPOINT|cut -d@ -f1|cut -d/ -f3)
  2. Compose a new file called system-master-apicast.yml:

    cat<<EOF> system-master-apicast.yml
    apiVersion: v1
    kind: Secret
    metadata:
      creationTimestamp: null
      labels:
        app: ${APP_LABEL}
        3scale.component: system
      name: system-master-apicast
    stringData:
      ACCESS_TOKEN: ${APICAST_ACCESS_TOKEN}
      BASE_URL: http://${APICAST_ACCESS_TOKEN}@system-master:3000
      PROXY_CONFIGS_ENDPOINT: http://${APICAST_ACCESS_TOKEN}@system-master:3000/master/api/proxy/configs
    type: Opaque
    EOF
  3. Create the new system-master-apicast secret:

    oc create -f system-master-apicast.yml

Back to Section 1.2.4, “Creating new secrets”.

1.2.4.2. Creating the -redis secrets

  1. Create the system-redis secret:

    1. Compose a file called system-redis.yml with the following content:

      cat > system-redis.yml <<EOF
      
      apiVersion: v1
      kind: Secret
      metadata:
        creationTimestamp: null
        labels:
            3scale.component: system
            app: ${APP_LABEL}
        name: system-redis
      stringData:
        URL: redis://system-redis:6379/1
        type: Opaque
      EOF
    2. Create the system-redis secret with the information contained in the file:

      oc create -f system-redis.yml
  2. Create the backend-redis secret:

    1. Compose a file called backend-redis.yml with this content:

      cat > backend-redis.yml <<EOF
      
      apiVersion: v1
      kind: Secret
      type: Opaque
      metadata:
        creationTimestamp: null
        labels:
            3scale.component: backend
            app: ${APP_LABEL}
        name: backend-redis
      stringData:
        REDIS_QUEUES_SENTINEL_HOSTS: ""
        REDIS_QUEUES_SENTINEL_ROLE: ""
        REDIS_QUEUES_URL: redis://backend-redis:6379/1
        REDIS_STORAGE_SENTINEL_HOSTS: ""
        REDIS_STORAGE_SENTINEL_ROLE: ""
        REDIS_STORAGE_URL: redis://backend-redis:6379/0
      EOF
    2. Create the backend-redis secret with the information contained in the file:

      oc create -f backend-redis.yml
  3. Create the apicast-redis secret:

    1. Compose a file called apicast-redis.yml with this content:

      cat<<EOT>apicast-redis.yml
      apiVersion: v1
      stringData:
        PRODUCTION_URL: redis://system-redis:6379/1
        STAGING_URL: redis://system-redis:6379/2
      kind: Secret
      metadata:
        labels:
          3scale.component: apicast
          app: ${APP_LABEL}
        name: apicast-redis
      EOT
    2. Create the apicast-redis secret with the information contained in the file:

      oc create -f apicast-redis.yml

Back to Section 1.2.4, “Creating new secrets”.

1.2.4.3. Creating the backend- secrets

  1. Create the backend-listener secret:

    1. Compose a file called backend-listener.yml with this content:

      cat<<EOT>backend-listener.yml
      apiVersion: v1
      stringData:
        route_endpoint: https://backend-3scale.${THREESCALE_SUPERDOMAIN}
        service_endpoint: http://backend-listener:3000
      kind: Secret
      metadata:
        name: backend-listener
      EOT
    2. Create the backend-listener secret with the information contained in the file:

      oc create -f backend-listener.yml
  2. Create the backend-internal-api secret:

    1. Obtain the values from the 2.3 environment:

      export $(oc set env dc backend-listener --list|grep CONFIG_INTERNAL_API_USER)
      export $(oc set env dc backend-listener --list|grep CONFIG_INTERNAL_API_PASSWORD)
    2. Check the value of the variables:

      echo $CONFIG_INTERNAL_API_USER $CONFIG_INTERNAL_API_PASSWORD
    3. Create the secret:

      oc create secret generic backend-internal-api --from-literal=password=${CONFIG_INTERNAL_API_PASSWORD} --from-literal=username=${CONFIG_INTERNAL_API_USER}

Back to Section 1.2.4, “Creating new secrets”.

1.2.4.4. Creating the system- secrets

  1. Create the system-memcache secret:

    1. Compose a file called system-memcache.yml with this content:

      cat<<EOT>system-memcache.yml
      apiVersion: v1
      stringData:
        SERVERS: system-memcache:11211
      kind: Secret
      metadata:
        name: system-memcache
      EOT
    2. Create the system-memcache secret with the information contained in the file:

      oc create -f system-memcache.yml
  2. Create the system-recaptcha secret:

    1. Compose a file called system-recaptcha.yml with this content:

      cat<<EOT>system-recaptcha.yml
      apiVersion: v1
      stringData:
        PRIVATE_KEY: ""
        PUBLIC_KEY: ""
      kind: Secret
      metadata:
        name: system-recaptcha
      EOT
    2. Create the system-recaptcha secret with the information contained in the file:

      oc create -f system-recaptcha.yml
  3. Create the system-events-hook secret:

    1. Get the values from the 2.3 environment:

      export $(oc set env dc backend-worker --list|grep CONFIG_EVENTS_HOOK_SHARED_SECRET)
    2. Confirm the value of the variables:

      echo ${CONFIG_EVENTS_HOOK_SHARED_SECRET}
    3. Create the secret:

      oc create secret generic system-events-hook --from-literal=PASSWORD=${CONFIG_EVENTS_HOOK_SHARED_SECRET} --from-literal=URL=http://system-master:3000/master/events/import
  4. Create the system-seed secret:

    1. Get the values from the 2.3 environment:

      export $(oc set env dc system-app --list|grep ADMIN_ACCESS_TOKEN|uniq)
      export $(oc set env dc system-app --list|grep USER_PASSWORD|uniq)
      export $(oc set env dc system-app --list|grep USER_LOGIN|uniq)
      export $(oc set env dc system-app --list|grep MASTER_DOMAIN|uniq)
      export $(oc set env dc system-app --list|grep MASTER_PASSWORD|uniq)
      export $(oc set env dc system-app --list|grep MASTER_USER|uniq)
      export $(oc set env dc system-app --list|grep TENANT_NAME|uniq)
    2. Confirm the value of the variables:

      echo ${ADMIN_ACCESS_TOKEN} ${USER_PASSWORD} ${USER_LOGIN} ${MASTER_DOMAIN} ${MASTER_PASSWORD} ${MASTER_USER} ${TENANT_NAME}
    3. Create the secret:

      oc create secret generic system-seed --from-literal=ADMIN_ACCESS_TOKEN=${ADMIN_ACCESS_TOKEN} --from-literal=ADMIN_PASSWORD=${USER_PASSWORD} --from-literal=ADMIN_USER=${USER_LOGIN} --from-literal=MASTER_DOMAIN=${MASTER_DOMAIN} --from-literal=MASTER_PASSWORD=${MASTER_PASSWORD} --from-literal=MASTER_USER=${MASTER_USER} --from-literal=TENANT_NAME=${TENANT_NAME}
  5. Create the system-app secret:

    1. Obtain the values from the 2.3 environment:

      export $(oc set env dc system-app --list|grep SECRET_KEY_BASE|uniq)
    2. Confirm the value of the variables:

      echo ${SECRET_KEY_BASE}
    3. Create the secret:

      oc create secret generic system-app --from-literal=SECRET_KEY_BASE=${SECRET_KEY_BASE}

Back to Section 1.2.4, “Creating new secrets”.

1.2.5. Patching DeploymentConfigs

  1. Patch the backend-cron DeploymentConfig:

    oc patch dc/backend-cron -p '{"spec":{"template":{"spec":{"containers":[{"name":"backend-cron","env":[{"name":"CONFIG_REDIS_PROXY","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"RACK_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RACK_ENV","name":"backend-environment"}}}]}],"initContainers":[{"name":"backend-redis-svc","command":["/opt/app/entrypoint.sh","sh","-c","until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;\ndone"],"env":[{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}}]}]}}}}'
  2. Patch the backend-listener DeploymentConfig:

    oc patch dc/backend-listener -p '{"spec":{"template":{"spec":{"containers":[{"name":"backend-listener","env":[{"name":"CONFIG_REDIS_PROXY","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"RACK_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RACK_ENV","name":"backend-environment"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]}]}}}}'
  3. Patch the backend-worker DeploymentConfig:

    oc patch dc/backend-worker -p '{"spec":{"template":{"spec":{"containers":[{"name":"backend-worker","env":[{"name":"CONFIG_REDIS_PROXY","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_REDIS_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_HOSTS","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_HOSTS","name":"backend-redis"}}},{"name":"CONFIG_QUEUES_SENTINEL_ROLE","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_SENTINEL_ROLE","name":"backend-redis"}}},{"name":"RACK_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RACK_ENV","name":"backend-environment"}}},{"name":"CONFIG_EVENTS_HOOK","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-events-hook"}}},{"name":"CONFIG_EVENTS_HOOK_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}}]}],"initContainers":[{"name":"backend-redis-svc","command":["/opt/app/entrypoint.sh","sh","-c","until rake connectivity:redis_storage_queue_check; do sleep $SLEEP_SECONDS;\ndone"],"env":[{"name":"CONFIG_QUEUES_MASTER_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_QUEUES_URL","name":"backend-redis"}}}]}]}}}}'
  4. Patch the system-app DeploymentConfig containers:

    oc patch dc/system-app -p '{"spec":{"strategy":{"activeDeadlineSeconds":21600,"resources":{},"rollingParams":{"pre":{"execNewPod":{"env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"THINKING_SPHINX_ADDRESS","value":"system-sphinx"},{"name":"THINKING_SPHINX_CONFIGURATION_FILE","value":"/tmp/sphinx.conf"},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"SMTP_ADDRESS","valueFrom":{"configMapKeyRef":{"key":"address","name":"smtp"}}},{"name":"SMTP_USER_NAME","valueFrom":{"configMapKeyRef":{"key":"username","name":"smtp"}}},{"name":"SMTP_PASSWORD","valueFrom":{"configMapKeyRef":{"key":"password","name":"smtp"}}},{"name":"SMTP_DOMAIN","valueFrom":{"configMapKeyRef":{"key":"domain","name":"smtp"}}},{"name":"SMTP_PORT","valueFrom":{"configMapKeyRef":{"key":"port","name":"smtp"}}},{"name":"SMTP_AUTHENTICATION","valueFrom":{"configMapKeyRef":{"key":"authentication","name":"smtp"}}},{"name":"SMTP_OPENSSL_VERIFY_MODE","valueFrom":{"configMapKeyRef":{"key":"openssl.verify.mode","name":"smtp"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]}}}},"template":{"spec":{"containers":[{"name":"system-master","env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]},{"name":"system-provider","env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]},{"name":"system-developer","env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]}],"volumes":[{"configMap":{"defaultMode":420,"items":[{"key":"zync.yml","path":"zync.yml"},{"key":"rolling_updates.yml","path":"rolling_updates.yml"},{"key":"service_discovery.yml","path":"service_discovery.yml"}],"name":"system"},"name":"system-config"}]}}}}'
  5. Update the system-sidekiq DeploymentConfig to gather the database information of system from the new secret:

    oc patch dc/system-sidekiq -p '{"spec":{"template":{"spec":{"containers":[{"name":"system-sidekiq","env":[{"name":"AMP_RELEASE","value":null,"valueFrom":{"configMapKeyRef":{"key":"AMP_RELEASE","name":"system-environment"}}},{"name":"APICAST_REGISTRY_URL","value":null,"valueFrom":{"configMapKeyRef":{"key":"APICAST_REGISTRY_URL","name":"system-environment"}}},{"name":"FORCE_SSL","value":null,"valueFrom":{"configMapKeyRef":{"key":"FORCE_SSL","name":"system-environment"}}},{"name":"PROVIDER_PLAN","value":null,"valueFrom":{"configMapKeyRef":{"key":"PROVIDER_PLAN","name":"system-environment"}}},{"name":"RAILS_ENV","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_ENV","name":"system-environment"}}},{"name":"RAILS_LOG_LEVEL","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_LEVEL","name":"system-environment"}}},{"name":"RAILS_LOG_TO_STDOUT","value":null,"valueFrom":{"configMapKeyRef":{"key":"RAILS_LOG_TO_STDOUT","name":"system-environment"}}},{"name":"SSL_CERT_DIR","value":null,"valueFrom":{"configMapKeyRef":{"key":"SSL_CERT_DIR","name":"system-environment"}}},{"name":"THINKING_SPHINX_PORT","value":null,"valueFrom":{"configMapKeyRef":{"key":"THINKING_SPHINX_PORT","name":"system-environment"}}},{"name":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE","name":"system-environment"}}},{"name":"THREESCALE_SUPERDOMAIN","value":null,"valueFrom":{"configMapKeyRef":{"key":"THREESCALE_SUPERDOMAIN","name":"system-environment"}}},{"name":"DATABASE_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}},{"name":"MASTER_DOMAIN","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_DOMAIN","name":"system-seed"}}},{"name":"MASTER_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_USER","name":"system-seed"}}},{"name":"MASTER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"MASTER_PASSWORD","name":"system-seed"}}},{"name":"ADMIN_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_ACCESS_TOKEN","name":"system-seed"}}},{"name":"USER_LOGIN","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_USER","name":"system-seed"}}},{"name":"USER_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"ADMIN_PASSWORD","name":"system-seed"}}},{"name":"TENANT_NAME","value":null,"valueFrom":{"secretKeyRef":{"key":"TENANT_NAME","name":"system-seed"}}},{"name":"EVENTS_SHARED_SECRET","value":null,"valueFrom":{"secretKeyRef":{"key":"PASSWORD","name":"system-events-hook"}}},{"name":"RECAPTCHA_PUBLIC_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PUBLIC_KEY","name":"system-recaptcha"}}},{"name":"RECAPTCHA_PRIVATE_KEY","value":null,"valueFrom":{"secretKeyRef":{"key":"PRIVATE_KEY","name":"system-recaptcha"}}},{"name":"SECRET_KEY_BASE","value":null,"valueFrom":{"secretKeyRef":{"key":"SECRET_KEY_BASE","name":"system-app"}}},{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}},{"name":"MEMCACHE_SERVERS","value":null,"valueFrom":{"secretKeyRef":{"key":"SERVERS","name":"system-memcache"}}},{"name":"BACKEND_REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"REDIS_STORAGE_URL","name":"backend-redis"}}},{"name":"APICAST_BACKEND_ROOT_ENDPOINT","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"BACKEND_ROUTE","value":null,"valueFrom":{"secretKeyRef":{"key":"route_endpoint","name":"backend-listener"}}},{"name":"APICAST_ACCESS_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ACCESS_TOKEN","name":"system-master-apicast"}}},{"name":"ZYNC_AUTHENTICATION_TOKEN","value":null,"valueFrom":{"secretKeyRef":{"key":"ZYNC_AUTHENTICATION_TOKEN","name":"zync"}}},{"name":"CONFIG_INTERNAL_API_USER","value":null,"valueFrom":{"secretKeyRef":{"key":"username","name":"backend-internal-api"}}},{"name":"CONFIG_INTERNAL_API_PASSWORD","value":null,"valueFrom":{"secretKeyRef":{"key":"password","name":"backend-internal-api"}}}]}],"initContainers":[{"name":"check-svc","command":["bash","-c","bundle exec sh -c \"until rake boot:redis && curl --output /dev/null --silent --fail --head http://system-master:3000/status; do sleep $SLEEP_SECONDS; done\""],"env":[{"name":"REDIS_URL","value":null,"valueFrom":{"secretKeyRef":{"key":"URL","name":"system-redis"}}}]}],"volumes":[{"configMap":{"defaultMode":420,"items":[{"key":"zync.yml","path":"zync.yml"},{"key":"rolling_updates.yml","path":"rolling_updates.yml"},{"key":"service_discovery.yml","path":"service_discovery.yml"}]},"name":"system-config"}]}}}}'
  6. Update the system-sphinx DeploymentConfig to gather the database information of system from the new secret:

    oc patch dc/system-sphinx -p '{"spec":{"template":{"spec":{"containers":[{"name":"system-sphinx","env":[{"name":"DATABASE_URL","value":"","valueFrom":{"secretKeyRef":{"key":"URL","name":"system-database"}}}]}]}}}}'
  7. Patch the apicast-staging DeploymentConfig containers:

    oc patch dc/apicast-staging -p '{"spec":{"template": {"spec": { "containers": [ {"name": "apicast-staging", "env": [ { "name": "THREESCALE_PORTAL_ENDPOINT", "value":null,"valueFrom": { "secretKeyRef": { "key": "PROXY_CONFIGS_ENDPOINT", "name": "system-master-apicast" } } }, { "name": "BACKEND_ENDPOINT_OVERRIDE", "value":null,"valueFrom": { "secretKeyRef": { "key": "service_endpoint", "name": "backend-listener" } } }, { "name": "APICAST_MANAGEMENT_API", "value":null,"valueFrom": { "configMapKeyRef": { "key": "APICAST_MANAGEMENT_API", "name": "apicast-environment" } } }, { "name": "OPENSSL_VERIFY", "value":null,"valueFrom": { "configMapKeyRef": { "key": "OPENSSL_VERIFY", "name": "apicast-environment" } } }, { "name": "APICAST_RESPONSE_CODES", "value":null,"valueFrom": { "configMapKeyRef": { "key": "APICAST_RESPONSE_CODES", "name": "apicast-environment" } } }, { "name": "APICAST_CONFIGURATION_LOADER", "value": "lazy" }, { "name": "APICAST_CONFIGURATION_CACHE", "value": "0" }, { "name": "THREESCALE_DEPLOYMENT_ENV", "value": "staging" }, { "name": "REDIS_URL", "value":null,"valueFrom": { "secretKeyRef": { "key": "STAGING_URL", "name": "apicast-redis" } } } ]}]}}}}'
  8. Patch the apicast-production DeploymentConfig containers:

    oc patch dc/apicast-production -p '{"spec":{"template":{"spec": { "containers": [ {"name":"apicast-production", "env": [ { "name": "THREESCALE_PORTAL_ENDPOINT", "value":null,"valueFrom": { "secretKeyRef": { "key": "PROXY_CONFIGS_ENDPOINT", "name": "system-master-apicast" } } }, { "name": "BACKEND_ENDPOINT_OVERRIDE", "value":null,"valueFrom": { "secretKeyRef": { "key": "service_endpoint", "name": "backend-listener" } } }, { "name": "APICAST_MANAGEMENT_API", "value":null,"valueFrom": { "configMapKeyRef": { "key": "APICAST_MANAGEMENT_API", "name": "apicast-environment" } } }, { "name": "OPENSSL_VERIFY", "value":null,"valueFrom": { "configMapKeyRef": { "key": "OPENSSL_VERIFY", "name": "apicast-environment" } } }, { "name": "APICAST_RESPONSE_CODES", "value":null,"valueFrom": { "configMapKeyRef": { "key": "APICAST_RESPONSE_CODES", "name": "apicast-environment" } } }, { "name": "APICAST_CONFIGURATION_LOADER", "value": "boot" }, { "name": "APICAST_CONFIGURATION_CACHE", "value": "300" }, { "name": "THREESCALE_DEPLOYMENT_ENV", "value": "production" }, { "name": "REDIS_URL", "value":null,"valueFrom": { "secretKeyRef": { "key": "PRODUCTION_URL", "name": "apicast-redis" } } } ]}]}}}}'
  9. Patch the apicast-wildcard-router DeploymentConfig containers:

    oc patch dc/apicast-wildcard-router -p '{"spec":{"template":{"spec":{"containers":[{"name":"apicast-wildcard-router","env":[{"name":"API_HOST","value":null,"valueFrom":{"secretKeyRef":{"key":"BASE_URL","name":"system-master-apicast"}}}]}]}}}}'

1.2.6. Patching image streams

  1. Patch the amp-system image stream:

    • If 3scale API Management is deployed with Oracle Database,

      1. Update the system image 2.4.0 image stream:

        oc patch imagestream/amp-system --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP system 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/system"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
      2. Update the build configuration for 3scale-amp-oracle to fetch from the 2.4 tag:

        oc patch bc 3scale-amp-system-oracle --type json -p '[{"op": "replace", "path": "/spec/strategy/dockerStrategy/from/name", "value": "amp-system:2.4.0"}]'
      3. Run the build:

        oc start-build 3scale-amp-system-oracle --from-dir=.
    • If 3scale API Management is deployed with a different database, use the following commands:

      oc patch imagestream/amp-system --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP system 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/system"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
      oc patch imagestream/amp-system --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP system (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.4.0"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'
  2. Patch the amp-apicast image stream:

    oc patch imagestream/amp-apicast --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP APIcast 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/apicast-gateway"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
    oc patch imagestream/amp-apicast --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP APIcast (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.4.0"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'
  3. Patch the amp-backend image stream:

    oc patch imagestream/amp-backend --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Backend 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/backend"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
    oc patch imagestream/amp-backend --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Backend (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.4.0"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'
  4. Patch the amp-zync image stream:

    oc patch imagestream/amp-zync --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Zync 2.4.0"}, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/3scale-amp24/zync"}, "name": "2.4.0", "referencePolicy": {"type": "Source"}}}]'
    oc patch imagestream/amp-zync --type=json -p '[{"op": "add", "path": "/spec/tags/-", "value": {"annotations": {"openshift.io/display-name": "AMP Zync (latest)"}, "from": { "kind": "ImageStreamTag", "name": "2.4.0"}, "name": "latest", "referencePolicy": {"type": "Source"}}}]'

1.2.7. Adding the entry for Service Discovery

As part of the upgrade process, add the ConfigMap entry for Service Discovery. Service Discovery is a feature that allows you to add APIs for management by recognizing the discoverable running services in an OpenShift cluster

  1. Edit the system ConfigMap to add the entry:

    oc edit configmap system
  2. Add the entry:

    service_discovery.yml: |
         production:
           enabled: <%= cluster_token_file_exists = File.exists?(cluster_token_file_path = '/var/run/secrets/kubernetes.io/serviceaccount/token') %>
           server_scheme: 'https'
           server_host: 'kubernetes.default.svc.cluster.local'
           server_port: 443
           bearer_token: "<%= File.read(cluster_token_file_path) if cluster_token_file_exists %>"
           authentication_method: service_account # can be service_account|oauth
           oauth_server_type: builtin # can be builtin|rh_sso
           client_id:
           client_secret:
           timeout: 1
           open_timeout: 1
           max_retry: 5
           verify_ssl: <%= OpenSSL::SSL::VERIFY_NONE %> # 0

You can continue with additional configurations to import services by referring to the Service Discovery guide.

1.2.8. Configuring additional DeploymentConfigs

  1. Patch the system-memcache DeploymentConfig:

    oc patch dc/system-memcache --patch='{"spec":{"template":{"spec":{"containers":[{"name": "memcache", "image":"registry.access.redhat.com/3scale-amp20/memcached"}]}}}}'
  2. Delete the system-resque DeploymentConfig:

    oc delete dc/system-resque
  3. Set environment variables to increase system-sidekiq concurrency to the recommended levels:

    oc set env dc/system-sidekiq RAILS_MAX_THREADS=25
  4. Set environment variable to update the visible release version:

    oc set env dc/system-app AMP_RELEASE=2.4.0

1.3. Changing Administrator Impersonation (Optional)

As 3scale API Management is open source, impersonation data is publicly disclosed. For this reason, you might want to change some data:

  • The unique username for the impersonation of administrators.
  • The domain of the email of the impersonation for the administrator user.

As an example, assume that username:<your-username> and domain:<example.com>. To change the impersonation of the administrator, you need to follow these steps:

  1. Create a file locally called system-impersonation-secret.yml with the following content:

    cat > system-impersonation-secret.yml <<EOF
    
    apiVersion: v1
    kind: Secret
    metadata:
      creationTimestamp: null
      labels:
        3scale.component: system
        app: ${APP_LABEL}
      name: system-impersonation
    stringData:
      username: "<your-username>"
      domain: "<example.com>"
    type: Opaque
    EOF
  2. Change <your-username> and <example.com> to the chosen user name and domain.
  3. Create a secret:

    oc create -f system-impersonation-secret.yml
  4. Set the environment variables from this secret with:

    oc set env --from=secret/system-impersonation --prefix=IMPERSONATION_ADMIN dc/system-app
  5. Redeploy system-app:

    oc rollout latest system-app
  6. Connect to the system-master container of system-app deployment:

    oc rsh -c system-master dc/system-app
  7. In this container execute, changing <your-username> and <example.com> accordingly:

    bundle exec rake "impersonation_admin_user:update[<your-username>,<example.com>]"

    You should be able to impersonate a tenant from the user interface now.