Release Notes

Red Hat 3scale API Management 2.6

For Use with Red Hat 3scale API Management 2.6

Red Hat Customer Content Services


Release Notes for Red Hat 3scale API Management 2.6.


This document is intended for use with Red Hat 3scale API Management and related patch releases.

Chapter 1. Red Hat 3scale API Management 2.6.1 - Patch release

This document is intended for use with Red Hat 3scale API Management 2.6.1 On-premises.

1.1. Resolved issues

  • The upgrade process of 3scale with Oracle Database, from version 2.5 to 2.6, now runs successfully due to updates in the image files (JIRA #4793).

Chapter 2. Red Hat 3scale API Management 2.6

This document is intended for use with Red Hat 3scale API Management 2.6 On-premises.

2.1. Supported configurations

  • Check the latest information about 3scale 2.6 supported configurations at the Red Hat 3scale API Management Supported Configurations website.
  • The operator image should only be installed using the supported Operator Lifecycle Manager (OLM) installation procedure. It is not intended to be installed manually.

2.2. New features

2.2.1. Major features

  • Introducing 3scale 2.6 certification on OpenShift 4.1 (JIRA #2657).
  • 3scale operator with installation is based on OLM (JIRA #2384).
  • Redis High Availability and Disaster Recovery (HA/DR) are now supported (JIRA #2584).
  • Automated API lifecycle supports Toolbox and Jenkins pipelines (JIRA #2201), with limitations regarding the edition of exported YAML files (JIRA #2350).
  • APIcast policies:

    • Retry policy: APIcast retries the request before reporting an error (JIRA #2261).
    • Upstream connection policy: Now you can modify the default values of some NGINX directives depending on your API backend (JIRA #2450).
  • Audit logs trail: You can forward existing audit logs to the standard container and pod logs (JIRA #2593)
  • OpenID Connect integration features are extended to facilitate work of third-party identity providers with Zync for client synchronization (JIRA #1131).
  • 3scale containerized images are now hosted at the authenticated registry located in (JIRA #2292).
  • 3scale provides PostgreSQL support for system (JIRA #2839).

2.2.2. Minor features

  • We have improved filtering of APIcast services by using URL paths and regular expressions (JIRA #2446).
  • Now you can include additional information for metrics when setting up Prometheus alerts at the API Level (JIRA #2532).
  • Changes in the OpenID and OAuth token validation flow to improve access control (JIRA #2262).
  • Optimized features are now available so you can configure APIcast for better performance (JIRA #2337).
  • With 3scale toolbox, now you can choose if new methods and metrics are enabled or disabled, both for new and existing plans (JIRA #2448).
  • Matches operator was added to Edge Limiting policy to use this policy as a mapping rule that can limit rates on the second time scale (JIRA #2590).
  • Added a new variable environment called APICAST_PATH_ROUTING_ONLY. When the variable is set to true, APIcast uses path-based routing and does not fallback to the default host-based routing (JIRA #1150).
  • Now you can manage access to different HTTP methods using Red Hat Single Sign On (RH-SSO) role check policy (JIRA #2236).
  • You can enable OpenID Connect (OIDC) via user interface when you select Istio as an integration option (JIRA #2435).
  • We have included additional information to differentiate between metrics with a limit of 0 (disabled) and exceeded limit errors (JIRA #2756).
  • Introducing Patternfly 4 integration (JIRA #2296).
  • With 3scale toolbox, you can run commands to create, list, show, update and delete application plans (JIRA #2798).
  • CLI Toolbox now include operations to enabled and to disable current application plans (JIRA #2437).

2.3. Resolved issues

  • Dashboard stream and email notifications are filtered according to the admin member permissions (JIRA #629).
  • Fixed the bootstrap reference in the Main layout template which causes an issue with OpenAPI Specification (JIRA #1067).
  • Service settings are correctly copied and updated (JIRA #1537).
  • Solved configuration issues in the UI for the IP check policy (JIRA #1692).
  • APIcast correctly parses uppercase letters in the back-end url (JIRA #2540).
  • Caching policy works as expected when combined with the batching policy (JIRA #2705).
  • IP Check policy can be applied on multiple x-forwarded-for headers (JIRA #2775).
  • With 3scale toolbox, now you can:

    • Copy a service from 3scale Hosted (SaaS) to 3scale On-premises when APIcast is self-managed (JIRA #2268).
    • Use an API after importing it with 3scale toolbox (JIRA #2545).
    • Import OpenAPI Specifications with extensions (JIRA #2550).
  • You can see feedback in the Integration settings page when policies are not available (JIRA #2312).
  • Integration Settings works properly when APIcast is not available (JIRA #2327).
  • Fixed Oracle schema for deleted objects (JIRA #2298).
  • Improvements in automatic suspension and deletion of tenants (JIRA #2132).
  • Updated name (Developer Account - Applications) for member permissions (JIRA #2610).
  • Zync correctly deletes accounts (JIRA #1346).
  • Now the application page displays long metric names while keeping the layout, by adjusting line breaks (JIRA #1382).
  • AJAX request for Service Discovery fetches credentials policy (JIRA #2254).
  • Installation via operator works successfully with S3 storage (JIRA #2774).
  • Application update events do not trigger zync when first*traffic_at fields are changed (JIRA #2072).

2.4. Documentation

2.5. Technology Preview features

  • High Availability (HA) and Evaluation (Eval) OpenShift templates (JIRA #1168).
  • 3scale operator for capabilities: It allows using custom resources to define 3scale tenants, APIs, plans, limits, metrics and other definitions to set them into a 3scale installation (JIRA #1798).

2.6. Known issues

  • Pipeline examples from end-to-end solution for API lifecycle with 3scale toolbox are supported only on OCP 3.11 (JIRA #2583).
  • When you change the OpenID Connect Authorization Flow in 3scale, Zync does not update the Red Hat Single Sign-On (RH-SSO) clients of 3scale applications (JIRA #3025). To work around this issue, you have these alternatives:

    • For existing applications, update 3scale application such as a change in the description: This will trigger an update that will modify the RH-SSO client for the application.
    • Create a new application: This will create a new RH-SSO client with the correct authorization flows.
  • When importing or exporting application plan features and limits, modifying the exported YAML file is not supported (JIRA #2350).

    • The sample pipelines and applications are provided as examples only. Any modifications that you make to the pipelines are not directly supported by Red Hat. The underlying APIs, CLIs, and interfaces leveraged by the sample pipelines are fully supported by Red Hat.
  • When using 3scale toolbox from an OpenShift image, you cannot add custom certificates (JIRA #3102).
  • Makefile available to support customers migrating 3scale 2.5 to Redis Enterprise, and any other single-logical database Redis deployment.

    • The script patches the secret and DeploymentConfigs, as well as migrates all system-redis keys to the target single-db Redis instance. However, it does not cover pods depending on backend-redis (JIRA #2197), and it requires adjustments to fit 3scale High Availability (HA) deployments (JIRA #2407).
  • Operator does not accept REDIS_STORAGE_SENTINEL_HOSTS and REDIS_QUEUES_SENTINEL_HOSTS in the backend-redis secret when configuring 3scale HA using Redis Sentinels (JIRA #3258).

2.7. Changes in 3scale 2.6

2.7.1. Removed features

  • As OpenShift 4.x has removed wildcard routes, this feature is not available in 3scale 2.6. Instead, routes are created automatically with Zync. For more details about route creation, see the following documentation:

  • In 3scale 2.6, Oracle database with OpenShift 4.1 is not supported.
  • As announced in 3scale 2.5, compatibility with Microsoft Internet Explorer 11 (IE11) is not supported from 2.6.

2.7.2. Deprecated and removed features

  • Adyen payment gateway. In 3scale 2.6 it is removed but still supported for the existing configurations. For current installations where the accounts have their billing configured to use Adyen, it will keep visible and working. Users using another payment gateway will not be able to choose or see Adyen.

2.7.3. Future changes

  • The installation process is changing from template-based to operator-based. In this release we are introducing support for installing 3scale using the 3scale operator. In future releases we are planning on introducing support for upgrade-based operator and also for capabilities regarding service provisioning.

Legal Notice

Copyright © 2020 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.