Export variables that will be used in the instructions.
export OLD_DB_HOST=<old DB host> export DB_USERNAME=<DB username> export DB_DATABASE=<DB database> export DB_HOST=<current DB host> export WILDCARD_DOMAIN=<new cluster wildcard domain>
-
Backup PostgreSQL
pg_dump -U ${DB_USERNAME} -W -h ${OLD_DB_HOST} -F c -v ${DB_DATABASE} -f system-database.dump
-
Backing up
system-storage
oc rsync $(oc get pods -l 'deploymentConfig=system-app' --template="{{ (index .items 0).metadata.name }}"):/opt/system/public/system ./local/dir
-
Backing up
backend-redis
oc cp $(oc get pods -l 'deploymentConfig=backend-redis' --template="{{ (index .items 0).metadata.name }}"):/var/lib/redis/data/dump.rdb ./backend-redis-dump.rdb
-
Backing up
system-redis
oc cp $(oc get pods -l 'deploymentConfig=system-redis' --template="{{ (index .items 0).metadata.name }}"):/var/lib/redis/data/dump.rdb ./system-redis-dump.rdb
(skipping restoring Zync database)
-
Backing up OpenShift secrets and ConfigMaps
oc get secrets system-smtp -o json > system-smtp.json oc get secrets system-seed -o json > system-seed.json oc get secrets system-database -o json > system-database.json oc get secrets backend-internal-api -o json > backend-internal-api.json oc get secrets system-events-hook -o json > system-events-hook.json oc get secrets system-app -o json > system-app.json oc get secrets system-recaptcha -o json > system-recaptcha.json oc get secrets system-redis -o json > system-redis.json oc get secrets zync -o json > zync.json oc get secrets system-master-apicast -o json > system-master-apicast.json
oc get configmaps system-environment -o json > system-environment.json oc get configmaps apicast-environment -o json > apicast-environment.json
-
Create a new project
oc new-project threescale-apim
-
Create a secret for
registry.redhat.io
Follow instructions in https://access.redhat.com/RegistryAuthentication
oc create secret generic <pull_secret_name> \ --from-file=.dockerconfigjson=<path/to/.docker/config.json> \ --type=kubernetes.io/dockerconfigjson> oc secrets link default <pull_secret_name> --for=pull
-
Install 3scale operator
-
Restore secrets
(skipping
system-database
,system-redis
andbackend-redis
secrets)Noteif the namespace name has changed, update to the new 3scale namespace in the new cluster. oc apply -f system-smtp.json oc apply -f system-seed.json oc apply -f backend-internal-api.json oc apply -f system-events-hook.json oc apply -f system-app.json oc apply -f system-recaptcha.json oc apply -f zync.json oc apply -f system-master-apicast.json
-
Restore configmaps
oc apply -f system-environment.json oc apply -f apicast-environment.json
-
Create database secret
cat << EOF > system-database-secret.yml apiVersion: v1 kind: Secret type: Opaque metadata: labels: app: 3scale-database name: system-database stringData: DB_PASSWORD: ${DB_PASSWORD} DB_USER: ${DB_USERNAME} URL: postgresql://${DB_USERNAME}:${DB_PASSWORD}@${DB_HOST}/${DB_DATABASE} EOF
-
Create Cluster Role for Azure File
cat << EOF > azure-cloud-provider-secrets.yml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:azure-cloud-provider-secrets rules: - apiGroups: - "" resources: - secrets verbs: - get - create EOF oc apply -f azure-cloud-provider-secrets.yml
-
Assign role to service account
oc adm policy add-cluster-role-to-user system:azure-cloud-provider-secrets system:serviceaccount:kube-system:persistent-volume-binder
-
Get UID range on the 3scale namespace and save it in a variable
oc describe project threescale-apim | grep uid-range export OPENSHIFT_UID=<UID>
-
Create RWX Storage Class for 3scale system-storage
cat << EOF > azure-file-3scale.yml apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: azure-file-3scale mountOptions: - uid=${OPENSHIFT_UID} - gid=0 - mfsymlinks - cache=strict parameters: skuName: Standard_LRS provisioner: kubernetes.io/azure-file reclaimPolicy: Delete volumeBindingMode: Immediate EOF oc create -f azure-file-3scale.yml
-
Create temporary Redis instances
oc new-app -f template-only-redis.yml
This template has the following changes with regards to the standard one: * all resources not related to Redis are removed * backend-redis storage increased from 1G to 10G * APP_LABEL (the
app
label on OpenShift resources) changed from3scale-api-management
to3scale-redis
* removed serviceAccountamp
from resources definition
Note
|
add MESSAGE_BUS_URL value |
-
Restore Redis databases
-
Restore PostgreSQL database (the database should exist)
pg_restore -d ${DATABASE_NAME} -U ${DATABASE_USERNAME} system-database.dump
-
Create APIManager
cat << EOF > apimanager.yml apiVersion: apps.3scale.net/v1alpha1 kind: APIManager metadata: name: apimanager spec: wildcardDomain: ${WILDCARD_DOMAIN} resourceRequirementsEnabled: true highAvailability: enabled: true system: fileStorage: persistentVolumeClaim: storageClassName: azure-file-3scale EOF oc apply -f apimanager.yml
-
Update domains to adjust to the new Wildcard Domain
To do a batch rewrite of the domains, use the following steps:
bundle exec rails console
Print the current values for the domains
Provider.all.to_a.each do |p| puts p.domain puts p.self_domain end
Replace the wildcard domain with the new value
Provider.all.to_a.each do |p| p.domain = p.domain.gsub("apps.CURRENT", "apps.NEW") p.self_domain = p.self_domain.gsub("apps.CURRENT", "apps.NEW") p.save! end
Get admin username and password
oc get secret system-seed --template="{{.data.ADMIN_USER}}" | base64 -d oc get secret system-seed --template="{{.data.ADMIN_PASSWORD}}" | base64 -d
Use Operator to upgrade 3scale, one version at a time: 2.8 to 2.9 2.9 to 2.10 2.10 to 2.11
In the APIManager instance, change all replicas from replicas: 1
to replicas: 2
, except APIcast. For APIcast it is required to have staging gateway to pull the policies, but the production gateway can be disabled if not used.
spec: imageStreamTagImportInsecure: false resourceRequirementsEnabled: true system: appSpec: replicas: 2 fileStorage: persistentVolumeClaim: storageClassName: azure-file-3scale sidekiqSpec: replicas: 2 sphinxSpec: {} appLabel: 3scale-api-management zync: appSpec: replicas: 2 queSpec: replicas: 2 backend: cronSpec: replicas: 2 listenerSpec: replicas: 2 workerSpec: replicas: 2 tenantName: 3scale apicast: managementAPI: status openSSLVerify: false productionSpec: replicas: 0 registryURL: 'http://apicast-staging:8090/policies' responseCodes: true stagingSpec: replicas: 1 highAvailability: enabled: true wildcardDomain: <DOMAIN>
Restore system-storage
oc rsync ./local/dir/system/ $(oc get pods -l 'deploymentConfig=system-app' -o json | jq '.items[0].metadata.name' -r):/opt/system/public/system