Creating Db2 NetworkPolicy resources on OpenShift HADR deployment upgrade

If you are upgrading from Db2 11.5.7.0-cn4 or earlier, you need to manually create NetworkPolicy resources before upgrading a Db2uCluster instance.

Before you begin

Set the following environment variables before starting this procedure:
  • DB2UCLUSTER_PRIMARY="db2oltp-primary"
  • DB2UCLUSTER_STANDBY="db2oltp-standby"
  • DB2UCLUSTER_AUX1="db2oltp-aux1"
  • DB2UCLUSTER_AUX2="db2oltp-aux2"
You can retrieve the Db2uCluster name by running the following command:
oc get db2ucluster -n ${PROJECT_CPD_INSTANCE}
Note: If you do not have auxiliary standbys then do not set these environment variables.

About this task

Since the release of Db2 11.5.7.0-cn5, the Db2uCluster CR requires network policies that permit HADR communication between deployments. You need to verify and create the required NetworkPolicy resources before upgrading your HADR Db2 on OpenShift deployment.

Procedure

  1. Check to see if the HADR network policies exist:
    oc get networkpolicy -n ${PROJECT_CPD_INSTANCE} | grep ${DB2UCLUSTER_PRIMARY}
  2. Repeat step 1 for each Db2uCluster instance.
  3. If this command does not return a network policy, then generate the NetworkPolicy YAML definition:
    oc exec -it c-${DB2UCLUSTER_PRIMARY}-db2u-0 -- create_hadr_services --db-role primary --primary-name ${DB2UCLUSTER_PRIMARY} --standby-name ${DB2UCLUSTER_STANDBY} --aux1-name ${DB2UCLUSTER_AUX1} --aux2-name ${DB2UCLUSTER_AUX2}
    The output of this command contains a definition for the HADR Kubernetes Service, as well as the network policy. Copy only the NetworkPolicy YAML, and create the resource using the oc apply -f - command.
    For more information on creating HADR services, see Creating services to expose the HADR endpoints in Db2.
  4. Repeat step 3 for each Db2uCluster instance.

Example

The following example shows the output from a request to find an existing network policy for the primary deployment db2oltp-primary (See step 1):
c-db2oltp-primary-hadr-ext   formation_id=db2oltp-primary,type=engine
The following example shows the definition that includes the network policy for the primary deployment db2oltp-primary (See step 3):
oc apply -f - << EOF
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: c-db2oltp-primary-hadr-ext
spec:
  ingress:
  - ports:
    - port: 60006
      protocol: TCP
  podSelector:
    matchLabels:
      formation_id: db2oltp-primary
      type: engine
  policyTypes:
  - Ingress
EOF