OpenShift: Preparing the 2018 deployment for upgrade

Prepare the API Connect V2018 deployment for the upgrade to the latest version 10.0.1.x-eus on OpenShift.

Before you begin

Review the IBM Support page API Connect: v2018 to v10 upgrade paths to determine whether your Version 2018 deployment can be directly upgraded to the latest release of API Connect.

Procedure

  1. Review the 10.0.1.x-eus requirements and features; in particular:
  2. Review the Upgrade requirements and limitations.
  3. Configure external logging prior to upgrade. This is not mandatory but is recommended. For example, https://logdna.com/.
  4. Be sure you know the name of each subsystem on your 2018 deployment.

    The 2018 subsystem names are carried over to 10.0.1.x-eus installations. To view the names, run the following command:

    apicup subsys list

    These subsystem names are the values used in the spec.subsystemName field for each custom resource (CR) when upgrading.

  5. On 2018, check the health of each subsystem before upgrade: 
    apicup subsys health-check <subsystem_name>
  6. On the 2018 system, back up the original apicup project directory to a location from which it can always be retrieved.
    Note: The original project directory created with the apicup installer during the initial 2018 product installation (for example, myProject) is required if you need to restore the database and to run disaster recovery back to 2018. You cannot restore the database or perform a disaster recovery without the initial project directory because it contains pertinent information about the 2018 cluster.
  7. Complete a full backup for the 2018 Management, Portal, and Analytics subsystems.
    • You must back up both the Management and Portal subsystems at the same time, to ensure synchronicity across the services.
    • For the Analytics backup,
      • The S3 repository access/credentials must be set
      • The backup REPO_NAME must be apic-analytics
    Attention: Backups are intended for recovery of the Management, Portal, and Analytics subsystems onto the same deployment from which they were taken, or onto a new replacement installation in the same environment for disaster recovery. The same environment means the same network configuration and project directory as the original installation. Make sure you have current and correct configuration for backup and restore for all of the 2018 subsystems. Verify that you can successfully restore from the backups. For information on backing up and restoring 2018, see Backing up and restoring.
  8. Create a backup secret for the Analytics subsystem by running the following command:
    The Analytics backup secret is required for upgrading and is not carried forward from the V2018 deployment. 
    oc create secret generic analytics-backup-secret -n APIC_namespace \
    --from-literal=username='<YOUR-ACCESS-KEY>' \
    --from-literal=password='<YOUR-KEY-SECRET>'

    For more information on the Analytics backup secret, see Configuring backup settings for Analytics on OpenShift and Cloud Pak for Integration.

  9. Limit permissions in the target namespace.

    In 2018, it was recommended to apply a broad set of permissions; however, 10.0.1.x-eus uses a more limited set of permissions. If your permissions are too broad, the upgrade might fail. For best results, assign a more limited set of permissions now by completing the following steps:

    1. Remove the broad set of permissions by running the following command: 
      oc adm policy remove-scc-from-group anyuid system:serviceaccounts:<namespace>

      where <namespace> is the namespace where you installed API Connect.

    2. List the Helm releases in the 2018 deployment by running the following command: 
      helm ls
      The response looks like the following example, with the name of each Helm release displaying in the CHART column:
      NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                           APP VERSION
r19b9d4b2eb     e2e             1               2021-02-05 17:22:11.050619495 -0800 PST deployed        apiconnect-2.0.0
r5d63b7fc92     e2e             1               2021-02-05 17:22:24.115569226 -0800 PST deployed        apic-portal-2.0.0
r6c7b1188e0     e2e             1               2021-02-05 17:22:50.169539831 -0800 PST deployed        apic-analytics-2.0.0
r8dacbcffda     e2e             1               2021-02-05 17:22:36.248182901 -0800 PST deployed        dynamic-gateway-service-1.0.63  1.0
rff8ba771c8     e2e             1               2021-02-05 17:22:10.329984775 -0800 PST deployed        cassandra-operator-1.0.0        1.0.1
    3. Assign permissions to each of the Helm releases by running the following command: 
      for __sa in $(oc get sa -l release=<helm_release>) ; do oc adm policy add-scc-to-user anyuid system:serviceaccount:<namespace>:$__sa ; done
      where:
      • <helm_release> is the name of the Helm release from the NAME column; for example r19b9d4b2eb
      • <namespace> is the namespace where you installed API Connect
      For example, the sample response lists 5 Helm releases, so you must run the command for each of those names:
      • r19b9d4b2eb
      • r5d63b7fc92
      • r6c7b1188e0
      • r8dacbcffda
      • rff8ba771c8
    4. Assign permissions to the default service account by running the following command: 
      oc adm policy add-scc-to-user anyuid system:serviceaccount:<namespace>:default

      where <namespace> is the namespace where you installed API Connect.

  10. Upgrade the OpenShift cluster to at OpenShift version to 4.10.
    • Change the channel in OpenShift, and wait for the upgrade to finish.
    • Wait for nodes to all show the newer version of Kubernetes.

What to do next

When you are ready to upgrade, proceed to OpenShift: Upgrading from 2018 using subsystem CRs for instructions.