Upgrading to the latest release on VMware
You can upgrade API Connect on VMware.
Before you begin
- Before starting an upgrade, review the supported upgrade paths from prior versions: Upgrade considerations on VMware.
- Enable keep-alive in your SSH configuration to avoid problems during the upgrade. For information, consult the documentation for your version of SSH.
- The Gateway subsystem remains available during the upgrade of the Management, Portal, and Analytics subsystems.
About this task
You can upgrade the Management subsystem, Developer Portal subsystem, and Analytics subsystem.
For the optional components API Connect Toolkit and API Connect Local Test Environment, you do not need to upgrade. For these components, install the new version of each after you upgrade the subsystems.
Important notes:
- When installing the new files, be sure to use the new
apicup
installer. - The upgrade order for subsystems is important. Upgrade the subsystems in the following order: (1) Management, (2) Portal, (3) Analytics, (4) Gateway. Management must be upgraded first. Gateway must be upgraded after Management because upgrading the Management service before the Gateway ensures that any new policies and capabilities will be available to a previously registered Gateway service.
- When you run the install, the program sends the compressed tar file, which contains the upgrade images, to all cluster members. The compressed tar file is about 2 GB, and transfer can take some time. When the install command exits, the compressed tar file has arrived at each member. The upgrade process is now underway, and might continue for some time depending on factors such as the size of your deployment, your network speed, etc.
- The
apicup subsys install
command automatically runsapicup health-check
prior to attempting the upgrade. An error is displayed if a problem is found that will prevent successful upgrade.Version 10.0.4.0 and later: When troubleshooting a problem with an upgrade, you can optionally suppress the health check. See Skipping health check when re-running upgrade.
- Version 10.0.4.0 and later - Known issue:The certificate manager was upgraded in API
Connect version 10.0.4.0. If you are upgrading from a version earlier than 10.0.4.0, then after you
trigger the upgrade from the
apim
,lur
, andtaskmanager
pods will be in a CrashLoopBackoff state due to Postgres requiring a certificate refresh. Correct the problem by completing the following steps:- SSH into the server:
- Run the following command to connect as the API Connect administrator, replacing
ip_address
with the appropriate IP address:ssh ip_address -l apicadm
- When prompted, select Yes to continue connecting.
- When you are connected, run the following command to receive the necessary permissions for
working directly on the appliance:
sudo -i
- Run the following command to connect as the API Connect administrator, replacing
- Run the following command to delete the Postgres pods, which refreshes the new
certificate:
kubectl get pod --no-headers=true | grep postgres | grep -v backup | awk '{print $1}' | xargs kubectl delete pod
- SSH into the server:
Important: Upon successful completion of each subsystem upgrade,
restart as required:
- For each subsystem, the upgrade process automatically runs
apicup health-check
upon completion of the upgrade. Whenapicup health-check
gives a message that reboot is required for a server, SSH onto that server and check the subsystem custom resource status:kubectl get <name_of_cr>
For example:
kubectl get managementCluster
If both
READY
isTrue
and theRECONCILED VERSION
shows the version you are upgrading to, then reboot that server. - During the upgrade, repeat this action for each subsystem when the message from
apicup subsys health-check
that says reboot is required for a server. However, if the health check command states that a reboot is required for the Portal subsystem, you must ensure that all of the Portal sites have been upgraded first before performing the reboot. See the instructions in Step 9 for details.