Migrate to OpenShift
Overview
Installations starting on Docker Compose may be migrated to OpenShift by moving the persistent data store using the following steps. In-place upgrades from Docker Compose to OpenShift are not supported.
During the migration process, there will be a downtime period where the service cannot be used.
Migration Process
Stop DCT services. In order to avoid a situation of losing data, stop serving the upcoming traffic with:
docker-compose stopCopy the Postgres Docker volume folder data on a local machine with:
mkdir database
docker cp {dbcontainer_Id}:/var/lib/postgresql/data ./databaseCopy the encryption key Docker volume folder data on a local machine with:
mkdir data_key
docker cp {gateway_container_id}:/data ./data_keyCopy the masking encryption key Docker volume folder data on a local machine with:
mkdir masking_data_key
docker cp {masking_container_id}:/data ./masking_data_keyCopy the virtualization-app encryption key Docker volume folder data on a local machine with:
mkdir virtualization_app_data_key
docker cp {virtualization_app_container_id}:/data ./virtualization_app_data_keyMounted Docker volume folder content for database is copied in
databasefolder on local machine.Mounted Docker volume folder content for encryption key is copied in the
data_keyfolder on local machine.Mounted masking Docker volume folder content for encryption key is copied in the
masking_data_keyfolder on local machine.Mounted virtualization-app Docker volume folder content for encryption key is copied in the
virtualization_app_data_keyfolder on local machine.
Move the copied volume folders (database, data_key, masking_data_key, and virtualization_app_data_key from the previous step) to the Kubernetes host machine where DCT is up and running.
Update the values.yaml file to add the list of certificates which were used in the previous DCT version (present in mounted trustStore). Update the deployment with the new values.yaml file.
Terminate the proxy pod to stop serving external traffic with:
oc scale --replicas=0 deployment/proxy -n dct-servicesTerminate the database to stop internal threads using the database with:
oc scale --replicas=0 deployment/database -n dct-servicesCreate a dummy pod to access the Persistent Volume. Use the Pod.yaml as an example:
apiVersion: v1
kind: Pod
metadata:
Namespace: dct-services
name: dummy-pod
labels:
app: dummy-pod
spec:
containers:
- image: ubuntu
command:
- "sleep"
- "604800"
imagePullPolicy: IfNotPresent
name: ubuntu
restartPolicy: Always
volumes:
- name: gwdatabase-data
persistentVolumeClaim:
claimName: gwdatabase-dataFollowed by this command to actually create the dummy pod:
oc apply -f pod.yaml -n dct-servicesRestore previous DCT version volume data with DCT deployed on the Kubernetes setup (in Persistent Volume).
Move the encryption key with:
cd data_key
oc cp data dct-services/{gateway_pod_name}:/Move the encryption key with:
cd masking_data_key
oc cp data dct-services/{masking_pod_name}:/Move the encryption key with:
cd virtualization_app_data_key
oc cp data dct-services/{virtualization_app_pod_name}:/Move the Postgres data with:
cd database
oc cp data dct-services/{dummy_pod_name}:/var/lib/postgresqlDelete the dummy pod with:
oc delete pod dummy-pod -n dct-servicesStart the database pod (scale to 1) with:
oc scale --replicas=1 deployment/database -n dct-servicesDelete or patch the gateway pod with:
oc delete pod {gateway_pod_name} -n dct-servicesDelete or patch the data-library pod with:
oc delete pod {data-library_pod_name} -n dct-servicesDelete or patch the jobs pod with:
oc delete pod {jobs_pod_name} -n dct-servicesDelete or patch the data-bookmarks pod with:
oc delete pod {data-bookmarks_pod_name} -n dct-servicesDelete or patch the masking pod with:
oc delete pod {masking_pod_name} -n dct-servicesDelete or patch the virtualization-app pod with:
oc delete pod {virtualization_app_pod_name} -n dct-servicesStart the proxy service to serve the external service:
oc scale --replicas=1 deployment/proxy -n dct-services