When we moved to container GW on EKS from on prem appliance form, we renamed the existing OAuth connection to OAuth_OnPrem and disabled it and created a new OAuth JDBC connection to connect otk_db on RDS MySQL.

            Should we remove OAuth_OnPrem connection before trying upgrade? Anyway, we are not using it.

We upgraded OTK on existing and running gateway in EKS.

Steps followed for OTK upgrade:

1. Took backup of ssg and otk_db databases.
2. Executed below scripts in sequence (right now we are on v 4.4.1, scripts attached in zipped folder):

1. upgrade_otk4.4.1-otk4.5.0.sql
2. upgrade_otk4.5.0-otk4.5.1.sql
3. upgrade_otk4.5.1-otk4.6.0.sql
4. upgrade_otk4.6.0-otk4.6.1.sql
5. upgrade_otk4.6.1-otk4.6.2.sql

1. Upgraded .sskar file in policy manager

1. We got one issue regarding Oauth_ReadOnly connection to resolve. As it is not present in OTK v 4.4.1, we manually selected OAuth JDBC connection from the dropdown and resolved the conflict.

Still the issue was that for client_credentials grant type, if we authenticate using apikey, it is working. When we debugged v2/token API, we got that it is failing at OTK Client Authentication. 

11.0

The root cause was identified as Classic portal related assertions within OTK Client DB GET Extension policy

The Classic portal related assertions within OTK Client DB GET Extension policy was updated to the latest problem which solved the issue