Chapter 6. Upgrading OpenShift sandboxed containers
The upgrade of the OpenShift sandboxed containers components consists of the following three steps:
-
Upgrading Red Hat OpenShift to update the
Kataruntime and its dependencies. - Upgrading the OpenShift sandboxed containers Operator to update the Operator subscription.
-
Manually patching the
KataConfigcustom resource (CR) to update the monitor pods.
You can upgrade Red Hat OpenShift before or after the OpenShift sandboxed containers Operator upgrade, with the one exception noted below. Always apply the KataConfig patch immediately after upgrading OpenShift sandboxed containers Operator.
If you are upgrading to Red Hat OpenShift 4.11 with OpenShift sandboxed containers 1.3, the recommended order is to first upgrade OpenShift sandboxed containers from 1.2 to 1.3, and then upgrade Red Hat OpenShift from 4.10 to 4.11.
6.1. Upgrading the OpenShift sandboxed containers resources
The OpenShift sandboxed containers resources are deployed onto the cluster using Red Hat Enterprise Linux CoreOS (RHCOS) extensions.
The RHCOS extension sandboxed containers contains the required components to run Kata Containers such as the Kata containers runtime, the hypervisor QEMU, and other dependencies. You upgrade the extension by upgrading the cluster to a new release of Red Hat OpenShift.
For more information about upgrading Red Hat OpenShift, see Updating Clusters.
6.2. Upgrading the OpenShift sandboxed containers Operator
Use Operator Lifecycle Manager (OLM) to upgrade the OpenShift sandboxed containers Operator either manually or automatically. Selecting between manual or automatic upgrade during the initial deployment determines the future upgrade mode. For manual upgrades, the web console shows the available updates that can be installed by the cluster administrator.
For more information about upgrading the OpenShift sandboxed containers Operator in Operator Lifecycle Manager (OLM), see Updating installed Operators.
6.3. Upgrading the OpenShift sandboxed containers monitor pods
After upgrading OpenShift sandboxed containers, you need to update the monitor image in the KataConfig CR to upgrade the monitor pods. Otherwise, the monitor pods will continue running images from the previous version.
You can perform the update using the web console or the CLI.
6.3.1. Upgrading the monitor pods using the web console
The KataConfig YAML file in the Red Hat OpenShift contains the version number for the monitor image. Update the version number with the correct version.
Prerequisites
- You have Red Hat OpenShift 4.13 installed on your cluster.
-
You have access to the cluster as a user with the
cluster-adminrole.
Procedure
-
From the Administrator perspective of Red Hat OpenShift, navigate to Operators
Installed Operators. - Select the OpenShift sandboxed containers Operator and go to the KataConfig tab.
-
Search for the
KataConfigresource using the Search by name field. The default name for theKataConfigresource is example-kataconfig. -
Select the
KataConfigresource and go to the KataConfig tab. Modify the version number for
kataMonitorImage:checkNodeEligibility: false kataConfigPoolSelector: null kataMonitorImage: 'registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel8:1.3.0'- Click Save.
6.3.2. Upgrading the monitor pods using the CLI
You can manually patch the monitor image in the KataConfig CR to update the monitor pods.
Prerequisites
- You have Red Hat OpenShift 4.13 installed on your cluster.
-
You have installed the OpenShift CLI (
oc). -
You have access to the cluster as a user with the
cluster-adminrole.
Procedure
In the Red Hat OpenShift CLI, run the following command:
$ oc patch kataconfig <kataconfig_name> --type merge --patch '{"spec":{"kataMonitorImage":"registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel8:1.3.0"}}'where:
<kataconfig_name>:: specifies the name of your Kata configuration file, such asexample-kataconfig.
