Chapter 6. Upgrading OpenShift sandboxed containers

The upgrade of the OpenShift sandboxed containers components consists of the following three steps:

  • Upgrading Red Hat OpenShift to update the Kata runtime and its dependencies.
  • Upgrading the OpenShift sandboxed containers Operator to update the Operator subscription.
  • Manually patching the KataConfig custom resource (CR) to update the monitor pods.

You can upgrade Red Hat OpenShift before or after the OpenShift sandboxed containers Operator upgrade, with the one exception noted below. Always apply the KataConfig patch immediately after upgrading OpenShift sandboxed containers Operator.

Important

If you are upgrading to Red Hat OpenShift 4.11 with OpenShift sandboxed containers 1.3, the recommended order is to first upgrade OpenShift sandboxed containers from 1.2 to 1.3, and then upgrade Red Hat OpenShift from 4.10 to 4.11.

6.1. Upgrading the OpenShift sandboxed containers resources

The OpenShift sandboxed containers resources are deployed onto the cluster using Red Hat Enterprise Linux CoreOS (RHCOS) extensions.

The RHCOS extension sandboxed containers contains the required components to run Kata Containers such as the Kata containers runtime, the hypervisor QEMU, and other dependencies. You upgrade the extension by upgrading the cluster to a new release of Red Hat OpenShift.

For more information about upgrading Red Hat OpenShift, see Updating Clusters.

6.2. Upgrading the OpenShift sandboxed containers Operator

Use Operator Lifecycle Manager (OLM) to upgrade the OpenShift sandboxed containers Operator either manually or automatically. Selecting between manual or automatic upgrade during the initial deployment determines the future upgrade mode. For manual upgrades, the web console shows the available updates that can be installed by the cluster administrator.

For more information about upgrading the OpenShift sandboxed containers Operator in Operator Lifecycle Manager (OLM), see Updating installed Operators.

6.3. Upgrading the OpenShift sandboxed containers monitor pods

After upgrading OpenShift sandboxed containers, you need to update the monitor image in the KataConfig CR to upgrade the monitor pods. Otherwise, the monitor pods will continue running images from the previous version.

You can perform the update using the web console or the CLI.

6.3.1. Upgrading the monitor pods using the web console

The KataConfig YAML file in the Red Hat OpenShift contains the version number for the monitor image. Update the version number with the correct version.

Prerequisites

  • You have Red Hat OpenShift 4.13 installed on your cluster.
  • You have access to the cluster as a user with the cluster-admin role.

Procedure

  1. From the Administrator perspective of Red Hat OpenShift, navigate to OperatorsInstalled Operators.
  2. Select the OpenShift sandboxed containers Operator and go to the KataConfig tab.
  3. Search for the KataConfig resource using the Search by name field. The default name for the KataConfig resource is example-kataconfig.
  4. Select the KataConfig resource and go to the KataConfig tab.
  5. Modify the version number for kataMonitorImage:

        checkNodeEligibility: false
        kataConfigPoolSelector: null
        kataMonitorImage: 'registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel8:1.3.0'
  6. Click Save.

6.3.2. Upgrading the monitor pods using the CLI

You can manually patch the monitor image in the KataConfig CR to update the monitor pods.

Prerequisites

  • You have Red Hat OpenShift 4.13 installed on your cluster.
  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-admin role.

Procedure

  • In the Red Hat OpenShift CLI, run the following command:

    $ oc patch kataconfig <kataconfig_name> --type merge --patch
    '{"spec":{"kataMonitorImage":"registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel8:1.3.0"}}'

    where: <kataconfig_name>:: specifies the name of your Kata configuration file, such as example-kataconfig.