Upgrading OpenShift Container Platform 4 with Palo Alto Networks Prisma Cloud Compute installed
Environment
-
OpenShift Container Platform 4.x
-
Palo Alto Networks Prisma Cloud Compute versions prior to 22.01
-
Twistlock was acquired by Palo Alto Network in 2019 and became part of the Prisma Cloud Compute product afterwards
Issue
- Versions of Prisma Cloud Compute older than 22.01, when installed on OpenShift Container Platform 4, would modify the
crio.conffile and prevent the operator from upgrading.
Resolution
If you are on version 22.01 or newer of Prisma Cloud Compute you will not be affected. However, if you're running on an older version, please use the following workaround:
Take a backup of the MachineConfig before any upgrade :
$ oc get machineconfig <01-worker-xxx> -o yaml > 01-worker-mc-xxx.yaml
Prior to Upgrade :
1. Uninstall defender pods
2. Restore Container runtime config
$ oc apply -f 01-worker-mc-xxx.yaml
3. Check MCO is not reporting degraded state
Trigger an OpenShift upgrade if required.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments