Upgrading OpenShift Container Platform 4 with Palo Alto Networks Prisma Cloud Compute installed

Solution Verified - Updated -


  • OpenShift Container Platform 4.x

  • Palo Alto Networks Prisma Cloud Compute versions prior to 22.01

  • Twistlock was acquired by Palo Alto Network in 2019 and became part of the Prisma Cloud Compute product afterwards


  • Versions of Prisma Cloud Compute older than 22.01, when installed on OpenShift Container Platform 4, would modify the crio.conf file and prevent the operator from upgrading.


If you are on version 22.01 or newer of Prisma Cloud Compute you will not be affected. However, if you're running on an older version, please use the following workaround:

Take a backup of the MachineConfig before any upgrade :

$ oc get machineconfig <01-worker-xxx> -o yaml > 01-worker-mc-xxx.yaml

Prior to Upgrade :

1. Uninstall defender pods

2. Restore Container runtime config

$ oc apply -f 01-worker-mc-xxx.yaml

3. Check MCO is not reporting degraded state

Trigger an OpenShift upgrade if required. 

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.