Before upgrading a cluster with manually maintained credentials, you must create any new credentials for the release image that you are upgrading to. You must also review the required permissions for existing credentials and accommodate any new permissions requirements in the new release for those components.
Extract and examine the
CredentialsRequest custom resource for the new release.
The "Manually creating IAM" section of the installation content for your cloud provider explains how to obtain and use the credentials required for your cloud.
Update the manually maintained credentials on your cluster:
Create new secrets for any
CredentialsRequest custom resources that are added by the new release image.
CredentialsRequest custom resources for any existing credentials that are stored in secrets have changed permissions requirements, update the permissions as required.
Indicating that the cluster is ready to upgrade
The Cloud Credential Operator (CCO)
Upgradable status for a cluster with manually maintained credentials is
False by default.
For the release image that you are upgrading to, you have processed any new credentials manually or by using the Cloud Credential Operator utility (
You have installed the OpenShift CLI (
Log in to
oc on the cluster as a user with the
CloudCredential resource to add an
upgradeable-to annotation within the
metadata field by running the following command:
$ oc edit cloudcredential cluster
Text to add
<version_number> is the version that you are upgrading to, in the format
x.y.z. For example, use
4.10.2 for OpenShift Container Platform 4.10.2.
It may take several minutes after adding the annotation for the upgradeable status to change.
In the Administrator perspective of the web console, navigate to Administration → Cluster Settings.
To view the CCO status details, click cloud-credential in the Cluster Operators list.
When the Upgradeable status in the Conditions section is True, begin the OpenShift Container Platform upgrade.