×

Life cycle policies and planning

To plan an upgrade, review the Red Hat OpenShift Service on AWS update life cycle. The life cycle page includes release definitions, support and upgrade requirements, installation policy information and life cycle dates.

Preparing an upgrade from 4.7 to 4.8

You must meet the following requirements before upgrading a Red Hat OpenShift Service on AWS (ROSA) cluster that uses the AWS Security Token Service (STS) from version 4.7 to 4.8:

  • Update the AWS Identity and Access Management (IAM) account-wide roles and policies, including the Operator policies to version 4.8.

  • After updating the roles and policies, you must update the value of the cloudcredential.openshift.io/upgradeable-to annotation in the CloudCredential custom resource to v4.8. This indicates that the cluster is ready to upgrade.

Prerequisites
  • You have installed the latest AWS CLI on your installation host.

  • You have installed version 1.1.3 or later of the ROSA CLI on your installation host.

  • You have installed version 4.8 or later of the OpenShift CLI (oc) on your installation host.

  • You have the permissions required to update the AWS account-wide roles and policies.

  • You have access to the cluster as a user with the cluster-admin role.

Procedure
  1. Update the account-wide roles and policies, including the Operator policies, to version 4.8:

    $ rosa create account-roles --mode auto

    If you created the roles and policies for version 4.7 with a custom prefix, you must include the --prefix option and specify the same prefix name. Specifying the prefix name ensures that the existing roles and policies used by the cluster are updated.

  2. As a cluster administrator, update the value of the cloudcredential.openshift.io/upgradeable-to annotation in the CloudCredential custom resource to v4.8:

    $ oc annotate cloudcredential cluster cloudcredential.openshift.io/upgradeable-to="v4.8"

You can now proceed to upgrade the cluster.

Upgrading a ROSA cluster that uses STS

There are two methods to upgrade Red Hat OpenShift Service on AWS (ROSA) clusters that uses the AWS Security Token Service (STS):

For steps to upgrade a ROSA cluster that does not use the AWS Security Token Service (STS), see Upgrading ROSA clusters.

Upgrading manually with the rosa CLI

You can upgrade a Red Hat OpenShift Service on AWS cluster that uses the AWS Security Token Service (STS) manually by using the rosa CLI.

This method schedules the cluster for an immediate upgrade, if a more recent version is available.

Prerequisites
  • You have installed and configured the latest ROSA CLI on your installation host.

  • If you are upgrading your cluster from 4.7 to 4.8, you have upgraded the AWS Identity and Access Management (IAM) account-wide roles and policies to version 4.8. You have also updated the cloudcredential.openshift.io/upgradeable-to annotation in the CloudCredential custom resource. For more information, see Preparing an upgrade from 4.7 to 4.8.

Procedure
  1. To verify the current version of your cluster, enter the following command:

    $ rosa describe cluster --cluster=<cluster_name|cluster_id> (1)
    1 Replace <cluster_name|cluster_id> with the cluster name or the ID of the cluster.
  2. To verify that an upgrade is available, enter the following command:

    $ rosa list upgrade --cluster=<cluster_name|cluster_id>

    The command returns a list of versions to which the the cluster can be upgraded, including a recommended version.

  3. To upgrade a cluster to the latest available version, enter the following command:

    $ rosa upgrade cluster --cluster=<cluster_name|cluster_id>

    The cluster is scheduled for an immediate upgrade. This action can take an hour or longer, depending on your workload configuration, such as pod disruption budgets.

    You will receive an email when the upgrade is complete. You can also check the status by running rosa describe cluster again from the rosa CLI or view the status in the OpenShift Cluster Manager (OCM) console.

Upgrading manually using the console

You can upgrade a Red Hat OpenShift Service on AWS cluster that uses the AWS Security Token Service (STS) manually by using the OpenShift Cluster Manager (OCM) console.

Prerequisites
  • If you are upgrading your cluster from 4.7 to 4.8, you have upgraded the AWS Identity and Access Management (IAM) account-wide roles and policies to version 4.8. You have also updated the cloudcredential.openshift.io/upgradeable-to annotation in the CloudCredential custom resource. For more information, see Preparing an upgrade from 4.7 to 4.8.

Procedure
  1. Log in to the OpenShift Cluster Manager (OCM).

  2. Select a cluster to upgrade.

  3. Click the Settings tab.

  4. In the Update strategy pane, click Manual.

  5. In the Node draining pane, select a grace period interval from the list. The grace period enables the nodes to gracefully drain before forcing the pod eviction. The default is 1 hour.

  6. In the Update strategy pane, click Save to apply your update strategy.

  7. In the Update status pane, review the Update available information and click Update.

    The Update button is enabled only when an upgrade is available.

  8. In the Select version dialog, choose a target upgrade version and click Next.

  9. In the Schedule update dialog, schedule your cluster upgrade.

    • To upgrade within an hour, select Update now and click Next.

    • To upgrade at a later time, select Schedule a different time and set a time and date for your upgrade. Click Next to proceed to the confirmation dialog.

  10. After reviewing the version and schedule summary, select Confirm update.

    The cluster is scheduled for an upgrade to the target version. This action can take an hour or longer, depending on the selected upgrade schedule and your workload configuration, such as pod disruption budgets.

    The status is displayed in the Update status pane.