|
8 | 8 | [id="manually-maintained-credentials-upgrade_{context}"] |
9 | 9 | = Upgrading clusters with manually maintained credentials |
10 | 10 |
|
11 | | -If credentials are added in a future release, the Cloud Credential Operator (CCO) `upgradable` status for a cluster with manually maintained credentials changes to `false`. For minor release, for example, from 4.7 to 4.8, this status prevents you from upgrading until you have addressed any updated permissions. For z-stream releases, for example, from 4.7.12 to 4.7.13, the upgrade is not blocked, but the credentials must still be updated for the new release. |
| 11 | +The Cloud Credential Operator (CCO) `Upgradable` status for a cluster with manually maintained credentials is `False` by default. |
12 | 12 |
|
13 | | -Use the *Administrator* perspective of the web console to determine if the CCO is upgradeable. |
| 13 | +//to-do: update "from 4.7 to 4.8" to "from 4.8 to 4.9" when 4.9 is released |
| 14 | +* For minor releases, for example, from 4.7 to 4.8, this status prevents you from upgrading until you have addressed any updated permissions and annotated the `CloudCredential` resource to indicate that the permissions are updated as needed for the next version. This annotation changes the `Upgradable` status to `True`. |
14 | 15 |
|
15 | | -. Navigate to *Administration* -> *Cluster Settings*. |
| 16 | +* For z-stream releases, for example, from 4.8.9 to 4.8.10, no permissions are added or changed, so the upgrade is not blocked. |
16 | 17 |
|
17 | | -. To view the CCO status details, click *cloud-credential* in the *Cluster Operators* list. |
| 18 | +Before upgrading a cluster with manually maintained credentials, you must create any new credentials for the release image that you are upgrading to. Additionally, you must review the required permissions for existing credentials and accommodate any new permissions requirements in the new release for those components. |
18 | 19 |
|
19 | | -. If the *Upgradeable* status in the *Conditions* section is *False*, examine the `CredentialsRequest` custom resource for the new release and update the manually maintained credentials on your cluster to match before upgrading. |
20 | | - |
21 | | -In addition to creating new credentials for the release image that you are |
22 | | -upgrading to, you must review the required permissions for existing credentials |
23 | | -and accommodate any new permissions requirements for existing components in the |
24 | | -new release. The CCO cannot detect these mismatches and will not set |
25 | | -`upgradable` to `false` in this case. |
| 20 | +.Procedure |
26 | 21 |
|
| 22 | +. Extract and examine the `CredentialsRequest` custom resource for the new release. |
| 23 | ++ |
27 | 24 | The _Manually creating IAM_ section of the installation content for your cloud provider explains how to obtain and use the credentials required for your cloud. |
| 25 | + |
| 26 | +. Update the manually maintained credentials on your cluster: |
| 27 | + |
| 28 | +** Create new secrets for any `CredentialsRequest` custom resources that are added by the new release image. |
| 29 | + |
| 30 | +** If the `CredentialsRequest` custom resources for any existing credentials that are stored in secrets have changed their permissions requirements, update the permissions as required. |
| 31 | + |
| 32 | +. When all of the secrets are correct for the new release, indicate that the cluster is ready to upgrade: |
| 33 | + |
| 34 | +.. Log in to the {product-title} CLI as a user with the `cluster-admin` role. |
| 35 | + |
| 36 | +.. Edit the `CloudCredential` resource to add an `upgradeable-to` annotation within the `metadata` field: |
| 37 | ++ |
| 38 | +[source,terminal] |
| 39 | +---- |
| 40 | +$ oc edit cloudcredential cluster |
| 41 | +---- |
| 42 | ++ |
| 43 | +.Text to add |
| 44 | ++ |
| 45 | +[source,yaml] |
| 46 | +---- |
| 47 | +... |
| 48 | + metadata: |
| 49 | + annotations: |
| 50 | + cloudcredential.openshift.io/upgradeable-to: <version_number> |
| 51 | +... |
| 52 | +---- |
| 53 | ++ |
| 54 | +Where `<version_number>` is the version you are upgrading to, in the format `x.y.z`. For example, `4.8.2` for {product-title} 4.8.2. |
| 55 | ++ |
| 56 | +It may take several minutes after adding the annotation for the upgradeable status to change. |
| 57 | + |
| 58 | +. Verify that the CCO is upgradeable: |
| 59 | + |
| 60 | +.. In the the *Administrator* perspective of the web console, navigate to *Administration* -> *Cluster Settings*. |
| 61 | + |
| 62 | +.. To view the CCO status details, click *cloud-credential* in the *Cluster Operators* list. |
| 63 | + |
| 64 | +.. If the *Upgradeable* status in the *Conditions* section is *False*, verify that the `upgradeable-to` annotation is free of typographical errors. |
| 65 | + |
| 66 | +When the *Upgradeable* status in the *Conditions* section is *True*, you can begin the {product-title} upgrade. |
0 commit comments