Conditional Updates are recommended updates associated with known risks.
When no risks apply, the update is recommended – this can be performed by the cluster administrator on both the web console and the OpenShift CLI (oc). When an update is not recommended because a risk might apply, the cluster administrator can view the update from the OpenShift CLI (oc). If the cluster administrator evaluates the potential known risks and decides it is acceptable for the current cluster, they can waive the safety guards and proceed with the update.
Background
The OpenShift update service (OSUS) provides update information to OpenShift Container Platform (OCP) clusters. By default, every OCP cluster connects to the Red Hat hosted OSUS instance for update information. For disconnected or restricted networks, cluster administrators can install their own OSUS.
The OSUS can sometimes remove an update path to protect OpenShift clusters from bugs. This change in update path impacts all OCP clusters for that particular version. This has caused some customer frustration when a bug is only applicable for OCP clusters with specific platforms or configurations.
With OCP 4.10, the OSUS will also provide conditional update recommendations to the Cluster Version Operator (CVO). The CVO evaluates the conditional recommendations and decides if the conditional update is recommended for the cluster or not. For disconnected clusters, it behaves in the same manner as a connected cluster as the conditional updates rely on the local OSUS instance. CVO processing for conditional update recommendations is new in 4.10, so updates from 4.9 to 4.10 will not have access to this new functionality. Updates within 4.10 (z-stream), and updates from 4.10 to future minor releases will be able to benefit from this feature.
The user experience is exactly the same for conditional updates if they are recommended for the cluster. This reduces the frustration of having update paths removed for bugs which do not impact your cluster.
For conditional updates which are not recommended for the cluster, the cluster administrator has convenient access to metadata, such as risk description and documentation links, to evaluate the risk.Note: conditional updates that are not recommended don't show up on the OpenShift web console in 4.10.
Here are some oc CLI examples that show how conditional updates work:
- To list recommended updates, use oc adm upgrade, which will display the presence of any supported but not recommended updates:
$ oc adm upgrade
Cluster version is 4.10.0-fc.1
Upstream is unset, so the cluster will use an appropriate default.
Channel: candidate-4.10 (available channels: candidate-4.10)
Recommended updates:
VERSION IMAGE
4.10.0-rc.5 quay.io/openshift-release-dev/ocp-release@sha256:5ebccbbcbeeb3987f9ee3fa7f593c5e24bdd89efd9c6b2e6d525346e4a235ced
…
4.10.0-fc.4 quay.io/openshift-release-dev/ocp-release@sha256:664ad79f4a5f321c4acd51c737dfce9363e48470dc35732be4b7d156aa7b3936
Additional updates which are not recommended based on your cluster configuration are available, to view those re-run the command with --include-not-recommended.
- To find out about any risks, use the --include-not-recommended:
Upstream is unset, so the cluster will use an appropriate default. Channel: candidate-4.10 (available channels: candidate-4.10)
Recommended updates:
VERSION IMAGE
4.10.0-rc.5 quay.io/openshift-release-dev/ocp-release@sha256:5ebccbbcbeeb3987f9ee3fa7f593c5e24bdd89efd9c6b2e6d525346e4a235ced
…
4.10.0-fc.4 quay.io/openshift-release-dev/ocp-release@sha256:664ad79f4a5f321c4acd51c737dfce9363e48470dc35732be4b7d156aa7b3936
Supported but not recommended updates:
Version: 4.10.0-fc.2
Image: quay.io/openshift-release-dev/ocp-release@sha256:85c6ce1cffe205089c06efe363acb0d369f8df7ad48886f8c309f474007e4faf
Recommended: False
Reason: ModifiedAWSLoadBalancerServiceTags
Message: On AWS clusters for Services in the openshift-ingress namespace… This will not cause issues updating between 4.10 releases. This conditional update is just a demonstration of the conditional update system. https://bugzilla.redhat.com/show_bug.cgi?id=2039339
- Now, let’s update against recommendations with a description of applicable risks:
$ oc adm upgrade --to 4.10.0-fc.2
error: the update 4.10.0-fc.2 is not one of the recommended updates, but is available as a conditional update.To accept the Recommended=False risk and to proceed with update use --allow-not-recommended.
Reason: ModifiedAWSLoadBalancerServiceTags
Message: On AWS clusters for Services in the openshift-ingress namespace… This will not cause issues updating between 4.10 releases. This conditional update is just a demonstration of the conditional update system. https://bugzilla.redhat.com/show_bug.cgi?id=2039339
- To update regardless of any applicable risks, use --allow-not-recommended, which will displays a warning message in case you want to quickly abort:
$ oc adm upgrade --allow-not-recommended --to 4.10.0-fc.2
warning: with --allow-not-recommended you have accepted the risks with 4.10.0-fc.2 and bypassed Recommended=False ModifiedAWSLoadBalancerServiceTags: On AWS clusters for Services in the openshift-ingress namespace…
This will not cause issues updating between 4.10 releases. This conditional update is just a demonstration of the conditional update system. https://bugzilla.redhat.com/show_bug.cgi?id=2039339
Updating to 4.10.0-fc.2
執筆者紹介
チャンネル別に見る
自動化
テクノロジー、チームおよび環境に関する IT 自動化の最新情報
AI (人工知能)
お客様が AI ワークロードをどこでも自由に実行することを可能にするプラットフォームについてのアップデート
オープン・ハイブリッドクラウド
ハイブリッドクラウドで柔軟に未来を築く方法をご確認ください。
セキュリティ
環境やテクノロジー全体に及ぶリスクを軽減する方法に関する最新情報
エッジコンピューティング
エッジでの運用を単純化するプラットフォームのアップデート
インフラストラクチャ
世界有数のエンタープライズ向け Linux プラットフォームの最新情報
アプリケーション
アプリケーションの最も困難な課題に対する Red Hat ソリューションの詳細
オリジナル番組
エンタープライズ向けテクノロジーのメーカーやリーダーによるストーリー
製品
ツール
試用、購入、販売
コミュニケーション
Red Hat について
エンタープライズ・オープンソース・ソリューションのプロバイダーとして世界をリードする Red Hat は、Linux、クラウド、コンテナ、Kubernetes などのテクノロジーを提供しています。Red Hat は強化されたソリューションを提供し、コアデータセンターからネットワークエッジまで、企業が複数のプラットフォームおよび環境間で容易に運用できるようにしています。
言語を選択してください
Red Hat legal and privacy links
- Red Hat について
- 採用情報
- イベント
- 各国のオフィス
- Red Hat へのお問い合わせ
- Red Hat ブログ
- ダイバーシティ、エクイティ、およびインクルージョン
- Cool Stuff Store
- Red Hat Summit