In order to succesfuly upgrade a fully restriced network or a semi restricted version (utilizng a proxy environment or a DMZ) you need to understand that pushing ocp upgrades you will need to include "step up" versions that are needed in between your base ocp version to your target ocp version.
For example if your base version is 4.8.39 and your target version is 4.10.18 you will need a "step up" version wich can be 4.9.33. The upgrade process will look like this: "ocp v4.8.39 -> ocp v4.9.33 -> ocp v4.10.18"
- Base version - What is your base version? (can be found with the following command) $ oc get clusterversion
- Architecture - Can be one of the following (x86_64 / ppc64le / s390x)?
- Target version - Choose your end target version?
- Upgrade path - As stated before sometimes when jumping between 'major' ocp versions you will need other 'major' version that will act as a "step up" version. In order to best know how to upgrade your environment use Redhat's "Upgrade Path" UI in the following link. https://access.redhat.com/labs/ocpupgradegraph/update_path Important: Check the 'V' of "Include hot fix versions" if you would like to include.
- Bastion server with Rhel v8 or higher
- Installed on this bastion servers should be the following packeges & RPM's:
- Podman
- bash-completion (for convinience)
- oc cli & kubectl from the following link (https://console.redhat.com/openshift/downloads)
- Pull secret from this page (https://console.redhat.com/openshift/install/pull-secret)
- Have a registry container up and running - for your convinience i've added a basic run command for one
- $ sudo mkdir -p /var/lib/registry
- $ sudo podman run --privileged -d --name registry -p 5000:5000 -v /var/lib/registry:/var/lib/registry --restart=always registry:2
- Check for any other pre req from the "Updating a restricted network" page on Redhat link: (https://docs.openshift.com/container-platform/4.10/updating/updating-restricted-network-cluster.html) Check that the guide points to your desired ocp version (At this moment the guide is pointing to version 4.10)
- Import script
- Dont forget to add run permission to script with chmod +x
- Run script
- Compress the "mirror" dir from your removable media path using tar or tgz. Example command for your use: $ tar -czvf <ocp_version>.tar.gz /<removable_media_path>
- Import mirrored version to your local registry using the command propted at the end of the mirror process in the "connected" bastion server to your local ocp images registry.
Using the script is straight forward:
- Copy / Download the script and import to your bastion machine.
- Add run option to the "script.sh" using: $ chmod +x "script.sh"
- Input your variables values that are prompted from the script according to the questions stated in the mirroring process overview.
- Copy the mirror command for your internal registry that will "hold" the ocp images in your "disconnected" environment.