Upgrade Cilium OSS to Cilium Enterprise (OpenShift 4)

Starting situation

  • You have an OpenShift 4 cluster with Cilium OSS installed.

While we didn’t notice any downtime during the upgrade, we recommend to expect a downtime of a few seconds.

Prerequisites

  • kubectl

  • jq

  • Optionally yq yq YAML processor (version 4 or higher)

  • A local setup to compile a cluster catalog, see Running Commodore for details.

  • olm.source parameter set either in the global defaults or in the tenant repository.

This guide assumes that you’re familiar with making changes to a Project Syn cluster and compiling the cluster catalog to deploy those changes.

Upgrade to Cilium Enterprise

  1. Switch the release to enterprise in your cluster config.

    c-cluster-id.yml diff
       cilium:
+    release: enterprise

    You can also use yq:

    yq eval -i '.parameters.cilium.release = "enterprise"' c-cluster-id.yml

  2. Compile the cluster catalog.

  3. Ensure the ArgoCD app is synced within the cluster.

    Either use the GUI or the CLI by looking at the .status.history field:

    kubectl -nsyn get applications cilium -oyaml | yq '.status.history'

  4. Fix ownership of unscoped Helm/OLM resources.

    kubectl annotate \
  clusterrole/cilium clusterrolebinding/cilium \
  clusterrole/cilium-operator clusterrolebinding/cilium-operator \
  meta.helm.sh/release-name=cilium-enterprise \
  --overwrite

  5. Cleanup objects the RedHat OLM Operator leaves behind.

    kubectl -n cilium get clusterserviceversion -ojson \
  | jq -r '.items[] | select(.spec.displayName == "Cilium") | .metadata.name' \
  | xargs kubectl -n cilium delete clusterserviceversion

  6. Ensure the Cilium OSS config file can be deleted.

    kubectl -n cilium patch ciliumconfig cilium -p '{"metadata":{"finalizers":null}}' --type=merge