Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
As part of the Microsoft Azure Red Hat OpenShift cluster lifecycle, you need to perform periodic updates to the latest version of the OpenShift platform. Updating your Azure Red Hat OpenShift clusters enables you to update to the latest features and functionalities and apply the latest security releases.
This article shows you how to update all components in an OpenShift cluster using the OpenShift web console, CLI, or the managed-upgrade-operator (MUO). For more information about OpenShift updates, see Understanding OpenShift updates.
Important
Performing a Control Plane Only update is not supported for Azure Red Hat OpenShift and may result in cluster instability.
Note
For more information about updating from 4.20 to 4.21, see Updating from 4.20 to 4.21.
Prerequisites
This article assumes you have access to an existing Azure Red Hat OpenShift cluster as a user with
adminprivileges.Make sure that the credentials for the service principal used for the cluster are valid/updated before starting the update. For more information, see Rotate service principal credentials for your Azure Red Hat OpenShift cluster.
Check for available cluster updates using the web console
From the left menu of the OpenShift web console, ensure you are in the Administrator perspective, which is the default when you sign as the kubeadmin.
Select the Administration tab.
Select Cluster Settings and open the Details tab. The version, update status, and channel are displayed. The channel isn't configured by default.
Select the Channel link, and at the prompt enter the desired update channel, for example
stable-4.19. Once the desired channel is chosen, a graph showing available releases and channels is displayed. If the Update Status for your cluster shows Updates Available, you can update your cluster.
Update your cluster with the OpenShift web console
From the OpenShift web console in the previous step, set the Channel for the version that you want to update to, such as stable-4.19.
Selection a version to update to, and select Update. You see the update status change to: Update to <product-version> in progress. You can review the progress of the cluster update by watching the progress bars for the operators and nodes.
Schedule individual updates using the managed-upgrade-operator
Use the managed-upgrade-operator (MUO) to update your Azure Red Hat OpenShift cluster.
The managed-upgrade-operator manages automated cluster updates. The managed-upgrade-operator starts the cluster update, but it doesn't perform any activities of the cluster update process itself. The OpenShift Container Platform (OCP) is responsible for updating the clusters. The goal of the managed-upgrade-operator is to satisfy the operating conditions that a managed cluster must hold, both before and after starting the cluster update.
- Prepare the configuration file, as shown in the following example for updating to OpenShift 4.19.
apiVersion: upgrade.managed.openshift.io/v1alpha1
kind: UpgradeConfig
metadata:
name: managed-upgrade-config
namespace: openshift-managed-upgrade-operator
spec:
type: "ARO"
upgradeAt: "2025-09-08T03:20:00Z"
PDBForceDrainTimeout: 60
desired:
channel: "stable-4.19"
version: "4.19.15"
upgradeATis the time when the update occurs.channelis the channel the configuration file pulls from, according to the lifecycle policy. The channel used should bestable-<version>oreus-<version>.versionis the version that you wish to update to, such as4.19.15.
- Apply the configuration file. Replace
<file_name>with your file's name.
oc create -f <file_name>.yaml
Update your cluster using the CLI
For more information, see Updating a cluster using the CLI.
Extended Update Support Add-on (EUS) Term 1 updates
When updating your cluster from one EUS version to another EUS version (ex: 4.16 to 4.18), you need to update to the interim version and then to the target EUS version. For example, to update from 4.16 to 4.18, you must update to 4.17, then to 4.18. Control Plane Only updates aren't supported. You must also select the relevant update channel for your target version, for example eus-4.18.
Updating from 4.20 to 4.21
The openshift cluster image policy reached general availability in version 4.21. As a result, Sigstore signatures for the quay.io/openshift-release-dev/ocp-release images are now required for release verification. If you try to update to version 4.21, a "This cluster has mirrors configured. 4.21 will require Sigstore signatures…" message blocks the update. For Azure Red Hat OpenShift clusters, no further action is necessary because the service already provides the required Sigstore signature images.
To proceed with the update, provide the administrator acknowledgment. Run the following command before proceeding:
oc -n openshift-config patch configmap admin-acks --patch '{"data":{"ack-4.20-sigstore-in-4.21":"true"}}' --type=merge
Next steps
- You can find information about available OpenShift Container Platform advisories and updates in the errata section of the Red Hat Customer Portal.