$ oc adm manage-node <node_name> --schedulable=false
Updating or upgrading your operating system (OS), by either changing OS versions
or updating the system software, can impact the OKD software running
on those machines. In particular, these updates can affect the iptables
rules
or ovs
flows that OKD requires to operate.
Use the following to safely upgrade the OS on a host:
Ensure the host is unschedulable, meaning that no new pods will be placed onto the host:
$ oc adm manage-node <node_name> --schedulable=false
Migrate the pods from the host:
$ oc adm drain <node_name> --force --delete-local-data --ignore-daemonsets
In order to protect sensitive packages that do not need to be updated, apply the exclude rules to the host:
# atomic-openshift-docker-excluder exclude # atomic-openshift-excluder exclude
Update the host packages and reboot the host. A reboot ensures that the host is
running the newest versions and means that the docker
and OKD
processes have been restarted, which forces them to check that all of the
rules in other services are correct.
# yum update # reboot
However, instead of rebooting a node host, you can restart the services that are
affected or preserve the iptables
state. Both processes are described in the
OKD
IPtables topic. The ovs
flow rules do not need to be saved, but restarting
the OKD node software fixes the flow rules.
Configure the host to be schedulable again:
$ oc adm manage-node <node_name> --schedulable=true