IBM Cloud Docs
4.16 version information and update actions

4.16 version information and update actions

Review information about version 4.16 of Red Hat OpenShift on IBM Cloud. This version is based on Kubernetes version 1.29.

Looking for general information about updating clusters, or information on a different version? See Red Hat Red Hat OpenShift on IBM Cloud version information and the version 4.16 release notes.

This badge indicates Kubernetes version 1.29 certification for Red Hat OpenShift on IBM Cloud
Kubernetes version 1.29 certification badge

Red Hat OpenShift on IBM Cloud is a Certified Kubernetes product for version 1.29 under the CNCF Kubernetes Software Conformance Certification program. Kubernetes® is a registered trademark of The Linux Foundation in the United States and other countries, and is used pursuant to a license from The Linux Foundation.

Release timeline

The following table includes the expected release timeline for version 4.16. You can use this information for planning purposes, such as to estimate the general time that the version might become unsupported.

Dates that are marked with a dagger () are tentative and subject to change.

Release history for Red Hat OpenShift on IBM Cloud version 4.16.
Supported? Red Hat OpenShift / Kubernetes version Release date Unsupported date
Supported 4.16 / 1.29 30 August 2024 26 August 2026

Preparing to update

Review changes that you might need to make when you update a cluster to version 4.16. This information summarizes updates that are likely to have an impact on deployed apps when you update.

The backup and restore Helm chart is supported on Red Hat OpenShift on IBM Cloud 4.16 clusters. However, only the COS direct endpoints are supported. For example: s3.direct.us.cloud-object-storage.appdomain.cloud.

VPC worker nodes provisioned for version 4.16 have VPC Instance Metadata Service enabled. For more information, see About VPC Instance Metadata.

Portworx does not yet support Red Hat OpenShift on IBM Cloud version 4.16 clusters. Do not update your cluster to version 4.16 if Portworx is installed.

Update before master

The following table shows the actions that you must take before you update the cluster master.

For clusters that run version 4.16 or later, you can use the oc adm upgrade status command to check the update status of your cluster master during a master version update. For more information, see Viewing cluster upgrade status with the oc adm upgrade status command.

Changes to make before you update the master to Red Hat OpenShift 4.16
Type Description
Unsupported: Deprecated and removed OpenShift features For more information, review the OpenShift Container Platform version 4.16 deprecated and removed features and information for preparing to update to OpenShift Container Platform 4.16 for possible actions required. The etcd backup and version selection upgrade preparation actions do not apply to Red Hat OpenShift on IBM Cloud clusters since both of these actions are handled for you.
Known OpenShift issues For more information, review the OpenShift Container Platform version 4.16 known issues for possible actions required.
Upgrade requires OpenShift cluster version currency A cluster master upgrade is cancelled if the OpenShift cluster version status indicates that an update is already in progress. See Why does OpenShift show the cluster version is not up to date? for more information.
Upgrade requires resolution to OpenShift cluster version upgradeable conditions A cluster master upgrade is cancelled if the OpenShift cluster version Upgradeable status condition indicates that the cluster is not upgradeable. To determine if the cluster is upgradeable, see Checking the Upgradeable status of your cluster. If the cluster is not in an upgradeable status, follow the relevant steps before upgrading. For more information, see Providing the administrator acknowledgment.
RHEL 9.2 micro-architecture requirement Red Hat OpenShift on IBM Cloud version 4.16 is now based on the RHEL 9.2 host operating system, which increases the micro-architecture requirements to x86-64-v2. As a result, host machines for IBM Cloud Satellite must support x86-64-v2 architecture for any location that contains a version 4.16 cluster. See Host system requirements for more information. In addition, client machines used to run oc client version 4.16 must also support x86-64-v2 architecture. Client machines, such as Ubuntu 20, that do not meet this micro-architecture requirement must use a RHEL 8 based oc version 4.16 client. Refer to the list of available oc version 4.16 clients.
Reduced access by unauthenticated users or groups Red Hat OpenShift on IBM Cloud version 4.16 reduces the permissions given to the system:anonymous user and system:unauthenticated group. This applies to new clusters only. If you wish to use the more secure defaults then remove the system:unauthenticated group from the self-access-reviewers, system:oauth-token-deleters, system:scope-impersonation, and system:webhooks cluster role bindings. See Reduce unauthenticated user or group access for more information.
Legacy service account API token secrets are no longer generated for each service account Red Hat OpenShift on IBM Cloud version 4.16 no longer automatically generates a legacy service account API token secret for each service account. See Legacy service account API token secrets are no longer generated for each service account for more information.
Calico API server is a managed resource Red Hat OpenShift on IBM Cloud version 4.16 now manages the installation of and updates to the Calico API server component. If your cluster contains the calico-apiserver namespace, then you must uninstall the Calico API server before upgrading.
Default OpenShift cluster monitoring configuration Red Hat OpenShift on IBM Cloud version 4.16 now creates a default OpenShift cluster monitoring configuration if one doesn't exist. This new default configuration sets a 10 GB retention size which may impact the metrics retention for your cluster. See Built-in Red Hat OpenShift monitoring tools for instructions on how you can configure the monitoring stack to use persistent storage, change the metrics retention policies, or run Prometheus on dedicated nodes.

Update after master

Changes to make after you update the master to Red Hat OpenShift 4.16
Type Description
Unsupported: localhost NodePort services To further reduce security risks related to CVE-2020-8558, localhost access to NodePort services is disabled. If your apps rely on this behavior, update them to the node private IP address instead.

Checking the Upgradeable status of your cluster

Run the following command to check the Upgradeable status of your cluster.

oc get clusterversion version -o json | jq '.status.conditions[] | select(.type == "Upgradeable")'

Example output where the Upgradeable status is False.

{
  "lastTransitionTime": "2023-10-04T15:55:54Z",
  "message": "Kubernetes 1.29 and therefore OpenShift 4.16 remove several APIs which require admin consideration. Please see the knowledge article  for details and instructions.",
  "reason": "AdminAckRequired",
  "status": "False",
  "type": "Upgradeable"
}

If the Upgradeable status is False, the condition information provides instructions that must be followed before upgrading. For more information, see Providing the administrator acknowledgment.

RHEL 9

RHEL 9 is available for Classic or VPC clusters that run version 4.16.

You can provision a new cluster with RHEL 9 in the console by specifying the RHEL operating system for your worker node flavor or in the CLI by including the --operating-system REDHAT_9_64 option when you run the ibmcloud oc cluster create command.

If you upgrade an existing cluster to version 4.16 and want your worker nodes to run RHEL 9, you must follow the steps to migrate your worker nodes.

For more information on RHEL 9, see the Red Hat OpenShift release notes.