1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Compute Edition Administrator’s Guide
    5. Upgrade
    6. OpenShift
    End-of-Life (EoL)

    OpenShift

    Upgrade Prisma Cloud running in your OpenShift cluster.
    First upgrade Console. Console will then automatically upgrade all
    *
     deployed Defenders for you.
    If you’ve disabled Defender auto-upgrade or if Console fails to upgrade one or more Defenders, manually upgrade your Defenders.
    *
    You must manaully upgrade App-embedded Defenders and PCF Defenders.

    Upgrading Console

    1. Download the latest Twistlock release to the host where you manage your cluster with oc.
    2. If you customized twistlock.cfg, port those changes forward to twistlock.cfg in the latest release. Otherwise, proceed to the next step.
    3. (Optional) If you’re storing Twistlock images in the cluster’s internal registry, pull the latest images from Twistlock’s cloud registry and push them there. >>>>>>> master:upgrade/upgrade_openshift.adoc Otherwise, proceed to the next step.
      1. Pull the latest Prisma Cloud images using URL auth.
        $ sudo docker pull registry-auth.twistlock.com/tw_<ACCESS_TOKEN>/twistlock/defender:defender_<VERSION>
$ sudo docker pull registry-auth.twistlock.com/tw_<ACCESS_TOKEN>/twistlock/console:console_<VERSION>
      2. Retag the images so that they can be pushed to your
        $ sudo docker tag \
  registry-auth.twistlock.com/tw_<ACCESS_TOKEN>/twistlock/defender:defender_<VERSION> \
  docker-registry.default.svc:5000/twistlock/private:defender_<VERSION>
$ sudo docker tag \
  registry-auth.twistlock.com/tw_<ACCESS_TOKEN>/twistlock/console:console_<VERSION> \
  docker-registry.default.svc:5000/twistlock/private:console_<VERSION>
      3. Push the Prisma Cloud images to your cluster’s internal registry.
        $ sudo docker push docker-registry.default.svc:5000/twistlock/private:defender_<VERSION>
$ sudo docker push docker-registry.default.svc:5000/twistlock/private:console_<VERSION>
    4. Generate new YAML configuration file for the latest version of Twistlock. Pass the same options to twistcli as you did in the original install. The following example command generates a YAML configuration file for the default basic install.
      $ <PLATFORM>/twistcli console export openshift \
  --persistent-volume-labels "app-volume=twistlock-console" \
  --service-type "ClusterIP"
      If you want to pull the image from the internal registry:
      $ <PLATFORM>/twistcli console export openshift \
  --persistent-volume-labels "app-volume=twistlock-console" \
  --image-name "docker-registry.default.svc:5000/twistlock/private:console_<VERSION>" \
  --service-type "ClusterIP"
      For other command variations, see the OpenShift install guide.
    5. Update the Twistlock objects.
      $ oc apply -f twistlock_console.yaml
    6. Go to
      Manage > Defenders > Manage
       and validate that Console has upgraded your Defenders.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo