Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Upgrade CN2

Use this procedure to upgrade CN2.

The Contrail controller consists of Deployments and StatefulSets, which are configured for rolling updates. During the upgrade, the pods in each Deployment and StatefulSet are upgraded one at a time. The remaining pods in that Deployment or StatefulSet remain operational. This enables Contrail controller upgrades to be hitless.

The Contrail data plane consists of a DaemonSet with a single vRouter pod. During the upgrade procedure, this single pod is taken down and upgraded. Because of this, Contrail data plane upgrades are not hitless. If desired, migrate traffic off of the node being upgraded prior to performing the upgrade.

You upgrade CN2 software by porting the contents of your existing manifests to the new manifests, and then applying the new manifests. All CN2 manifests must reference the same software release.

Ensure that the CN2 release that you want to upgrade to is compatible with the OCP release that you're currently running. For the list of minimum compatible releases, see

If the CN2 release that you want to upgrade to is not compatible with the OCP release that you're currently running, then you'll need to upgrade OpenShift first. See Upgrade OpenShift.


Before you upgrade, check to make sure that each node has at least one allocatable pod available. The upgrade procedure temporarily allocates an additional pod, which means that your node cannot be running at maximum pod capacity when you perform the upgrade. You can check pod capacity on a node by using the kubectl describe node command.

  1. Download the manifests for the new release.
  2. Locate the (old) manifests that you used to create the existing CN2 installation. These could be the manifests you used in step 4.c in Before You Install or these could be manifests that you customized for your setup.
  3. Port over any changes from the old manifests to the new manifests.
    The new manifests can contain constructs that are specific to the new release. Identify all changes that you've made to the old manifests and copy them over to the new manifests. This includes repository credentials, interface names, network configuration, and other customizations.

    If you have a large number of nodes, use node selectors to group your upgrades to a more manageable number.

  4. Upgrade CN2 by applying all the manifests one at a time in ascending order from 99-*.yaml onwards.

    For convenience, you can use the following bash script. The script assumes you've placed the manifests in the manifests directory. If you use this script, make sure that:

    • you place all the manifests you want to use in this directory, including all manifests that you want to use from the subdirectories
    • you don't place any other YAML files in this directory

    The script loops through all the *.yaml files in the manifests directory and applies them to the cluster in the proper order.

    The pods in each Deployment and Stateful set will upgrade one at a time. The vRouter DaemonSet will go down and come back up.

  5. Use standard kubectl commands to check on the upgrade.

    Check the status of the nodes.

    Check the status of the pods.

    If some pods remain down, debug the installation as you normally do. Use the kubectl describe command to see why a pod is not coming up. A common error is a network or firewall issue preventing the node from reaching the Juniper Networks repository.