To fix bugs and ensure the security of a Yaook Environment we need to update the environment regularly. These updates come in 2 forms:

  1. Software/Package updates to fix issues and vulnerabilities

  2. Openstack and Kubernetes upgrades to stay on top of new and supported releases

Software Updates for the OS / Kubernetes

System packages, Kernels and Kubernetes minor versions are baked directly into the base OS image that is deployed on each node. When a update for the base image is available we rebuild each node of the kubernetes cluster one at a time. To do this without downtime we rely on live-migration and kubernetes native failovers to cover for that.

The process looks as follows and is orchestrated by the !TBD! Controller:

  1. mark the node as required for evacuation

  2. live-migrate any existing VMs away from this node (if applicable)

  3. migrate any l3 and dhcp agents away from this node (if applicable)

  4. possibly migrate ceph data away from this node (if applicable)

  5. drain the node using k8s native methods

  6. delete the node from k8s (at this point all ConfiguredDaemonSets will become updated to remove this node)

  7. shutdown the server

  8. run a normal deploy workflow for this server

Software Updates for Container images

Whenever a software or its dependency in a container image changes a new container image is built. This causes an update to the spec of deployments and ConfiguredDaemonSets which will restart the pods according to the specified limitations.

Docker images are versioned using Semantic Versioning. The operator is using a yaook/assets/pinned_version.yml file in it’s root directory to determine the version of a image to use. To generate this file (or if it’s not present) the operator queries the docker image repository to determine all availabile versions, sorts them and filters for specific requirements. Afterwards the latest image is selected for usage.

Kubernetes upgrades


Openstack upgrades