To fix bugs and ensure the security of a Yaook environment we need to update the environment regularly. Updates come in 2 variants:
Software/Package updates to fix issues and vulnerabilities
OpenStack and Kubernetes upgrades to stay on top of new and supported releases
Software Updates for the OS / Kubernetes
System packages, Kernels and Kubernetes minor versions are baked directly into the base OS image that is deployed on each node. When an update for the base image is available, we rebuild each node of the Kubernetes cluster one at a time. To do this without downtime we rely on live-migration and Kubernetes native failovers.
The following update process is orchestrated by the !TBD! Controller:
mark the node as required for evacuation
live-migrate any existing VMs away from this node (if applicable)
migrate any l3 and dhcp agents away from this node (if applicable)
possibly migrate ceph data away from this node (if applicable)
drain the node using k8s native methods
delete the node from k8s (at this point all ConfiguredDaemonSets will become updated to remove this node)
shutdown the server
run a normal deploy workflow for this server
Software Updates for Container images
Whenever a software or its dependency in a container image changes, a new container image is built. This causes an update to the spec of Deployments and ConfiguredDaemonSets which will restart the Pods according to the specified limitations.
Docker images are versioned using Semantic Versioning. The Operator is using a
yaook/assets/pinned_version.yml file in it’s root directory to determine the version of a image to use.
To generate this file (or if it’s not present) the Operator queries the Docker image repository to determine all availabile versions, sorts them and filters for specific requirements.
Afterwards the latest image is selected for usage.