KubeNow icon indicating copy to clipboard operation
KubeNow copied to clipboard

Published 20 hours ago verified publisher icon kubenow

Discussion on security updates

Open mcapuccini opened this issue 6 years ago • 0 comments

I thought to open this issue to follow discussion on image security updated. Pointers:

Current status:

  • We update images daily, however scripts won't import them
  • We have unattended upgrades cron job on each node

Basic devel idea (to incorporate on kn apply):

  • [x] Trigger unattended upgrades on boot time
  • [ ] Check if reboot is needed (ssh ubuntu@master '[ -f /var/run/reboot-required ]')
  • [ ] If reboot is needed inform user, and ask to run kn image-update

Drawback: user will need to destroy and recreate cluster when getting warning (and caring about security)

Advanced ideas:

  • kn reboot to reboot the cluster
  • Modify image CI so that a new image is created only when reboot is needed

@carmat88, @andersla please feel free to add on this.

mcapuccini avatar Mar 16 '18 13:03 mcapuccini