K
Q

Security patches for Kubernetes Nodes

4/4/2019

I have access to a kops-built kubernetes cluster on AWS EC2 instances. I would like to make sure, that all available security patches from the corresponding package manager are applied. Unfortunately searching the whole internet for hours I am unable to find any clue on how this should be done. Taking a look into the user data of the launch configurations I did not find a line for the package manager - Therefor I am not sure if a simple node restart will do the trick and I also want to make sure that new nodes come up with current packages.

How to make security patches on upcoming nodes of a kubernetes cluster and how to make sure that all nodes are and stay up-to-date?

-- Timo J.
amazon-web-services
kops
kubernetes

Similar Questions

How to resolve HTTP 405 error NotAllowedMethod
Kubernetes autoscaling not working - showing unkown
Is there a way to share a configMap in kubernetes between namespaces?
How to host multiple applications in one Istio service mesh?
How to collect logs of every job of a Kubernetes CronJob for a period of time?
Failed to connect to database on Minikube
command restriction in container Kubernetes

1 Answer

4/4/2019

You might want to explore https://github.com/weaveworks/kured

Kured (KUbernetes REboot Daemon) is a Kubernetes daemonset that performs safe automatic node reboots when the need to do so is indicated by the package management system of the underlying OS.

Watches for the presence of a reboot sentinel e.g. /var/run/reboot-required Utilises a lock in the API server to ensure only one node reboots at a time Optionally defers reboots in the presence of active Prometheus alerts or selected pods Cordons & drains worker nodes before reboot, uncordoning them after

-- Shai Katz
Source: StackOverflow