A Kubernetes operator to manage updates of Container Linux by CoreOS
Container Linux Update Operator is a node reboot controller for Kubernetes running Container Linux images. When a reboot is needed after updating the system via update_engine, the operator will drain the node before rebooting it.
Container Linux Update Operator fulfills the same purpose as locksmith, but has better integration with Kubernetes by explicitly marking a node as unschedulable and deleting pods on the node before rebooting.
Container Linux Update Operator is divided into two parts:
update-agentruns as a DaemonSet on each node, waiting for a
UPDATE_STATUS_UPDATED_NEED_REBOOTsignal via D-Bus from
update_engine. It will indicate via node annotations that it needs a reboot.
update-operatorruns as a Deployment, watching changes to node annotations and reboots the nodes as needed. It coordinates the reboots of multiple nodes in the cluster, ensuring that not too many are rebooting at once.
update-operatoronly reboots one node at a time.
update-engine.servicesystemd unit on each machine should be unmasked, enabled and started in systemd
locksmithd.servicesystemd unit on each machine should be masked and stopped in systemd
To unmask a service, run
systemctl unmask. To enable a service, run
systemctl enable. To start/stop a service, run
kubectl apply -f examples/deploy -R
To test that it is working, you can SSH to a node and trigger an update check by running
update_engine_client -check_for_updateor simulate a reboot is needed by running