Pod Image Versions

Pod Image Versions

Update pods to the latest container version

Kubernetes
Back to Solutions

The problem

When we first build a solution and deploy it into Kubernetes, we’re likely using the latest versions of everything, ensuring our dependencies are up-to-date, and all software is fully patched.

But what happens when the software has been running for a while? It’s easy to change a version number, but how do we know a new version has been released? How do we patch it across the entire cluster before attackers use published vulnerabilities to attack our cluster?

And how do we keep up with these new image versions across a fleet of microservices for software we didn’t build?

The solution

This Shoreline automation Op Pack continuously monitors public and your private registry for new image versions. When one is found, the deployment, StatefulSet, or DaemonSet is patched with the new image version. Then Shoreline kicks off a rolling restart of the application. If the pods crash or the image pull fails, Shoreline instantly restores to the original version and raises an alert. As the user clicks through to a Shoreline Runbook, they can experiment with the new image version, run integration tests, and determine the root cause of the upgrade failure.

Highlights

Customer experience impact
Hackers can exploit published vulnerabilities
HIGH
Occurrence frequency
Until the root cause is identified
HIGH
Shoreline time to repair
1-2 minutes
LOW
Time to diagnose manually
1-4 hours
HIGH

Related Solutions

Rightsize Pod CPU & Memory Allocations
Reduce pod CPU and/or memory limits that are set too high.
Kubernetes
Endpoints Unreachable
Determine when there are no endpoints behind your Kubernetes service or these endpoints have become unreachable.
Kubernetes
Memory Exhaustion
Running out of memory rapidly degrades customer experience and must be preempted.
Kubernetes