The underlying cluster nodes can be fully updated by using the following Ansible playbook:
- More information on this command can be found in the provisioning section.
For critical and/or security relevant updates the unattended-upgrades tool is configured on all nodes:
Additionally, Renovate Bot is configured to automatically create Pull Requests for new versions of K3s – you can view an example here.
As soon as a pull request with an K3s update is merged, Flux starts reconciling the
Plan manifests, the
system-upgrade-controller detects the new version inside them and starts updating all nodes one by one, starting with the master nodes.
Updates of the running services are also done via Pull Requests by Renovate Bot which fits perfectly into the GitOps based workflow of Flux. It continuously checks the following data sources for new versions and creates Pull Requests to adapt them inside the cluster:
- Container images
- Helm Charts
- GitHub repositories
- GitHub releases