Software updates

introduction general recommendation is to regularly check whether automated software are in working order and perform manual software updates as often as possible long time gaps between manual software update are likely to introduce multiple breaking changes at once, which could be hard to debug and remedy updating hosty hosty wrapped into a docker image, that contains pre installed binaries as well as hosty cli that is based on composer here are the ways you can keep these up to date docker image and pre installed binaries hosty docker image is build from lightweight linux distribution called alpine it can be updated by bumping the version up using the environmental variable linux alpine version in env file the available versions can be looked up on the releases page of alpine basic tools like git, docker, aws cli, etc are using the latest version available on each image build tools like opentofu (terraform), kubernetes command line tool (kubectl) and helm versions are updated by bumping the version up using the environmental variables open tofu version , kubectl version and helm version respectively hosty cli to update hosty cli, which is based on composer you can execute make build and make cli in the terminal to ssh into docker container execute cd cli to change directory to the hosty cli source execute composer outdated to check for oudated packages execute compose update to update all the packages or composer update example/package example/package2 to update specific packages this will update composer json and composer lock files, which you can commit into git repository updating terraform modules hosty blueprint utilizes number of terraform modules to optimize and streamline creation of resources on aws within each module defintion there is a version input, which is used to set the version used by the blueprint above it, for each module, we've included a link to the latest available version how to update open terraform file that contains a module, for example /terraform/modules/cluster/eks tf you should see this resource block module "eks" { source = "terraform aws modules/eks/aws" \# versions can be found at https //registry terraform io/modules/terraform aws modules/eks/aws/latest version = "20 14 0" } you should be able to find the latest available version to this module, by visiting the link included in the comment above the version input of this module update the version input of the module with a new value execute tofu init , tofu plan and tofu apply recommendations before updating the module check the changelog to make sure, there are no breaking changes if there are, change the module definition to account for them updates to the modules are unlikely to affect the resources already deployed to aws if tofu plan indicates possible changes, make sure that they are expected and mentioned in the module's changelog updating eks cluster updating kubernetes version for eks cluster version is very straightforward, however it is advised to take some precautionary measures to prevent possible downtime the kubernetes version is controlled via a k8s version variable in the /terraform/main tf file and is defined separately for each cluster the advised cluster update workflow for regular updates is check eks available versions to check whether the are new versions available and for description of breaking changes in the changelog create a new eks cluster with the new version of kubernetes for testing purposes test whether projects work with the new kubernetes version once tests are successful, remove the newly created cluster update the k8s version input of the outdated cluster and execute tofu apply automated eks cluster node ami updates eks cluster node groups use bottlerocket os through aws managed amis (amazon machine image) bottlerocket os is a free and open source linux based operating system meant for hosting containers when the node group is deployed it uses the latest version of ami available at that moment as the new versions are released, these node groups need to be updated by default it is a manual process, however we have automated this by using aws systems manager maintenance windows everyday, at 9am london time we've scheduled an automation task , that automatically updates amis of eks node groups automated project docker image updates every project using hosty blueprint specifies docker images used for its containers in / hosty/hosty yaml file the hosty build command will automatically pull the latest available versions for specified docker images, with an option to override the version for testing and debugging purposes