Addon: Host Security Updates
Automatic host operating system security updates. Performs a rolling upgrade using a kube resource lock to ensure that only one host node upgrades at a time.
host-upgrades: enabled: true schedule: "30 6 * * *" schedule_window: 1h reboot: true
reboot is enabled, then the host nodes also reboot with the lock held, ensuring that the host upgrades do not resume until the host node has succesfully rebooted and restarted the kube pods. When rebooting,
drain is also enabled by default, evicing kube workload pods from the kube node before rebooting, and uncordoning the kube node once the reboot is complete.
schedule- when upgrades are applied (crontab string) (required)
schedule_window- limit total length of the rolling upgrade window across all host nodes (default: unlimited)
reboot- automatically reboot host after (kernel) upgrades that require rebooting to apply (default: false)
drain- drain the kube node while rebooting (default: true)
Standard crontab with five fields: Minutes, Hours, Day of month, Month, Day of week
15 5 * * *- every day at 05:15
1 0 * * SUN- every sunday at 01:00
Time duration with suffixes: hours, minutes, seconds