Patch releases¶
Caution
Patch releases are currently not supported for attached MKE clusters, which were not originally deployed by Container Cloud.
Since Container Cloud 2.23.2, the release train comprises several patch releases that Mirantis delivers on top of a major release to incorporate security updates as soon as they become available without waiting for the next major release. By significantly reducing the time for providing CVE fixes, patch releases protect your clusters from cyber threats and potential data breaches.
As compared to a major Cluster release update, a patch release update does not involve any public API or LCM changes, MKE or other major component version bumps, workloads evacuation, or host reboot. A patch cluster update only requires restart of containers running the Container Cloud controllers, Ceph, and StackLight services to update base images with related libraries and apply CVE fixes of critical and high severity. The data plane is not affected.
The following table lists differences between content delivery in major releases as compared to patch releases:
Content |
Major release |
Patch release |
---|---|---|
Version update and upgrade of the major product components including but not limited to Kubernetes, Ceph, and StackLight 0. |
||
Container runtime changes including Mirantis Container Runtime and containerd updates |
||
Host machine changes including host operations system updates and upgrades, kernel updates, and so on |
||
Changes in public API |
||
Changes in the Container Cloud lifecycle management |
||
Common Vulnerabilities and Exposures (CVE) fixes |
||
Fixes for known product issues |
- 0
Some of StackLight sub-components may be updated for patch releases.
Management and regional clusters obtain patch releases automatically the same way as major releases. Managed clusters use the same update delivery method as for the major Cluster release updates. New patch Cluster releases become available through the Container Cloud web UI after automatic upgrade of a management or regional cluster to the latest patch Cluster release.
You may decide to use only major Cluster releases without updating to patch Cluster releases. In this case, you will perform updates from an N to N+1 major release.
Major Cluster releases include all patch updates of the previous major Cluster release. However, Mirantis recommends applying security fixes using patch releases as soon as they become available to avoid security threats and potentially achieve legal compliance.
Caution
You can skip a number of patch releases and update to the latest one. Though, if you start receiving the patch releases, you should always apply the latest patch release in the series to be able to update to the following major release.
For example, you can update from the patch Cluster release 11.7.1 to 11.7.4 at once, but you cannot immediately update from the patch Cluster release 11.7.x to the patch Cluster release 14.0.x because you need to update to the major Cluster release 14.0.0 first. And to obtain the major Cluster release 14.0.0, you should update your cluster to the latest patch Cluster release 11.7.4.
If you delay the Container Cloud upgrade and schedule it at a later time as described in Schedule Mirantis Container Cloud upgrades, make sure to schedule a longer maintenance window as the upgrade queue can include several patch releases along with the major release upgrade.
For the update procedure, refer to Operations Guide: Update a patch Cluster release of a managed cluster.
The following table lists current patch Container Cloud and Cluster releases that are being delivered on top of the latest Container Cloud major release. Release notes for patch releases contain lists of updated artifacts and CVE fixes.
Patch release |
Container Cloud |
2.23.1 |
2.23.0 |
|||
---|---|---|---|---|---|---|
Release history |
Patch release date |
May 22, 2023 |
May 04, 2023 |
Apr 20, 2023 |
Apr 04, 2023 |
Mar 07, 2023 |
Patch Cluster releases (managed) |
12.7.x +
MOSK 23.1.x
|
|||||
11.7.x
|
- Cluster release is deprecated and will become unsupported in one of the following Container Cloud releases.