Patch releases¶
Since Container Cloud 2.23.2, the release train comprises several patch releases that Mirantis delivers on top of a major release mainly to incorporate security updates as soon as they become available without waiting for the next major release. By significantly reducing the time to provide fixes for Common Vulnerabilities and Exposures (CVE), patch releases protect your clusters from cyber threats and potential data breaches.
As compared to a major Cluster release update, a patch release update does not involve any public API or LCM changes, major version bumps of MKE or other major components, workloads evacuation. A patch cluster update only may require restart of containers running the Container Cloud controllers, MKE, Ceph, and StackLight services to update base images with related libraries and apply CVE fixes to images. The data plane is not affected.
Major and patch versions update path
The primary distinction between major and patch product versions lies in the fact that major release versions introduce new functionalities, whereas patch release versions predominantly offer minor product enhancements, mostly CVE resolutions for your clusters.
Depending on the needs of your deployment, you can either update between only major Cluster releases, or update between the major Cluster releases receiving the patch updates in between.
Select the second option, which includes patch updates, only if you want to receive security fixes as soon as they become available and you are prepared to update your cluster often, approximately once in three weeks. Otherwise, you can update only between major Cluster releases as each subsequent major Cluster release includes patch Cluster release updates of the previous major Cluster release.
The following table lists differences between content delivery in major releases as compared to patch releases:
Content |
Major release |
Patch release |
|---|---|---|
Major version upgrade of the major product components including but not limited to Ceph and StackLight 0 |
||
Patch version bumps of MKE and Kubernetes 1 |
||
Container runtime changes including Mirantis Container Runtime and containerd updates |
||
Changes in public API |
||
Changes in the Container Cloud lifecycle management |
||
Host machine changes including host operating system updates and upgrades, kernel updates, and so on |
||
CVE fixes for images |
||
Fixes for known product issues |
- 0
Some of StackLight sub-components may be updated for patch releases.
- 1
MKE patch version bumps are available since Container Cloud 2.24.3 (Cluster releases 15.0.2 and 14.0.2).
- 2
Kernel update in patch releases is available since Container Cloud 2.26.1 (Cluster releases 17.1.1 and 16.1.1).
Management and regional clusters obtain patch releases automatically the same way as major releases. Managed clusters use the same update delivery method as for the major Cluster release updates. New patch Cluster releases become available through the Container Cloud web UI after automatic upgrade of a management or regional cluster to the latest patch Cluster release.
You may decide to use only major Cluster releases without updating to patch Cluster releases. In this case, you will perform updates from an N to N+1 major release.
Major Cluster releases include all patch updates of the previous major Cluster release. However, Mirantis recommends applying security fixes using patch releases as soon as they become available to avoid security threats and potentially achieve legal compliance.
Caution
You can skip a number of patch releases, but you can update a cluster only to the latest available patch release of a series. For example, when the patch Cluster release 17.0.4 becomes available, you can update from 17.0.1 to 17.0.4 at once, but not from 17.0.1 to 17.0.2.
If you start receiving patch releases, you should always apply the latest patch release in a series to be able to update to the following major release. For example, to obtain the major Cluster release 17.1.0 while using the patch Cluster release 17.0.2, you must update your cluster to the latest patch Cluster release 17.0.4 first.
When following the patch release train, update to a major Cluster release is obligatory. For example, you cannot immediately update from the patch Cluster release 17.0.x to the patch Cluster release 17.1.x because you need to update to the major Cluster release 17.1.0 first.
If you delay the Container Cloud upgrade and schedule it at a later time as described in Schedule Mirantis Container Cloud upgrades, make sure to schedule a longer maintenance window as the upgrade queue can include several patch releases along with the major release upgrade.
For the update procedure, refer to Operations Guide: Update a patch Cluster release of a managed cluster.
The following table lists the Container Cloud 2.26.x patch release and its supported Cluster releases that are being delivered on top of the Container Cloud major release 2.26.0. Click the required patch release link to learn more about its deliverables.
Patch release |
Container Cloud |
|||
|---|---|---|---|---|
Release history |
Patch release date |
Apr 08, 2024 |
Mar 20, 2024 |
Mar 04, 2024 |
Patch Cluster releases (managed) |
17.1.x +
MOSK 24.1.x
|
17.1.1 + 24.1.1
|
||
16.1.x |
16.1.1
|
Legend
- Cluster release is deprecated and will become unsupported in one of the following Container Cloud releases.