I have a customer reviewing CIS-hardened images for NKP. They're asking:
Any docs/pointers on:
+1
NKP CIS-hardened node images:
Patching - So patching is customer need to triggered via upgrades, not automatic.
Nodes are not patched in place.
Nutanix releases new CIS-hardened images with OS/security fixes.
Customers apply patches by upgrading node pools / clusters to the new image.
Lifecycle / support - Upgrades use the normal NKP cluster upgrade workflow
Each CIS image matches a specific NKP/Kubernetes version.
Supported as long as that NKP version is supported.
When NKP version is deprecated, its CIS image is also deprecated.
Responsibilities
Nutanix: build, harden (CIS), patch, and publish images.
Customer: upgrade clusters to newer images and stay on supported NKP versions.
please refer :
Exact patching process & cadence? https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Kubernetes-Platform-v2_16:top-ug-nkp-c.html
Customer responsibilities vs. Nutanix-managed? NKP Insights: Proactive Kubernetes Security and Compliance | Nutanix University
https://www.youtube.com/watch?v=l1UKBvtsgEk
Thanks
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.