Canonical Livepatch Server (K8s Charm)
Description
The Livepatch K8s charm is the easiest and the recommended way to deploy the Livepatch server on K8s. This charm configures and runs the Livepatch server, which serves Livepatch-es and metadata attached to them to the clients. Canonical Livepatch patches high and critical linux kernel vulnerabilities, removing the immediate need to reboot to upgrade the kernel, instead allowing the downtime to be scheduled. It is a part of the Ubuntu Pro offering.
For users who want to deploy an entire Livepatch on-prem server (including its dependencies), it is recommended to use the k8s/stable
channel of the bundle made for this purpose. For more detailed steps on using the bundle, please see the tutorials on the Livepatch website.
Usage
The Livepatch server may be deployed using the Juju command line as follows:
juju deploy canonical-livepatch-server-k8s
Integrations
Database
Livepatch server requires integration with a PostgreSQL charm via the database
endpoint. As an example, users can deploy a PostgreSQL database and integrate it with Livepatch as follows:
juju deploy postgresql-k8s --trust
juju integrate canonical-livepatch-server-k8s:database postgresql-k8s:database
There is also an endpoint, named database-legacy
, which can be used with PostgreSQL charm’s legacy endpoint, db
. But it is strongly recommended that users integrate with the database
endpoint mentioned earlier.
Nginx ingress (nginx-route
)
Livepatch provides an endpoint, named nginx-route
, which can be integrated with the nginx-ingress-integrator
charm to expose the Livepatch server via an Nginx-controlled cluster ingress. As an example, users can integrate with this endpoint by using Juju as follows:
juju integrate canonical-livepatch-server-k8s:nginx-route nginx-ingress-integrator:nginx-route
Loki (optional)
Livepatch can be optionally integrated with Loki via the log-proxy
endpoint. Users can integrate other applications with this endpoint by using Juju as follows:
juju integrate canonical-livepatch-server-k8s:log-proxy loki-k8s:logging
Grafana dashboard (optional, provides)
Livepatch provides observability dashboards on Grafana. Users can monitor the status of the running Livepatch server via many metrics, including (but not limited to):
- Rate of HTTP response status codes (e.g., 200, 404, or 403) for a range of percentile values.
- Rate of incoming HTTP requests per second.
- Database metrics (i.e., errors and response times).
For this purpose, there is an endpoint, named grafana-dashboard
, which implements the grafana_dashboard
interface and can be integrated with Grafana. Users can integrate other applications with this endpoint by using Juju as follows:
juju integrate canonical-livepatch-server-k8s:grafana-dashboard grafana-k8s:grafana-dashboard
Prometheus (optional, provides)
Users can integrate Livepatch server with Prometheus to have it scrape the metrics. For this purpose, there is an endpoint, named metrics-endpoint
, which implements the prometheus_scrape
interface and can be integrated with Prometheus. Users can integrate other applications with this endpoint by using Juju as follows:
juju integrate canonical-livepatch-server-k8s:metrics-endpoint prometheus-k8s:metrics-endpoint
OCI Image
This charm uses an OCI image, built as a ROCK and published on GitHub Container Registry (GHCR) as ghcr.io/canonical/livepatch-server
.
Documentation
For more detailed instructions on deploying Livepatch server, please see the documentation for this service, available on the Livepatch website.
Contributing
Please see the Juju SDK documentation for more information about developing and improving charms and Contributing for developer guidance.
License
The Livepatch K8s charm is free software, distributed under the Apache Software License, version 2.0. See License for more details.