Canonical Livepatch Server K8S

By Commercial Systems

Architecture:

Base version:

Channel	Revision	Published	Runs on
latest/stable	27	13 Aug 2024	Ubuntu 22.04 Ubuntu 20.04
latest/candidate	36	13 Aug 2024	Ubuntu 22.04 Ubuntu 20.04
latest/beta	36	08 Aug 2024	Ubuntu 22.04 Ubuntu 20.04
latest/edge	37	04 Sep 2024	Ubuntu 22.04 Ubuntu 20.04

Learn to deploy on juju >

Platform:

Relevant links

Discuss this charm

Share your thoughts on this charm with the community on discourse.

Join the discussion

Canonical Livepatch Server (K8s Charm)

Description

The Livepatch K8s charm is the easiest and the recommended way to deploy the Livepatch server on K8s. This charm configures and runs the Livepatch server, which serves Livepatch-es and metadata attached to them to the clients. Canonical Livepatch patches high and critical linux kernel vulnerabilities, removing the immediate need to reboot to upgrade the kernel, instead allowing the downtime to be scheduled. It is a part of the Ubuntu Pro offering.

For users who want to deploy an entire Livepatch on-prem server (including its dependencies), it is recommended to use the k8s/stable channel of the bundle made for this purpose. For more detailed steps on using the bundle, please see the tutorials on the Livepatch website.

Usage

The Livepatch server may be deployed using the Juju command line as follows:

juju deploy canonical-livepatch-server-k8s

Integrations

Database

Livepatch server requires integration with a PostgreSQL charm via the database endpoint. As an example, users can deploy a PostgreSQL database and integrate it with Livepatch as follows:

juju deploy postgresql-k8s
juju integrate canonical-livepatch-server-k8s:database postgresql-k8s:database

There is also an endpoint, named database-legacy, which can be used with PostgreSQL charm’s legacy endpoint, db . But it is strongly recommended that users integrate with the database endpoint mentioned earlier.

Ingress

Livepatch provides an endpoint, named ingress, which can be integrated with ingress resources in K8s clusters, like Traefik. As an example, users can integrate other applications with this endpoint by using Juju as follows:

juju integrate canonical-livepatch-server-k8s:ingress traefik-k8s:ingress

Loki (optional)

Livepatch can be optionally integrated with Loki via the log-proxy endpoint. Users can integrate other applications with this endpoint by using Juju as follows:

juju integrate canonical-livepatch-server-k8s:log-proxy loki-k8s:logging

Grafana dashboard (optional, provides)

Livepatch provides observability dashboards on Grafana. Users can monitor the status of the running Livepatch server via many metrics, including (but not limited to):

Rate of HTTP response status codes (e.g., 200, 404, or 403) for a range of percentile values.
Rate of incoming HTTP requests per second.
Database metrics (i.e., errors and response times).

For this purpose, there is an endpoint, named grafana-dashboard, which implements the grafana_dashboard interface and can be integrated with Grafana. Users can integrate other applications with this endpoint by using Juju as follows:

juju integrate canonical-livepatch-server-k8s:grafana-dashboard grafana-k8s:grafana-dashboard

Prometheus (optional, provides)

Users can integrate Livepatch server with Prometheus to have it scrape the metrics. For this purpose, there is an endpoint, named metrics-endpoint, which implements the prometheus_scrape interface and can be integrated with Prometheus. Users can integrate other applications with this endpoint by using Juju as follows:

juju integrate canonical-livepatch-server-k8s:metrics-endpoint prometheus-k8s:metrics-endpoint

OCI Images

This charm uses the following OCI images:

Image	Purpose
`livepatch-server:latest`	HTTP server
`livepatch-schema-tool:latest`	Database migration tool