Canonical Livepatch Server (K8s Charm)

Description

The Livepatch K8s charm is the easiest and the recommended way to deploy the Livepatch server on K8s. This charm configures and runs the Livepatch server, which serves Livepatch-es and metadata attached to them to the clients. Canonical Livepatch patches high and critical linux kernel vulnerabilities, removing the immediate need to reboot to upgrade the kernel, instead allowing the downtime to be scheduled. It is a part of the Ubuntu Pro offering.

For users who want to deploy an entire Livepatch on-prem server (including its dependencies), it is recommended to use the k8s/stable channel of the bundle made for this purpose. For more detailed steps on using the bundle, please see the tutorials on the Livepatch website.

Usage

The Livepatch server may be deployed using the Juju command line as follows:

juju deploy canonical-livepatch-server-k8s

Integrations

Database

Livepatch server requires integration with a PostgreSQL charm via the database endpoint. As an example, users can deploy a PostgreSQL database and integrate it with Livepatch as follows:

juju deploy postgresql-k8s --trust
juju integrate canonical-livepatch-server-k8s:database postgresql-k8s:database

There is also an endpoint, named database-legacy, which can be used with PostgreSQL charm’s legacy endpoint, db . But it is strongly recommended that users integrate with the database endpoint mentioned earlier.

Nginx ingress (nginx-route)

Livepatch provides an endpoint, named nginx-route, which can be integrated with the nginx-ingress-integrator charm to expose the Livepatch server via an Nginx-controlled cluster ingress. As an example, users can integrate with this endpoint by using Juju as follows:

juju integrate canonical-livepatch-server-k8s:nginx-route nginx-ingress-integrator:nginx-route

Loki (optional)

Livepatch can be optionally integrated with Loki via the log-proxy endpoint. Users can integrate other applications with this endpoint by using Juju as follows:

juju integrate canonical-livepatch-server-k8s:log-proxy loki-k8s:logging

Grafana dashboard (optional, provides)

Livepatch provides observability dashboards on Grafana. Users can monitor the status of the running Livepatch server via many metrics, including (but not limited to):

• Rate of HTTP response status codes (e.g., 200, 404, or 403) for a range of percentile values.
• Rate of incoming HTTP requests per second.
• Database metrics (i.e., errors and response times).

For this purpose, there is an endpoint, named grafana-dashboard, which implements the grafana_dashboard interface and can be integrated with Grafana. Users can integrate other applications with this endpoint by using Juju as follows:

juju integrate canonical-livepatch-server-k8s:grafana-dashboard grafana-k8s:grafana-dashboard

Prometheus (optional, provides)

Users can integrate Livepatch server with Prometheus to have it scrape the metrics. For this purpose, there is an endpoint, named metrics-endpoint, which implements the prometheus_scrape interface and can be integrated with Prometheus. Users can integrate other applications with this endpoint by using Juju as follows:

juju integrate canonical-livepatch-server-k8s:metrics-endpoint prometheus-k8s:metrics-endpoint

OCI Image

This charm uses an OCI image, built as a ROCK and published on GitHub Container Registry (GHCR) as ghcr.io/canonical/livepatch-server.

Documentation

For more detailed instructions on deploying Livepatch server, please see the documentation for this service, available on the Livepatch website.

Contributing

Please see the Juju SDK documentation for more information about developing and improving charms and Contributing for developer guidance.

License

The Livepatch K8s charm is free software, distributed under the Apache Software License, version 2.0. See License for more details.