Disable node automated updates by default

docs/operations/images.md

@@ -20,11 +20,12 @@ image: ssm:/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/e
 
 ## Security Updates
 
-Automated security updates are handled by kOps for Debian, Flatcar and Ubuntu distros. This can be disabled by editing the cluster configuration:
+As of kOps 1.35, automated security updates are disabled by default to minimize the risk that node updates disrupt the cluster. Instead, we recommend updating instance group images on a regular cadence.
+To enable automatic security updates for Debian, Flatcar, or Ubuntu, edit the cluster or instance group configuration to include:
 
 ```yaml
 spec:
-  updatePolicy: external
+  updatePolicy: automatic
 ```
 
 ## Distros Support Matrix

docs/releases/1.35-NOTES.md

@@ -6,6 +6,7 @@ This is a document to gather the release notes prior to the release.
 
 # Significant changes
 
+* Aautomated security updates are disabled by default to minimize the risk that node updates disrupt the cluster. Instead, we recommend updating instance group images on a regular cadence. To enable automatic security updates, set `spec.updatePolicy=automatic`.
 * `bridge-utils`, `conntrack`, `pigz`, `libltdl` are no longer installed by default.
 
 ## Some Feature

nodeup/pkg/model/tests/updateservicebuilder/automatic/tasks-updateservice.yaml

@@ -1,9 +1,4 @@
 contents: |
-  APT::Periodic::Update-Package-Lists "1";
-  APT::Periodic::Unattended-Upgrade "1";
-
-  APT::Periodic::AutocleanInterval "7";
+  APT::Periodic::Enable "0";
 path: /etc/apt/apt.conf.d/20auto-upgrades
 type: file
----
-Name: unattended-upgrades

nodeup/pkg/model/update_service.go

@@ -83,7 +83,7 @@ func (b *UpdateServiceBuilder) buildFlatcarSystemdService(c *fi.NodeupModelBuild
 func (b *UpdateServiceBuilder) buildDebianPackage(c *fi.NodeupModelBuilderContext) {
 	contents := ""
 	if b.NodeupConfig.UpdatePolicy == kops.UpdatePolicyExternal {
-		klog.Infof("UpdatePolicy requests automatic updates; skipping installation of package %q", debianPackageName)
+		klog.Info("UpdatePolicy requests disabling automatic updates")
 		contents = `APT::Periodic::Enable "0";
 `
 	} else {

pkg/apis/nodeup/config.go

@@ -300,7 +300,7 @@ func NewConfig(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) (*Confi
 	case cluster.Spec.UpdatePolicy != nil:
 		config.UpdatePolicy = *cluster.Spec.UpdatePolicy
 	default:
-		config.UpdatePolicy = kops.UpdatePolicyAutomatic
+		config.UpdatePolicy = kops.UpdatePolicyExternal
 	}
 
 	if cluster.InstallCNIAssets() {

pkg/model/tests/data/bootstrapscript_0.txt

@@ -140,7 +140,7 @@ cat > conf/kube_env.yaml << '__EOF_KUBE_ENV'
 CloudProvider: aws
 InstanceGroupName: testIG
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: fAxvqbU++fBpT6SIjMMeXWlQ4oHqL/M8N7AaaJkOPOM=
+NodeupConfigHash: wECPrns9CARGM3WE31kkaFo3kAwNXnnYxCCY4Jhxb7Q=
 
 __EOF_KUBE_ENV
 

pkg/model/tests/data/bootstrapscript_1.txt

@@ -140,7 +140,7 @@ cat > conf/kube_env.yaml << '__EOF_KUBE_ENV'
 CloudProvider: aws
 InstanceGroupName: testIG
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: N0d3Il7CeGYFi32ZDb4i3iftzUD6swJ3F/tZf8d1bZY=
+NodeupConfigHash: z6bfdyRlkEDKnk5mabyLJ/p7mrtK8za77ZODlekVLdc=
 
 __EOF_KUBE_ENV
 

pkg/model/tests/data/bootstrapscript_2.txt

@@ -140,7 +140,7 @@ cat > conf/kube_env.yaml << '__EOF_KUBE_ENV'
 CloudProvider: aws
 InstanceGroupName: testIG
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: N0d3Il7CeGYFi32ZDb4i3iftzUD6swJ3F/tZf8d1bZY=
+NodeupConfigHash: z6bfdyRlkEDKnk5mabyLJ/p7mrtK8za77ZODlekVLdc=
 
 __EOF_KUBE_ENV
 

pkg/model/tests/data/bootstrapscript_3.txt

@@ -140,7 +140,7 @@ cat > conf/kube_env.yaml << '__EOF_KUBE_ENV'
 CloudProvider: aws
 InstanceGroupName: testIG
 InstanceGroupRole: Node
-NodeupConfigHash: X6Di6WM7EcwYaitdtxqgDgb2VjQuX4gHgLLPBZUb6Hw=
+NodeupConfigHash: 4wsh2EFc8lEgquCkec3M7TU8uF31y+6GuBG5QB8ngBc=
 
 __EOF_KUBE_ENV
 

pkg/model/tests/data/bootstrapscript_4.txt

@@ -140,7 +140,7 @@ cat > conf/kube_env.yaml << '__EOF_KUBE_ENV'
 CloudProvider: aws
 InstanceGroupName: testIG
 InstanceGroupRole: Node
-NodeupConfigHash: FOtsEbu1CrMgt9fSSoK3X+UvdHnVKS4MmNRxjGmd40c=
+NodeupConfigHash: /Y8Da7MabjcqaqH+UsOj9mqKkaHOvXjUC/54uYqaQBM=
 
 __EOF_KUBE_ENV
 

pkg/model/tests/data/bootstrapscript_5.txt

@@ -140,7 +140,7 @@ cat > conf/kube_env.yaml << '__EOF_KUBE_ENV'
 CloudProvider: aws
 InstanceGroupName: testIG
 InstanceGroupRole: Node
-NodeupConfigHash: FOtsEbu1CrMgt9fSSoK3X+UvdHnVKS4MmNRxjGmd40c=
+NodeupConfigHash: /Y8Da7MabjcqaqH+UsOj9mqKkaHOvXjUC/54uYqaQBM=
 
 __EOF_KUBE_ENV
 

pkg/model/tests/data/nodeupconfig_0.txt

@@ -38,7 +38,7 @@ Networking:
       host: example.com
       port: 80
   nonMasqueradeCIDR: 10.100.0.0/16
-UpdatePolicy: automatic
+UpdatePolicy: external
 configStore: {}
 containerdConfig:
   logLevel: info

pkg/model/tests/data/nodeupconfig_1.txt

@@ -56,7 +56,7 @@ Networking:
       host: example.com
       port: 80
   nonMasqueradeCIDR: 10.100.0.0/16
-UpdatePolicy: automatic
+UpdatePolicy: external
 configStore: {}
 containerdConfig:
   logLevel: info

pkg/model/tests/data/nodeupconfig_2.txt

@@ -56,7 +56,7 @@ Networking:
       host: example.com
       port: 80
   nonMasqueradeCIDR: 10.100.0.0/16
-UpdatePolicy: automatic
+UpdatePolicy: external
 configStore: {}
 containerdConfig:
   logLevel: info

pkg/model/tests/data/nodeupconfig_3.txt

@@ -23,7 +23,7 @@ KubeletConfig:
 KubernetesVersion: 1.20.0
 Networking:
   nonMasqueradeCIDR: 10.100.0.0/16
-UpdatePolicy: automatic
+UpdatePolicy: external
 containerdConfig:
   logLevel: info
 usesLegacyGossip: false

pkg/model/tests/data/nodeupconfig_4.txt

@@ -41,7 +41,7 @@ KubeletConfig:
 KubernetesVersion: 1.20.0
 Networking:
   nonMasqueradeCIDR: 10.100.0.0/16
-UpdatePolicy: automatic
+UpdatePolicy: external
 containerdConfig:
   logLevel: info
 usesLegacyGossip: false

pkg/model/tests/data/nodeupconfig_5.txt

@@ -41,7 +41,7 @@ KubeletConfig:
 KubernetesVersion: 1.20.0
 Networking:
   nonMasqueradeCIDR: 10.100.0.0/16
-UpdatePolicy: automatic
+UpdatePolicy: external
 containerdConfig:
   logLevel: info
 usesLegacyGossip: false

tests/integration/update_cluster/additionalobjects/data/aws_launch_template_master-us-test-1a.masters.additionalobjects.example.com_user_data

@@ -126,7 +126,7 @@ ClusterName: additionalobjects.example.com
 ConfigBase: memfs://tests/additionalobjects.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: qO8T/0CMlveCg74111HDV55wc6djXLZ3H5ufUCod814=
+NodeupConfigHash: lHJOrZ2WyGPNkQEyLCrU9WpVW4kAvwvJM8uaiq0OBFY=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/additionalobjects/data/aws_launch_template_nodes.additionalobjects.example.com_user_data

@@ -149,7 +149,7 @@ ConfigServer:
   - https://kops-controller.internal.additionalobjects.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: frzkIIzqS2PcpaWfYzaoJxHGCavEgihuJrcd95nJTTM=
+NodeupConfigHash: xbfQr7wRZKkYXkFWIBRFYrrhMpiDHgP7wNBk7HsdHlw=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/additionalobjects/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -304,7 +304,7 @@ KubernetesVersion: 1.34.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
-UpdatePolicy: automatic
+UpdatePolicy: external
 channels:
 - memfs://tests/additionalobjects.example.com/addons/bootstrap-channel.yaml
 configStore:

tests/integration/update_cluster/additionalobjects/data/aws_s3_object_nodeupconfig-nodes_content

@@ -48,7 +48,7 @@ KubernetesVersion: 1.34.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
-UpdatePolicy: automatic
+UpdatePolicy: external
 containerdConfig:
   logLevel: info
   runc:

tests/integration/update_cluster/apiservernodes/data/aws_launch_template_apiserver.apiservers.minimal.example.com_user_data

@@ -126,7 +126,7 @@ ClusterName: minimal.example.com
 ConfigBase: memfs://clusters.example.com/minimal.example.com
 InstanceGroupName: apiserver
 InstanceGroupRole: APIServer
-NodeupConfigHash: /oOLCfzBYPA93MykbkH21yfK0QxPEhnM7Vb3R2fhSiM=
+NodeupConfigHash: aVlvKw0ZV3Q4jjFDuE8M8wu4LMw0J10gQWUWVxRW+Xc=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/apiservernodes/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data

@@ -126,7 +126,7 @@ ClusterName: minimal.example.com
 ConfigBase: memfs://clusters.example.com/minimal.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: W70yGWkJWTZP/vC2HkyagctTicWnHuyjH0/7LzHLyFU=
+NodeupConfigHash: eeAHKWJQwBosH7I/5cEIrbI6fApvAwkYLKMz1qh5cfY=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/apiservernodes/data/aws_launch_template_nodes.minimal.example.com_user_data

@@ -149,7 +149,7 @@ ConfigServer:
   - https://kops-controller.internal.minimal.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: 7S7zs81zX9f9Xz0jSiwfImOwBCezGrBAjDMPtbko6DA=
+NodeupConfigHash: /HiupzvggcPRyzyQvgpgXrpk7DIVueNs+9rSrxQv8YY=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/apiservernodes/data/aws_s3_object_nodeupconfig-apiserver_content

@@ -181,7 +181,7 @@ KubernetesVersion: 1.34.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
-UpdatePolicy: automatic
+UpdatePolicy: external
 configStore:
   keypairs: memfs://clusters.example.com/minimal.example.com/pki
   secrets: memfs://clusters.example.com/minimal.example.com/secrets

tests/integration/update_cluster/apiservernodes/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -302,7 +302,7 @@ KubernetesVersion: 1.34.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
-UpdatePolicy: automatic
+UpdatePolicy: external
 channels:
 - memfs://clusters.example.com/minimal.example.com/addons/bootstrap-channel.yaml
 configStore:

tests/integration/update_cluster/apiservernodes/data/aws_s3_object_nodeupconfig-nodes_content

@@ -47,7 +47,7 @@ KubernetesVersion: 1.34.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
-UpdatePolicy: automatic
+UpdatePolicy: external
 containerdConfig:
   logLevel: info
   runc:

tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data

@@ -126,7 +126,7 @@ ClusterName: minimal.example.com
 ConfigBase: memfs://clusters.example.com/minimal.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: v1G8dUnySTcFSgsLymYfHH8ceR3deEJ+CDyFZklRX5g=
+NodeupConfigHash: 9bgmMdOGsi+jS3AEWBYpLQdnqrKJpx5EQfL+o7+EEUg=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_nodes.minimal.example.com_user_data

@@ -149,7 +149,7 @@ ConfigServer:
   - https://kops-controller.internal.minimal.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: MBILso1750yJWFfuk5/KINzohd8nOsHTvT6sHBIZjgU=
+NodeupConfigHash: b84IIPZAx+12HoVRFmtFOA4rcBmMfSg25CBD5AqWNDs=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -301,7 +301,7 @@ KubernetesVersion: 1.32.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
-UpdatePolicy: automatic
+UpdatePolicy: external
 channels:
 - memfs://clusters.example.com/minimal.example.com/addons/bootstrap-channel.yaml
 configStore:

tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-nodes_content

@@ -48,7 +48,7 @@ KubernetesVersion: 1.32.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
-UpdatePolicy: automatic
+UpdatePolicy: external
 containerdConfig:
   logLevel: info
   runc:

tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data

@@ -126,7 +126,7 @@ ClusterName: bastionuserdata.example.com
 ConfigBase: memfs://clusters.example.com/bastionuserdata.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: 7+wnybDW4oYJgpgNVAtLKQVWAQmp0fEb9Xov93eS82A=
+NodeupConfigHash: U45+3h8TCoweClm7DCRj1tsRxwO4wGkqJIr/G5QjkWU=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_nodes.bastionuserdata.example.com_user_data

@@ -158,7 +158,7 @@ ConfigServer:
   - https://kops-controller.internal.bastionuserdata.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: FANkux+rK1aiybnVp/ZO1MBvskIh+blzH1/4K/cgkug=
+NodeupConfigHash: uwx9IK8MLO0mTkdkOAoKNsR+fn6BdI0OrTw6o7mr63Q=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-bastion_content

@@ -45,7 +45,7 @@ KubernetesVersion: 1.32.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
-UpdatePolicy: automatic
+UpdatePolicy: external
 containerdConfig:
   logLevel: info
   runc:

tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -300,7 +300,7 @@ KubernetesVersion: 1.32.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
-UpdatePolicy: automatic
+UpdatePolicy: external
 channels:
 - memfs://clusters.example.com/bastionuserdata.example.com/addons/bootstrap-channel.yaml
 configStore:

tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-nodes_content

@@ -48,7 +48,7 @@ KubernetesVersion: 1.32.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
-UpdatePolicy: automatic
+UpdatePolicy: external
 containerdConfig:
   logLevel: info
   runc:

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander-custom.example.com_user_data

@@ -126,7 +126,7 @@ ClusterName: cas-priority-expander-custom.example.com
 ConfigBase: memfs://clusters.example.com/cas-priority-expander-custom.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: E7oj2P6stXKMm/3jdm28b8Oovh7fmYYczO53w4SKFkg=
+NodeupConfigHash: Y8QA+y6HaPNhr9UErApxwXqDboIqJr8j4M0IseOqL1E=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-high-priority.cas-priority-expander-custom.example.com_user_data

@@ -149,7 +149,7 @@ ConfigServer:
   - https://kops-controller.internal.cas-priority-expander-custom.example.com:3988/
 InstanceGroupName: nodes-high-priority
 InstanceGroupRole: Node
-NodeupConfigHash: bgtvwzvZ8Ho4vI773GwFqkmDdmk/CdrLlAggjW7xpdI=
+NodeupConfigHash: Q0MN4RXhieeaJw2B963Dn9UMDxOpXKM3gs0VztFRWik=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-low-priority.cas-priority-expander-custom.example.com_user_data

@@ -149,7 +149,7 @@ ConfigServer:
   - https://kops-controller.internal.cas-priority-expander-custom.example.com:3988/
 InstanceGroupName: nodes-low-priority
 InstanceGroupRole: Node
-NodeupConfigHash: bgtvwzvZ8Ho4vI773GwFqkmDdmk/CdrLlAggjW7xpdI=
+NodeupConfigHash: Q0MN4RXhieeaJw2B963Dn9UMDxOpXKM3gs0VztFRWik=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes.cas-priority-expander-custom.example.com_user_data

@@ -149,7 +149,7 @@ ConfigServer:
   - https://kops-controller.internal.cas-priority-expander-custom.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: bgtvwzvZ8Ho4vI773GwFqkmDdmk/CdrLlAggjW7xpdI=
+NodeupConfigHash: Q0MN4RXhieeaJw2B963Dn9UMDxOpXKM3gs0VztFRWik=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -300,7 +300,7 @@ KubernetesVersion: 1.32.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
-UpdatePolicy: automatic
+UpdatePolicy: external
 channels:
 - memfs://clusters.example.com/cas-priority-expander-custom.example.com/addons/bootstrap-channel.yaml
 configStore:

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-high-priority_content

@@ -47,7 +47,7 @@ KubernetesVersion: 1.32.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
-UpdatePolicy: automatic
+UpdatePolicy: external
 containerdConfig:
   logLevel: info
   runc:

tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-low-priority_content

@@ -47,7 +47,7 @@ KubernetesVersion: 1.32.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
-UpdatePolicy: automatic
+UpdatePolicy: external
 containerdConfig:
   logLevel: info
   runc: