Pod Image Versions

Update pods to the latest container version


The problem

When we first build a solution and deploy it into Kubernetes, we’re likely using the latest versions of everything, ensuring our dependencies are up-to-date, and all software is fully patched.

But what happens when the software has been running for a while? It’s easy to change a version number, but how do we know a new version has been released? How do we patch it across the entire cluster before attackers use published vulnerabilities to attack our cluster?

And how do we keep up with these new image versions across a fleet of microservices for software we didn’t build?

The solution

This Shoreline automation Op Pack continuously monitors public and your private registry for new image versions. When one is found, the deployment, StatefulSet, or DaemonSet is patched with the new image version. Then Shoreline kicks off a rolling restart of the application. If the pods crash or the image pull fails, Shoreline instantly restores to the original version and raises an alert. As the user clicks through to a Shoreline Runbook, they can experiment with the new image version, run integration tests, and determine the root cause of the upgrade failure.


Customer experience impact
Hackers can exploit published vulnerabilities
Occurrence frequency
Until the root cause is identified
Shoreline time to repair
1-2 minutes
Time to diagnose manually
1-4 hours
Cost impact
Time to repair manually
1-2 manual hours

Related Solutions