I am currently switching from docker compose to kubernetes. Along with that, I am changing from using the :latest tag on everything to explicit versions.

Now, it’s a lot of work to check all the GitHub pages for the releases and updating.

Is there some kind of dashboard that ideally would show me (per app) the version I am running vs. the current version from GitHub? (With a link to the release notes, while we are at it…).

Or is my workflow wrong to begin with? (Haven’t looked too deep into something like argocd, maybe that’s the answer?)

  • mac@lemm.eeEnglish
    1·
    2 hours ago

    I need something like this but I install bare metal over docker most of the time. As of now I just subscribe to RSS feeds for releases, but I’d like something I don’t personally need to remember

    I also have several machines at home (all run proxmox) and a VPS

  • vegetaaaaaaa@lemmy.worldEnglish
    1·
    2 hours ago

    I use RSS feeds, bump version numbers when a new release is out, git commit/push and the CI does the rest (or I’ll run the ansible playbook manually).

    I do check the release notes for breaking changes, and sometimes hold back updates for some time (days/weeks) when the release affects a “critical” feature, or when config tweaks are needed.

  • dfense@lemmy.worldOPEnglish
    3·
    5 hours ago

    Wow, thanks for all the great answers so far. As for why not latest:

    1. Read a lot online and read multiple times it’s “bad practice”
    2. Own experience: had latest on an app which crashed and wouldn’t come up again. Got the backup of the persistent volume back and then had the problem that latest at that point is not the same as latest when I spun it up. Actually had no idea which version I was running last and consequently what I would need to pull to fit my backup. In case I have to restore my cluster, this problem is multiplied.
    3. I run NixOS on everything, so I am clearly biased towards reproducibility.
    4. I am running Services for family and a fire brigade (nothing mission critical, just support stuff, but still…). Stability is important, as sometimes I do not have the time to immediately react to an issue. I prefer a lazy Sunday morning to update/fix and then leave it alone and stable.

    So, probably a combination of latest for low criticality and pinned on critical stuff (e.g. authentication, access, etc.)

    • i_am_not_a_robot@discuss.tchncs.deEnglish
      1·
      1 hour ago

      It is bad practice because of point 2 and if you have multiple replicas you can probably get different versions running simultaneously (never tried it). Get Rennovate. It creates PRs to increment the version number and it tries to give you the release notes right in the PR.

  • suicidaleggroll@lemm.eeEnglish
    51·
    7 hours ago

    Just FYI - you’re going to spend far, FAR more time and effort reading release notes and manually upgrading containers than you will letting them run :latest and auto-update and fixing the occasional thing when it breaks. Like, it’s not even remotely close.

    Pinning major versions for certain containers that need specific versions makes sense, or containers that regularly have breaking changes that require you to take steps to upgrade, or absolute mission-critical services that can’t handle a little downtime with a failed update a couple times a decade, but for everything else it’s a waste of time.

  • MangoPenguin@lemmy.blahaj.zoneEnglish
    5·
    7 hours ago

    I generally just use latest for most services. For critical stuff I pin the major version number. Also anything that doesn’t gracefully handle major version updates like Postgres and similar.

    If something breaks I fix it, or restore from the nightly backup if I can’t.

  • catloaf@lemm.eeEnglish
    4·
    9 hours ago

    RSS feed of the releases?

    Personally I just use latest and forget about it.

  • bla_bla_bla@feddit.orgEnglish
    2·
    9 hours ago

    Any reason why you want to switch to explicit releases? The only containers I use explicit releases on are databases.

  • just_another_person@lemmy.worldEnglish
    21·
    10 hours ago

    When using semantic versioning of anything, it’s an intention to run that specific version. AKA version pinning or locking. Meaning you DON’T want it automatically updating unless you do it manually.

    You especially don’t want this happening in a k8s cluster if you intend to run replicas with pulls enabled for obvious reasons.

    As for being notified of updates, there are some tools out there for this, but I believe they only check for pulling specific tags, or latest tag. The way container registries work wouldn’t make it obvious what exactly you’d want to update, because there is no concept of tag inheritance. This means if a new tag showed up in a repo, you wouldn’t know if it’s an update to your specific current version of aomething, or just another tag. They don’t work like packages in this sense.

  • Moonrise2473@feddit.itEnglish
    1·
    10 hours ago

    For the biggest projects I added the ICS files from endoflife.date

    So for example now I will increase version of nextcloud only when my calendar notifies me that it reached EOL (=exits beta status)

    For the smaller ones I have the same problem of you, targeting a specific version is not effortless and targeting :latest is not safe like the very useful Borg warehouse that had two consecutive breaking changes in how they manage Cron jobs…

    Or even lethal, like Zipline V4 isn’t compatible with the Zipline V3 database, and you’re supposed to do “export, wipe, import” BEFORE updating. But I was on :latest so… (luckily it was hosting just temporary data and it was easier to just delete everything and start again)

  • truxnell@aussie.zoneEnglish
    11·
    8 hours ago

    Definitely renovate it and keeping your code in a bit using gotops principles. When I run k8s I used flux to reconcile my reponstate to my clusters.