Automatic updates

Container-Optimized OS images have the built-in capability to automatically upgrade to a newer version when released. This capability, when enabled, allows user instances to stay up-to-date with respect to security fixes and bug fixes.

When Container-Optimized OS is used as part of a managed service (for example, Google Kubernetes Engine, Cloud SQL, etc.), the managed service takes care of updating the Container-Optimized OS instance for the users. So, automatic updates are disabled on those by default.

Users running production workloads that are sensitive to kernel upgrades and require controlled qualification and rollout should also disable automatic updates. For more information, see the Disabling automatic updates section.

Disabling automatic updates

The automatic updates feature is enabled by default on all Container-Optimized OS images. The feature can be disabled by setting the cos-update-strategy metadata using one of the following ways:

Creating a new instance

gcloud compute instances create ... --metadata cos-update-strategy=update_disabled

Existing instance

gcloud compute instances add-metadata --metadata cos-update-strategy=update_disabled

Automatic update design

Container-Optimized OS uses an active-passive root partition scheme. The OS image is updated in its entirety, including the kernel, as opposed to package-by-package updates like on traditional Linux distributions. The image ships with the automatic updates feature enabled; this means that a default Container-Optimized OS instance always downloads the latest OS version and installs it on the passive partition soon after it's released.

Changes to automatic update behavior

The Container-Optimized OS team is actively working on improving our backend infrastructure that makes automatic updates possible. As part of these changes, we are rotating the keys used to sign and validate the update payloads. However, images released before the key rotation cannot be automatically updated to images released after the rotation. The affected list of images are as followings:

  • These images cannot be updated to latest versions:

    • On Milestone 77: images prior to cos-77-12371-1000-0
    • On Milestone 81: images prior to cos-81-12871-1000-0
    • On Milestone 85: images prior to cos-85-13310-1000-0
    • On Milestone 86: images prior to cos-dev-86-15053-0-0
  • These images will no longer receive any updates:

    • All milestones before 77, including any previously deprecated milestones.

Automatic updates will continue to work on all supported milestones for new releases.

Users using Container-Optimized OS as part of a managed service (for example, Google Kubernetes Engine, Cloud SQL, etc.) are not affected.

Users running standalone Container-Optimized OS versions with auto-update enabled will not see their instances getting updated to newer versions. We ask such users to manually choose newer OS versions by recreating their VM instances with the newer image.