Skip to content

Patching

Patching is the process to repair a vulnerability or flaw that is identified after the release of an application or a software. In other words, it’s a software update for existing applications or operating systems to fix bugs or security vulnerabilities in a timely manner.

Cloud-Accelerated & Linked Data Platform#

Patching is done automatically on the deployed virtual machines. Every week on Sunday, the instances of the environment will be patched and rebooted to make sure that the infrastructure remains up to date. Additionally, there is a daily check to install security patches that do not require reboots.

Note: Please note that any deviation from the standard Patching management strategy above described always needs to be specifically requested and agreed with the ECDP Team.

Cloud Agnostic#

The services deployed on the Cloud-Agnostic platform are hosted on AWS EKS clusters that exist out of worker nodes, therefore patching happens in different stages.

Since it is hosted by AWS, the EKS part itself is managed by AWS and, therefore, done automatically by them. The worker nodes are DIGIT’s responsibility and are therefore manually patched by us.

The EKS platform is committed to support at least 4 production-ready versions of Kubernetes anywhere from every 4 to 9 months. The recommended interval for cluster updates in their Kubernetes version is, therefore, every 9 months. This includes proper testing and validation.

EKS optimized Linux AMIs are released anywhere from 2 to 3 times per month by AWS. They usually include security patches and platform improvements that could help avoid potential bugs and performance issues. Updating therefore happens every 3 months.

Similar to Cloud-Accelerated & Linked Data Platform, virtual machines in Cloud-Agnostic are regularly patched.