Greetings and welcome back for the next episode of the Replicated Runthrough series. This time we’re going to discuss Outdated.sh, an open source kubectl plugin that finds and reports outdated cluster images.
Outdated repeatedly queries readable pods in all readable namespaces, looking for the podspec of container images and any init container images. Outdated then uses the content sha of each image to disambiguate between different versions pushed with the same tag.
Once results are collected and de-duplicated, Outdated anonymously connects to the originating image repository and requests a list of tags. These tags are then used to analyze the release date of images running in your cluster. Images that follow strict semver naming conventions are simply sorted to stdout, with extremely out-of-date images marked in red, somewhat out-of-date images in yellow, and the most recent releases in green – just like a stoplight.
If the image in question does *not* follow semver naming convention, Outdated will collect and sort tag dates from the manifest, then sort to find any tag that was pushed after the tag is running.
Outdated, like just about every other project in the Replicated catalog, works exactly like you would expect it to – the plugin reads through all container images accessible to the user running the plugin to identify the image release date. This can either be done through timestamps, image tags, or by image naming convention. Once it figures out when the image in use has been created, Outdated then queries the originating container registry or registries that the image(s) were pulled from and compares the date information from your cluster image to the latest tag, timestamp, or name available in the said registry.
Using all of this data, Outdated prints out a color-coded list showing which images have updates available and how far behind the images you’re using currently are to the terminal screen. The latest images are highlighted in green. If the image in question is 1-3 releases behind, it will be highlighted in yellow. If it’s more than 3 releases behind, it will be highlighted in red. From there, you or your cluster administrator can determine which images need the most urgent updates, then formulate a game plan to roll out said updates in a way that will be least detrimental to you and/or your clients.
If you’d like to give Outdated a try, head on over to the rad new website for more information on how the plugin works, installation instructions, contributor info (hint, hint), and more. If you’re enjoying the Replicated Runthrough series, stay tuned for the next edition which should be released shortly. See you then!