Hi Jeff!

1. CycleOS is an atomically built OS where everything is statically compiled before ever distributed. The only updates that occur on these nodes are to the Cycle agent, and other services. Those are also statically compiled binaries.
2. Kernel updates only occur at server reboot at this time. Historically, we've updated the kernel about twice a year. Since kernel updates occur at reboot, it's entirely up to you when you'd like to do them.
3. Outside of the kernel, the Cycle services will get auto-updated whenever we push an update live. Usually, this occurs every 2-3 weeks -- though may occasionally vary depending on features we're building. These updates don't typically introduce any downtime, unless we mark the update as 'major' update -- which issues staggered restarts. We haven't published an update that has required downtime since 2022 -- and that downtime was ~12 seconds.
4. CycleOS is based on Alpine

Hope this helps!

That's great Jake. So I assume for #2, the go forward process for updating their kernels is to 'evac nodes; restart ; sanity and reintroduce into the pool'.

You can do that. Or, if your containers are running in HA mode, and you have more than 1 LB, you should be able to just restart the node without even evacuating. Some of your instances will be inaccessible, but Cycle is built to work with that. Only if you were to have services hosted exclusively on that node would it become an issue of downtime.