A paranoid solution would be to:
- copy the containers to a test host running the new kernel,
- start the containers in isolation (e.g. routing disabled, or
iptables
rule to block outgoing traffic), - check that everything is OK,
- if it works, roll out the kernel upgrade on the production hosts.
This is quite easy with Docker, since you can docker push
your containers from the production setup and docker pull
them from the test setup.
But generally speaking, as long as you're upgrading, you should be fine. If you downgrade to an older kernel version (e.g. 3.8+ to <3.8) you might see some issues, but it's not related to the downgrade operation; it's just that pre-3.8 kernels have issues with namespaces (except when relevant patches have been backported).