question

Satish-7295 avatar image
1 Vote"
Satish-7295 asked SureshBettadapur-4155 edited

Azure Kubernetes Service OS upgrades and Patching

Azure Kubernetes cluster -

We would like to understand if the OS upgrades and patching of the Virtual machine scale sets created as part of AKS deployment are performed automatically or should those be manually upgraded. This applies for both Linux/Windows node pools.

As per the Virtual machine scale sets documentation (https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade) only a set of images are supported for OS upgrades with specific publisher name (for instance Microsoft Corporation).

However, the AKS deployed VMSS image publisher is (microsoft-aks) and since its not listed in the supported published images, do we need to manually perform OS upgrades and patching.

We could see the Vmss deployed by AKS cluster shows the this information "Automatic OS upgrades are not available for the image used by this scale set." under Operating system details.

Azure Kubernetes documentation below provides details on how to upgrade node pools and automate.

https://docs.microsoft.com/en-us/azure/aks/node-image-upgrade
https://docs.microsoft.com/en-us/azure/aks/node-upgrade-github-actions

Please let us know if AKS manages OS upgrades and Patching for which images / scenarios and in which cases should the manual node upgrades should be performed.

azure-kubernetes-service
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

prmanhas-MSFT avatar image prmanhas-MSFT ·

@Satish-7295 Any update on the issue?

If the suggested response helped you resolve your issue, do click on "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community.

Thanks.


0 Votes 0 ·

2 Answers

dt1984 avatar image
0 Votes"
dt1984 answered Satish-7295 commented

Please check this project kured: https://docs.microsoft.com/en-us/azure/aks/node-updates-kured

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Satish-7295 avatar image Satish-7295 ·

Thanks for the details.

Is there an automated solution for upgrading the windows OS images and patches for windows node pools in AKS cluster.

0 Votes 0 ·
prmanhas-MSFT avatar image
0 Votes"
prmanhas-MSFT answered SureshBettadapur-4155 edited

@Satish-7295 Apologies for delay in response and all the inconvenience caused because of the issue.

I had discussion with our internal team which took time.

AKS automatically applies security patches daily. The only action needed from the customer is to reboot nodes when needed (e.g. Kernel patches require a reboot to take effect). The documents you link above about node image upgrade details the process to update the VM image so that you can get updates such as new Python point release, or bugfixes etc, which aren't critical for running containers.

There's no "VMSS only" experience currently you can enable, there's the AKS solution + OSS.

Also there is a workitem underway to enhance the documentation based on functionality around VMSS in AKS.

Hope it helps!!!!

Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.


· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

prmanhas-MSFT avatar image prmanhas-MSFT ·

@Satish-7295 Any update on the issue?

If the suggested response helped you resolve your issue, do click on "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community.

Thanks.

0 Votes 0 ·
SureshBettadapur-4155 avatar image SureshBettadapur-4155 ·

Hi

Just to confirm my understanding on this, we don't need to take any action to apply security upgrades and AKS takes care of all the patching by itself. Can you please let me know?
150907-aks-vmss-os-upgrade.jpg




0 Votes 0 ·
aks-vmss-os-upgrade.jpg (65.1 KiB)