3

I started using the AKS service with 3 nodes setup. As I was curious I peeked at the provisioned VMs which are used as nodes. I noticed I can get root on these and that there need to be some updates installed. As I couldn't find anything in the docs, my question is: Who is in charge of managing the AKS nodes (vms).

Do I have to do this myself or what is the idea here?

Thank you in advance.

Vikranth S
  • 481
  • 5
  • 10
azen
  • 39
  • 2
  • 1
    You. Microsoft is only patching the management nodes. – evilSnobu Jan 30 '18 at 22:49
  • @evilSnobu thx for the reply. Do you have a source for this information. Also I'm confused because I can upgrade the kubernetes software of the nodes via the a cli. – azen Jan 31 '18 at 20:40
  • There is support for OS updates built into ScalabilitySets. I think it's Preview now, but perhaps AKS could be made to take advantage of ScaleSets and get this feature. For now maybe you are completely on your own. – BrettRobi Feb 01 '18 at 21:39

1 Answers1

2

Azure automatically applies security patches to the nodes in your cluster on a nightly schedule. However, you are responsible for ensuring that nodes are rebooted as required. You have several options for performing node reboots:

  1. Manually, through the Azure portal or the Azure CLI.
  2. By upgrading your AKS cluster. Cluster upgrades automatically cordon and drain nodes, then bring them back up with the latest Ubuntu image. Update the OS image on your nodes without changing Kubernetes versions by specifying the current cluster version in az aks upgrade.
  3. Using Kured, an open-source reboot daemon for Kubernetes. Kured runs as a DaemonSet and monitors each node for the presence of a file indicating that a reboot is required. It then manages OS reboots across the cluster, following the same cordon and drain process described earlier.
Karishma Tiwari - MSFT
  • 1,455
  • 9
  • 16