AKS Node OS patching

Heorhii Teriaiev 65 Reputation points
2023-08-28T11:14:32.77+00:00

Hi there,

We're using AKS with no explicitly chosen node OS security mechanism. We recently received an email from Microsoft with a subject 'Action recommended: Changes to the default OS security updates mechanism'. It suggests the following:

In order to keep your clusters secure, AKS strongly recommends using and proactively moving to auto-upgrade node-image or node OS upgrade channel - SecurityPatch; you can set maintenance windows for these channels. 

The first option (https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-node-image) is a feature that is still in preview state. Is this correct? Are you suggesting to use the preview feature for production systems or is it just a doc that hasn't been updated yet?

Cheers,

Gosha

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,073 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Deepanshukatara-6769 8,940 Reputation points
    2023-08-28T11:18:02.93+00:00

    Hope you are having a good day.

    To answer your query please check below

    AKS preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available," and they're excluded from the service-level agreements and limited warranty. AKS previews are partially covered by customer support on a best-effort basis. As such, these features aren't meant for production use. For more information, see the following support articles:

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.