AKS Node OS patching

Heorhii Teriaiev 50 Reputation points

Hi there,

We're using AKS with no explicitly chosen node OS security mechanism. We recently received an email from Microsoft with a subject 'Action recommended: Changes to the default OS security updates mechanism'. It suggests the following:

In order to keep your clusters secure, AKS strongly recommends using and proactively moving to auto-upgrade node-image or node OS upgrade channel - SecurityPatch; you can set maintenance windows for these channels. 

The first option (https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-node-image) is a feature that is still in preview state. Is this correct? Are you suggesting to use the preview feature for production systems or is it just a doc that hasn't been updated yet?



Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,561 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Deepanshu katara 1,115 Reputation points

    Hope you are having a good day.

    To answer your query please check below

    AKS preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available," and they're excluded from the service-level agreements and limited warranty. AKS previews are partially covered by customer support on a best-effort basis. As such, these features aren't meant for production use. For more information, see the following support articles:

    0 comments No comments