This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 16%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Azure Kubernetes cluster -
We would like to understand if the OS upgrades and patching of the Virtual machine scale sets created as part of AKS deployment are performed automatically or should those be manually upgraded. This applies for both Linux/Windows node pools.
As per the Virtual machine scale sets documentation (https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade) only a set of images are supported for OS upgrades with specific publisher name (for instance Microsoft Corporation).
However, the AKS deployed VMSS image publisher is (microsoft-aks) and since its not listed in the supported published images, do we need to manually perform OS upgrades and patching.
We could see the Vmss deployed by AKS cluster shows the this information "Automatic OS upgrades are not available for the image used by this scale set." under Operating system details.
Azure Kubernetes documentation below provides details on how to upgrade node pools and automate.
https://learn.microsoft.com/en-us/azure/aks/node-image-upgrade
https://learn.microsoft.com/en-us/azure/aks/node-upgrade-github-actions
Please let us know if AKS manages OS upgrades and Patching for which images / scenarios and in which cases should the manual node upgrades should be performed.
@Satish Any update on the issue?
If the suggested response helped you resolve your issue, do click on "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community.
Thanks.
Please check this project kured: https://learn.microsoft.com/en-us/azure/aks/node-updates-kured
Thanks for the details.
Is there an automated solution for upgrading the windows OS images and patches for windows node pools in AKS cluster.
@Satish Apologies for delay in response and all the inconvenience caused because of the issue.
I had discussion with our internal team which took time.
AKS automatically applies security patches daily. The only action needed from the customer is to reboot nodes when needed (e.g. Kernel patches require a reboot to take effect). The documents you link above about node image upgrade details the process to update the VM image so that you can get updates such as new Python point release, or bugfixes etc, which aren't critical for running containers.
There's no "VMSS only" experience currently you can enable, there's the AKS solution + OSS.
Also there is a workitem underway to enhance the documentation based on functionality around VMSS in AKS.
Hope it helps!!!!
Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.
@Satish Any update on the issue?
If the suggested response helped you resolve your issue, do click on "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community.
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 27%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Hi
Just to confirm my understanding on this, we don't need to take any action to apply security upgrades and AKS takes care of all the patching by itself. Can you please let me know?
