Hi Alex,
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
As per my understanding, this behavior is expected after an upgrade, especially if you have deployed new applications or changed configurations post-upgrade. However, if you're not experiencing any issues with connectivity or performance, it might just be part of the system's normal operations.
AKS might be continually assessing the health and compliance of network configurations. If any discrepancies are identified, the NSG might be updated automatically even if no significant manual changes were made.
AKS may be adjusting NSGs to ensure that network policies and rules align with the new Kubernetes version's requirements or features.
If you are concerned about not having visibility into the specific changes being made to the NSG, you can take the following actions:
- Azure Activity Logs: Monitor the Azure Activity Log to see if there are any records of the changes occurring to your NSG and gain insights into what actions are being taken.
- NSG Flow Logs: Enable NSG Flow Logs to capture detailed traffic logs and gain better insights into the network traffic through your NSGs, which may help identify why updates are being made.
Additional document: https://learn.microsoft.com/en-us/azure/aks/concepts-network
If you have any further queries, do let us know.
If the answer is helpful, please click "Upvote it."