AKS upgrade to 1.29.7 triggers daily NSG update activity logs

Alex 395 Reputation points
2024-11-14T04:45:07.09+00:00

I recently upgraded from AKS 1.28 to 1.29.7 and after that, everyday I can see AKS is initiating updates to the NSG, but not displaying any change history, its like doing a poll check to the NSG.

Is this expected? If yes, what is it doing actually?

Thanks in advance.

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,187 questions
0 comments No comments
{count} votes

Accepted answer
  1. Akram Kathimi 1,201 Reputation points Microsoft Employee
    2024-11-14T08:33:53.22+00:00

    Hi @Alex ,

    Akram from the AKS support team here.

    This is actually a known issue, that will be fixed (no ETA yet).

    It is (exactly as you mentioned) doing a check to make sure the cluster configuration is working as intended.

    If you would like those updates to run on a specific time slot, you can use the planned maintenance config to set preferred time slots. 

    Hope this clears things up :).

    Please mark this as the answer if you find it to be helpful.

    Thank you.


1 additional answer

Sort by: Most helpful
  1. Mounika Reddy Anumandla 980 Reputation points Microsoft Vendor
    2024-11-14T06:51:50.6866667+00:00

    Hi Alex,

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    As per my understanding, this behavior is expected after an upgrade, especially if you have deployed new applications or changed configurations post-upgrade. However, if you're not experiencing any issues with connectivity or performance, it might just be part of the system's normal operations.

    AKS might be continually assessing the health and compliance of network configurations. If any discrepancies are identified, the NSG might be updated automatically even if no significant manual changes were made.

    AKS may be adjusting NSGs to ensure that network policies and rules align with the new Kubernetes version's requirements or features.
    If you are concerned about not having visibility into the specific changes being made to the NSG, you can take the following actions:

    • Azure Activity Logs: Monitor the Azure Activity Log to see if there are any records of the changes occurring to your NSG and gain insights into what actions are being taken.
    • NSG Flow Logs: Enable NSG Flow Logs to capture detailed traffic logs and gain better insights into the network traffic through your NSGs, which may help identify why updates are being made.

    Additional document: https://learn.microsoft.com/en-us/azure/aks/concepts-network

    If you have any further queries, do let us know.

    If the answer is helpful, please click "Upvote it."


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.