Share via

Where can I find information about AKSUbuntu images used in AKS Nodepools and VMMS

Filipe Lima 1 Reputation point
2022-07-15T08:44:54.26+00:00

For security compliance a customer of mine is asking about images used in AKS, and there's no information anywhere, this Disk Images from AKSUbuntu are a blackbox.

I can't find anywhere the list of SKUs and URN related with those AKSUbuntu. Why is that? Where is the list of those images Azure is using?

Example below:

/subscriptions/{subid}/resourceGroups/AKS-Ubuntu/providers/Microsoft.Compute/galleries/AKSUbuntu/images/1804gen2containerd/versions/2022.06.08

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,146 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andriy Bilous 11,431 Reputation points MVP
    2022-07-15T13:28:58.307+00:00

    Hello @Filipe Lima

    Disk Images from AKSUbuntu are a blackbox because they are managed by Microsoft and Microsoft is fully responsible to patches and new images for image nodes

    AKS has Support Policies document that describes Microsoft's and user's responsibilities.

    Microsoft manages and monitors the following components through the control pane:

    • Kubelet or Kubernetes API servers
    • Etcd or a compatible key-value store, providing Quality of Service (QoS), scalability, and runtime
    • DNS services (for example, kube-dns or CoreDNS)
    • Kubernetes proxy or networking (except when BYOCNI is used)
    • Any additional add-ons or system component running in the kube-system namespace

    Some components, such as agent nodes, have shared responsibility, where users must help maintain the AKS cluster. User input is required, for example, to apply an agent node operating system (OS) security patch.

    Microsoft and users share responsibility for Kubernetes agent nodes where::

    • The base OS image has required additions (such as monitoring and networking agents).
    • The agent nodes receive OS patches automatically.
    • Issues with the Kubernetes control plane components that run on the agent nodes are automatically remediated.
    • These components include the below:
      Kube-proxy
      Networking tunnels that provide communication paths to the Kubernetes master components
      Kubelet
      Docker or containerd

    Customer responsibilities for AKS agent nodes:

    • To keep your agent node OS and runtime components patched, you should keep a regular node image upgrade schedule or automate it.
    • You're responsible to keep your clusters' kubernetes version updated and according to the AKS Kubernetes Support Version Policy.
    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.