Tutorial: Upgrade Azure Linux Container Host nodes
The Azure Linux Container Host ships updates through two mechanisms: updated Azure Linux node images and automatic package updates.
As part of the application and cluster lifecycle, we recommend keeping your clusters up to date and secured by enabling upgrades for your cluster. You can enable automatic node-image upgrades to ensure your clusters use the latest Azure Linux Container Host image when it scales up. You can also manually upgrade the node-image on a cluster.
In this tutorial, part five of five, you learn how to:
- Manually upgrade the node-image on a cluster.
- Automatically upgrade an Azure Linux Container Host cluster.
- Deploy Kured in an Azure Linux Container Host cluster.
Note
Any upgrade operation, whether performed manually or automatically, upgrades the node image version if not already on the latest. The latest version is contingent on a full AKS release, and can be determined by visiting the AKS release tracker.
Prerequisites
- In previous tutorials, you created and deployed an Azure Linux Container Host cluster. To complete this tutorial, you need an existing cluster. If you haven't done this step and would like to follow along, start with Tutorial 1: Create a cluster with the Azure Linux Container Host for AKS.
- You need the latest version of Azure CLI. Find the version using the
az --versioncommand. If you need to install or upgrade, see Install Azure CLI.
Manually upgrade your cluster
To manually upgrade the node-image on a cluster, you can run az aks nodepool upgrade:
az aks nodepool upgrade \
--resource-group testAzureLinuxResourceGroup \
--cluster-name testAzureLinuxCluster \
--name myAzureLinuxNodepool \
--node-image-only
Automatically upgrade your cluster
Auto-upgrade provides a set once and forget mechanism that yields tangible time and operational cost benefits. By enabling auto-upgrade, you can ensure your clusters are up to date and don't miss the latest Azure Linux Container Host features or patches from AKS and upstream Kubernetes.
Automatically completed upgrades are functionally the same as manual upgrades. The selected channel determines the timing of upgrades. When making changes to auto-upgrade, allow 24 hours for the changes to take effect.
To set the auto-upgrade channel on existing cluster, update the --auto-upgrade-channel parameter, similar to the following example, which automatically upgrades the cluster to the latest supported patch release of a previous minor version.
az aks update --resource-group testAzureLinuxResourceGroup --name testAzureLinuxCluster --auto-upgrade-channel stable
For more information on upgrade channels, see Using cluster auto-upgrade.
Enable automatic package upgrades
Similar to setting your clusters to auto-upgrade, you can use the same set once and forget mechanism for package upgrades by enabling the node-os upgrade channel. If automatic package upgrades are enabled, the dnf-automatic systemd service runs daily and installs any updated packages that have been published.
To set the node-os upgrade channel on existing cluster, update the --node-os-upgrade-channel parameter, similar to the following example, which automatically enables package upgrades. Note that for some settings of Node OS Upgrade Channel, dnf-automatic is disabled by default.
az aks update --resource-group testAzureLinuxResourceGroup --name testAzureLinuxCluster --node-os-upgrade-channel Unmanaged
Enable an automatic reboot daemon
To protect your clusters, security updates are automatically applied to Azure Linux nodes. These updates include OS security fixes, kernel updates, and package upgrades. Some of these updates require a node reboot to complete the process. AKS doesn't automatically reboot these nodes to complete the update process.
We recommend enabling an automatic reboot daemon, such as Kured, so that your cluster can reboot nodes that have taken kernel updates. To deploy the Kured DaemonSet in an Azure Linux Container Host cluster, see Deploy Kured in an AKS cluster.
Clean up resources
As this tutorial is the last part of the series, you may want to delete your Azure Linux Container Host cluster. The Kubernetes nodes run on Azure virtual machines and continue incurring charges even if you don't use the cluster. Use the az group delete command to remove the resource group and all related resources.
az group delete --name testAzureLinuxCluster --yes --no-wait
Next steps
In this tutorial, you upgraded your Azure Linux Container Host cluster. You learned how to:
- Manually upgrade the node-image on a cluster.
- Automatically upgrade an Azure Linux Container Host cluster.
- Deploy kured in an Azure Linux Container Host cluster.
For more information on the Azure Linux Container Host, see the Azure Linux Container Host overview.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for