Public preview: AKS NodeOSUpgrade channel
Published date: March 01, 2023
NodeOSUpgrade channel is a new channel that runs complementary to the existing AutoUpgrade Channel today. Customers can use this channel to disable unattended upgrades and put a maintenance schedule without worrying about Kured for security patches. They can run Node image upgrades in tandem with major Kubernetes auto upgrade channels like Stable, Rapid etc. The Node OS Upgrade channel also gets its own scheduler that runs parallel to the auto upgrade channel schedule.
NodeOSUpgrade channel has the following 4 options and will work in tandem with Auto upgrade channel:
- None: No security patches at all, Unattended upgrades set to off.
- Unmanaged: Current setting of 'Unattended upgrades' i.e nightly canonical security patches with no maintenance window on them.
- SecurityPatch: Allows AKS to roll out canonical security updates in a weekly cadence (default) or better in customer configured maintenance schedule. There is no need to maintain Kured as AKS will decide to reimage nodes as and when there is a 'Kernel reboot' needed for the patches within the maintenance window.
- NodeImage: Provides a fresh weekly (default) node image (VHD) to the VM with all the up to date security patches or in a schedule & cadence of your choice if given.