Some time ago at a user meeting about AKS: An interesting detail in the demos was that the AKS nodes automatically load updates for Ubuntu Linux but do not reboot on their own.

Microsoft says :

"To protect your clusters, security updates are automatically applied to Linux nodes in AKS. These updates include OS security fixes or kernel updates. Some of these updates require a node reboot to complete the process. AKS doesn't automatically reboot these Linux nodes to complete the update process...Some security updates, such as kernel updates, require a node reboot to finalize the process.

I asked the speaker about his experiences with this in more detail.

He said that he knows two approaches to this:

• Some companies run the tool kured, which automatically reboots the nodes on demand.

• Others check the nodes automatically if a reboot is necessary, which can be seen from the existence of the file /var/run/reboot-required. Then they open a change ticket so that someone can take care of the reboot.