Security and kernel updates in AKS
Some time ago at a user meeting about AKS: An interesting detail in the demos was that the AKS nodes automatically load updates for Ubuntu Linux but do not reboot on their own.
"To protect your clusters, security updates are automatically applied to Linux nodes in AKS. These updates include OS security fixes or kernel updates. Some of these updates require a node reboot to complete the process. AKS doesn't automatically reboot these Linux nodes to complete the update process...Some security updates, such as kernel updates, require a node reboot to finalize the process.
I asked the speaker what experience he has with this. He said that he knows two approaches to this:
- Some companies run the tool kured, which automatically reboots the nodes on demand.
- Others check the nodes automatically if a reboot is necessary, which can be seen from the existence of the file /var/run/reboot-required. Then they open a change ticket so that someone can take care of the reboot.