Security and kernel updates in AKS
1 min read

Security and kernel updates in AKS

Some time ago at a user meeting about AKS: An interesting detail in the demos was that the AKS nodes automatically load updates for Ubuntu Linux but do not reboot on their own.

Microsoft says :

"To protect your clusters, security updates are automatically applied to Linux nodes in AKS. These updates include OS security fixes or kernel updates. Some of these updates require a node reboot to complete the process. AKS doesn't automatically reboot these Linux nodes to complete the update process...Some security updates, such as kernel updates, require a node reboot to finalize the process.

I asked the speaker what experience he has with this. He said that he knows two approaches to this:

  • Some companies run the tool kured, which automatically reboots the nodes on demand.
  • Others check the nodes automatically if a reboot is necessary, which can be seen from the existence of the file /var/run/reboot-required. Then they open a change ticket so that someone can take care of the reboot.