aks-baseline icon indicating copy to clipboard operation
aks-baseline copied to clipboard

Published 20 hours ago verified publisher icon mspnp

feat (cluster): [day2-ops] node update configuration

Open ferantivero opened this issue 1 year ago • 1 comments

  • remove Kubernetes Reboot Daemon (Kured)
  • enable node update channel for K9s version automatic upgrades
  • enable node os level update channel for OS security automatic upgrades
  • add some initial guidance to the docs

ferantivero avatar Feb 22 '24 17:02 ferantivero

Some explanation: I could not get it to deploy as-is and had to make those two changes in cluster-stamp.bicep

Apparently there's a known bug with the configuration of "SecurityPatch & node-image" so we will need to go with "NodeImage & node-image"

skabou avatar Mar 08 '24 20:03 skabou

Here's some context on the bug: https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-node-os-image#node-channel-known-bugs

"Currently, when you set the cluster auto-upgrade channel to node-image, it also automatically sets the node OS auto-upgrade channel to NodeImage. You can't change node OS auto-upgrade channel value if your cluster auto-upgrade channel is node-image. In order to set the node OS auto-upgrade channel value, check the cluster auto-upgrade channel value isn't node-image."

I know a handful of other changes were made to support the preview feature SecurityPatch but those may not be necessary now.

skabou avatar Mar 11 '24 13:03 skabou

@ferantivero Looking good! Can you add some guidance / an example of a maintenance window for the updates? Thanks

For reference: https://learn.microsoft.com/en-us/azure/architecture/operator-guides/aks/aks-upgrade-practices#automatic-node-image-upgrades https://learn.microsoft.com/en-us/azure/aks/planned-maintenance#creating-a-maintenance-window

skabou avatar Mar 11 '24 15:03 skabou

@ferantivero Looking good! Can you add some guidance / an example of a maintenance window for the updates? Thanks

For reference: https://learn.microsoft.com/en-us/azure/architecture/operator-guides/aks/aks-upgrade-practices#automatic-node-image-upgrades https://learn.microsoft.com/en-us/azure/aks/planned-maintenance#creating-a-maintenance-window

sure thing @skabou, we added both k8s and os level maint config windows.

done | from 1c82e86873cd92608943cf8afc8925769a0e50ae

ferantivero avatar Mar 11 '24 18:03 ferantivero

Approved with some text suggestions

really appreciate all contribs @skabou, accepted them all.

ferantivero avatar Mar 11 '24 21:03 ferantivero

@ferantivero Really appreciate your work on this!

skabou avatar Mar 12 '24 00:03 skabou

👍

skabou avatar Mar 20 '24 17:03 skabou

🎉

skabou avatar Mar 21 '24 14:03 skabou