Managing AKS Updates
Published 05 July 2024
AKS has three items to update.
- Kubernetes version.
- Node OS Security patches.
- Node image version upgrades. This includes the security patches from item 2.
Kubernetes version
The Kubernetes version should be upgraded only to versions Redgate Clone supports.
It's recommended to manually upgrade because AKS will choose versions that have not been tested with Redgate Clone.
To update Kubernetes, go to the AKS resource group, click on the AKS service, go to the settings and click on Cluster configuration.
When manually upgrading, AKS lets you upgrade one major version at a time. Please allow some time between upgrades to major versions.
If the update seems to have gone wrong, this command may fix it:
az resource update --name <cluster-name> --namespace Microsoft.ContainerService --resource-group <aks-service-resource-group> --resource-type ManagedClusters --subscription <aks-service-subscriptions>
Node OS Security patches
Security patches are updated daily, but are not applied until the nodes are rebooted. AKS does not reboot the nodes. You must do it manually.
We do not recommend manually rebooting the nodes.
Turn off this feature. The node image version upgrades below include the security patches.
Node images version upgrades
Please turn this on by choosing "Node Image" for the managed security channel when creating the cluster.
This updates to the latest VM image, including security updates. New versions are usually available weekly.
If you choose the "Unmanaged" option, security updates are never done.