Bring Node os upgrade channel up GA from preview except security patch (

#24487) * bring nodeosimage up to GA except for security channel * Update managedClusters.json
Azure · Jun 25, 2023 · 1cd84de · 1cd84de
1 parent 91d353b
commit 1cd84de
Showing 1 changed file with 29 additions and 1 deletion.
diff --git a/...ce/resource-manager/Microsoft.ContainerService/aks/stable/2023-06-01/managedClusters.json b/...ce/resource-manager/Microsoft.ContainerService/aks/stable/2023-06-01/managedClusters.json
@@ -4547,7 +4547,7 @@
               },
               {
                 "value": "node-image",
-                "description": "Automatically upgrade the node image to the latest version available. Microsoft provides patches and new images for image nodes frequently (usually weekly), but your running nodes won't get the new images unless you do a node image upgrade. Turning on the node-image channel will automatically update your node images whenever a new version is available."
+                "description": "Automatically upgrade the node image to the latest version available. Consider using nodeOSUpgradeChannel instead as that allows you to configure node OS patching separate from Kubernetes version patching"
               },
               {
                 "value": "none",
@@ -4557,6 +4557,34 @@
           },
           "title": "The upgrade channel for auto upgrade. The default is 'none'.",
           "description": "For more information see [setting the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel)."
+        },
+        "nodeOSUpgradeChannel": {
+          "type": "string",
+          "enum": [
+            "Unmanaged",
+            "None",
+            "NodeImage"
+          ],
+          "x-ms-enum": {
+            "name": "nodeOSUpgradeChannel",
+            "modelAsString": true,
+            "values": [
+              {
+                "value": "None",
+                "description": "No attempt to update your machines OS will be made either by OS or by rolling VHDs. This means you are responsible for your security updates"
+              },
+              {
+                "value": "Unmanaged",
+                "description": "OS updates will be applied automatically through the OS built-in patching infrastructure. Newly scaled in machines will be unpatched initially and will be patched at some point by the OS's infrastructure. Behavior of this option depends on the OS in question. Ubuntu and Mariner apply security patches through unattended upgrade roughly once a day around 06:00 UTC. Windows does not apply security patches automatically and so for them this option is equivalent to None till further notice"
+              },
+              {
+                "value": "NodeImage",
+                "description": "AKS will update the nodes with a newly patched VHD containing security fixes and bugfixes on a weekly cadence. With the VHD update machines will be rolling reimaged to that VHD following maintenance windows and surge settings. No extra VHD cost is incurred when choosing this option as AKS hosts the images."
+              }
+            ]
+          },
+          "title": "Node OS Upgrade Channel",
+          "description": "Manner in which the OS on your nodes is updated. The default is NodeImage."
         }
       },
       "description": "Auto upgrade profile for a managed cluster."